Examples of GeoServerRole

org.geoserver.security.impl.GeoServerRole
Extends {@link GrantedAuthority} and represents an anonymous role If a user name is set, the role is personalized Example: the role ROLE_EMPLOYEE could have a role parameter EPLOYEE_NUMBER @author christian

Examples of org.geoserver.security.impl.GeoServerRole

        Authentication auth = ctx.getAuthentication();
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(username, auth.getPrincipal());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));
        assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(ticket));
        helper.ssoLogout();


        // check unknown user
        username = "unknown";
        password = username;
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, password);
        helper.ssoLogin();
        request = createRequest("/foo/bar");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        ticket =loginUsingTicket(helper, request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        assertFalse(response.wasRedirectSent());


        
        ctx = (SecurityContext) request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        assertNotNull(ctx);
        auth = ctx.getAuthentication();
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(ctx.getAuthentication());
        assertEquals(username, auth.getPrincipal());
        assertEquals(1, auth.getAuthorities().size());
        assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(ticket));
        helper.ssoLogout();


        // test root user
        username = GeoServerUser.ROOT_USERNAME;
        password = username;
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, password);
        helper.ssoLogin();


        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        request = createRequest("/foo/bar");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        ticket =loginUsingTicket(helper, request, response, chain);
        ctx = (SecurityContext) request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        assertFalse(response.wasRedirectSent());
        auth = ctx.getAuthentication();
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        // checkForAuthenticatedRole(auth);
        assertEquals(GeoServerUser.ROOT_USERNAME, auth.getPrincipal());
        assertTrue(auth.getAuthorities().size() == 1);
        assertTrue(auth.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));
        assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(ticket));
        helper.ssoLogout();


        // check disabled user
        username = "castest";
        password = username;
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, password);
        helper.ssoLogin();
        updateUser("ug1", username, false);
        request = createRequest("/foo/bar");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        ticket =loginUsingTicket(helper, request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        assertTrue(response.wasRedirectSent());
        redirectURL = response.getHeader("Location");
        assertTrue(redirectURL.contains("login"));
        ctx = (SecurityContext) request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        assertNull(ctx);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(ticket));
        updateUser("ug1", username, true);
        helper.ssoLogout();


        insertAnonymousFilter();
        request = createRequest("foo/bar");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();


        // test invalid ticket


        username = "castest";
        password = username;
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, password);
        helper.ssoLogin();


        request = createRequest("/foo/bar");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        ticket = helper.getServiceTicket(new URL(request.getRequestURL().toString()));
        ticket += "ST-A";
        request.setupAddParameter("ticket", ticket);
        request.setQueryString("ticket=" + ticket);


        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        assertTrue(response.wasRedirectSent());
        redirectURL = response.getHeader("Location");
        assertTrue(redirectURL.contains(GeoServerCasConstants.LOGIN_URI));        
        ctx = (SecurityContext) request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        assertNull(ctx);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(ticket));
        helper.ssoLogout();


        // test success with proxy granting ticket
        config.setProxyCallbackUrlPrefix(proxyCallbackUrlPrefix.toString());
        getSecurityManager().saveFilter(config);


        username = "castest";
        password = username;
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, password);
        helper.ssoLogin();


        request = createRequest("/foo/bar");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        ticket = helper.getServiceTicket(new URL(request.getRequestURL().toString()));
        request.setupAddParameter("ticket", ticket);
        request.setQueryString("ticket=" + ticket);
        getProxy().doFilter(request, response, chain);


        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
//        assertTrue(response.wasRedirectSent());
//        redirectUrl = response.getHeader("Location");
//        assertNotNull(redirectUrl);


        ctx = (SecurityContext) request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        assertNotNull(ctx);
        PreAuthenticatedAuthenticationToken casAuth = (PreAuthenticatedAuthenticationToken) ctx.getAuthentication();
        assertNotNull(casAuth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(casAuth);
        assertEquals(username,  casAuth.getPrincipal());
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(derivedRole)));
        Assertion  ass = (Assertion) request.getSession(true).getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); 
        assertNotNull(ass);
        String proxyTicket = ass.getPrincipal()
                .getProxyTicketFor("http://localhost/blabla");
        assertNotNull(proxyTicket);

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

        assertNotNull(casAuth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());


        checkForAuthenticatedRole(casAuth);
        assertEquals(username, casAuth.getPrincipal());
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(derivedRole)));
        assertNotNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));


        assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(ticket));
        helper.ssoLogout();


        // check unknown user


        username = "unknown";
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
        helper.ssoLogin();


        request = createRequest("wms");
        ticket = helper.getServiceTicket(new URL(request.getRequestURL().toString()));
        assertNotNull(ticket);
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.setupAddParameter("ticket", ticket);
        request.setQueryString("ticket=" + ticket);
        request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        cache = getCache();
        casAuth = cache.get(casProxyFilterName, username);
        assertNotNull(casAuth);
        assertNotNull(casAuth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());


        checkForAuthenticatedRole(casAuth);
        assertEquals(username, casAuth.getPrincipal());
        assertEquals(1, casAuth.getAuthorities().size());
        assertNotNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));


        // check for disabled user
        getCache().removeAll();
        updateUser("ug1", "castest", false);


        username = "castest";
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
        helper.ssoLogin();


        request = createRequest("wms");
        ticket = helper.getServiceTicket(new URL(request.getRequestURL().toString()));
        assertNotNull(ticket);


        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.setupAddParameter("ticket", ticket);
        request.setQueryString("ticket=" + ticket);
        request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        cache = getCache();
        casAuth = cache.get(casProxyFilterName, ticket);
        assertNull(casAuth);
        assertNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
        assertNull(request.getSession(false));


        updateUser("ug1", "castest", true);
        helper.ssoLogout();


        // Test anonymous
        insertAnonymousFilter();
        request = createRequest("wms");
        request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();


        // test proxy granting ticket


        pconfig1.setProxyCallbackUrlPrefix(proxyCallbackUrlPrefix.toString());
        getSecurityManager().saveFilter(pconfig1);


                
        getCache().removeAll();
        username = "castest";
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
        authenticateWithPGT(helper);
        request = createRequest("wms");
        ticket = helper.getServiceTicket(new URL(request.getRequestURL().toString()));
        request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
        assertNotNull(ticket);


        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.setupAddParameter("ticket", ticket);
        getProxy().doFilter(request, response, chain);


        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        cache = getCache();
        casAuth = cache.get(casProxyFilterName, username);
        assertNotNull(casAuth);
        assertNotNull(casAuth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());


        checkForAuthenticatedRole(casAuth);
        assertEquals(username, casAuth.getPrincipal());
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(derivedRole)));


        String proxyTicket = ((Assertion) request.getAttribute(
                GeoServerCasConstants.CAS_ASSERTION_KEY)).getPrincipal().getProxyTicketFor(
                "http://localhost/blabla");

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

            TestingAuthenticationCache cache = getCache();
            Authentication casAuth = cache.get(casProxyFilterName, username);
            assertNotNull(casAuth);
            checkForAuthenticatedRole(casAuth);
            assertEquals(username, casAuth.getPrincipal());
            assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(rootRole)));
            assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(derivedRole)));
            assertNotNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
            assertNull(request.getSession(false));
        }
        assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
                .removeSessionByMappingId(proxyTicket));
        helper.ssoLogout();


        // check unknown user


        username = "unknown";
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
        ass = authenticateWithPGT(helper);
        for (int i = 0; i < 2; i++) {
            request = createRequest("wms");
            request.setQueryString("request=getCapabilities");
            proxyTicket = ass.getPrincipal().getProxyTicketFor(request.getRequestURL().toString() + "?" + request.getQueryString());
            assertNotNull(proxyTicket);
            response = new MockHttpServletResponse();
            chain = new MockFilterChain();
            request.setupAddParameter("ticket", proxyTicket);
            if (i==0) {
                request.setupAddParameter(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
                request.setQueryString(request.getQueryString()+"&ticket="+proxyTicket+"&"+GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT+"=false");
            } else {
                request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
                request.setQueryString(request.getQueryString()+"&ticket="+proxyTicket);
            }            
            getProxy().doFilter(request, response, chain);
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            TestingAuthenticationCache cache = getCache();
            Authentication casAuth = cache.get(casProxyFilterName, username);
            assertNotNull(casAuth);
            checkForAuthenticatedRole(casAuth);
            assertEquals(username, casAuth.getPrincipal());
            assertEquals(1, casAuth.getAuthorities().size());
            assertNotNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
            assertNull(request.getSession(false));


        }
        helper.ssoLogout();


        // check for disabled user
        getCache().removeAll();
        updateUser("ug1", "castest", false);


        username = "castest";
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
        ass = authenticateWithPGT(helper);
        request = createRequest("wms");
        proxyTicket = ass.getPrincipal().getProxyTicketFor(request.getRequestURL().toString());
        assertNotNull(proxyTicket);
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.setupAddParameter("ticket", proxyTicket);
        request.setupAddParameter(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
        request.setQueryString("ticket="+proxyTicket+"&"+GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT+"=false");


        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        TestingAuthenticationCache cache = getCache();
        Authentication casAuth = cache.get(casProxyFilterName, proxyTicket);
        assertNull(casAuth);
        assertNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
        assertNull(request.getSession(false));


        updateUser("ug1", "castest", true);
        helper.ssoLogout();


        // Test anonymous
        insertAnonymousFilter();
        request = createRequest("wms");
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();


        // test proxy granting ticket in proxied auth filter


        pconfig1.setProxyCallbackUrlPrefix(proxyCallbackUrlPrefix.toString());
        getSecurityManager().saveFilter(pconfig1);


        getCache().removeAll();
        username = "castest";
        helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
        ass = authenticateWithPGT(helper);
        request = createRequest("wms");
        proxyTicket = ass.getPrincipal().getProxyTicketFor(request.getRequestURL().toString());
        assertNotNull(proxyTicket);
        response = new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.setupAddParameter("ticket", proxyTicket);
        getProxy().doFilter(request, response, chain);


        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        cache = getCache();
        casAuth = cache.get(casProxyFilterName, username);
        assertNotNull(casAuth);
        checkForAuthenticatedRole(casAuth);
        assertEquals(username, casAuth.getPrincipal());
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(derivedRole)));
        proxyTicket = ((Assertion) request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY))
                .getPrincipal().getProxyTicketFor("http://localhost/blabla");


        assertNotNull(proxyTicket);
        helper.ssoLogout();

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

     * 
     * @param role
     * @throws IOException
     */
    public void checkRoleIsMapped(GeoServerRole role) throws IOException {
        GeoServerRole mappedRole = service.getAdminRole();
        if (mappedRole!=null && mappedRole.equals(role))
            throw createSecurityException(ADMIN_ROLE_NOT_REMOVABLE_$1, role.getAuthority());
        mappedRole = service.getGroupAdminRole();
        if (mappedRole!=null && mappedRole.equals(role))
            throw createSecurityException(GROUP_ADMIN_ROLE_NOT_REMOVABLE_$1, role.getAuthority());        
    }

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

        
        for (GeoServerRole roleObject : helper.roleMap.values()) {
            Element role = doc.createElement(E_ROLE_RR);
            rolelist.appendChild(role);
            role.setAttribute(A_ROLEID_RR, roleObject.getAuthority());
            GeoServerRole parentObject = helper.role_parentMap.get(roleObject);
            if (parentObject!=null) {
                role.setAttribute(A_PARENTID_RR, parentObject.getAuthority());
            }            
            for (Object key: roleObject.getProperties().keySet()) {
                Element property = doc.createElement(E_PROPERTY_RR);
                role.appendChild(property);
                property.setAttribute(A_PROPERTY_NAME_RR, key.toString());

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

    protected void checkNotExistingInOtherServices(String roleName) throws IOException{
        checkRoleName(roleName);
        for (String serviceName : service.getSecurityManager().listRoleServices()) {
            // dont check myself
            if (service.getName().equals(serviceName)) continue;
            GeoServerRole role = null;
            try {
              role = service.getSecurityManager().loadRoleService(serviceName).getRoleByName(roleName);
            } catch (IOException ex) {
              LOGGER.log(Level.WARNING,ex.getMessage(),ex);
              throw createSecurityException(CANNOT_CHECK_ROLE_IN_SERVICE,roleName,serviceName);

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

        return emptyMap;
    }


    @Override
    public GeoServerRole createRoleObject(String role) throws IOException {
        return new GeoServerRole(rolePrefix
                + (convertToUpperCase ? role.toUpperCase() : role)); 
    }

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

        store.store();


        GeoServerRoleService rservice = getSecurityManager().loadRoleService("default");
        GeoServerRoleStore rstore  = rservice.createStore();
        rstore.load();
        GeoServerRole no_one=rstore.createRoleObject("NO_ONE");
        rstore.addRole(no_one);
        GeoServerRole rcite=rstore.createRoleObject("cite");
        rstore.addRole(rcite);
        rstore.associateRoleToUser(rstore.createRoleObject("cite"), "cite");
        rstore.store();

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

                    userGroupStore.addUser(user);


                    for (GrantedAuthority auth : attr.getAuthorities()) {
                        String roleName = GeoServerRole.ADMIN_ROLE.getAuthority().equals(auth.getAuthority()) ?
                                XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE : auth.getAuthority();
                        GeoServerRole role = 
                            roleStore.getRoleByName(roleName);
                        if (role==null) {
                            role = roleStore.createRoleObject(roleName);
                            roleStore.addRole(role);
                        }
                        roleStore.associateRoleToUser(role, username);
                    }
                }
            }
        } else  {
            // no user.properties, populate with default user and roles
            if (userGroupService.getUserByUsername(GeoServerUser.ADMIN_USERNAME) == null) {
                userGroupStore.addUser(GeoServerUser.createDefaultAdmin());
                GeoServerRole localAdminRole = roleStore.createRoleObject(XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE); 
                roleStore.addRole(localAdminRole);
                roleStore.associateRoleToUser(localAdminRole, GeoServerUser.ADMIN_USERNAME);
            }
        }

View Full Code Here

Examples of org.geoserver.security.impl.GeoServerRole

                    Node propertyNode = propertyNodes.item(j);
                    String propertyName = xmlXPath.getPropertyNameExpression().evaluate(propertyNode);
                    String propertyValue = xmlXPath.getPropertyValueExpression().evaluate(propertyNode);
                    roleProps.put(propertyName, propertyValue);
                }
                GeoServerRole role =createRoleObject(roleName);                                
         
                role.getProperties().clear();       // set properties
                for (Object key: roleProps.keySet()) {
                    role.getProperties().put(key, roleProps.get(key));
                }
                helper.roleMap.put(roleName,role);
            }
            // second pass for hierarchy
            for ( int i=0 ; i <roleNodes.getLength();i++) {

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.