Examples of org.geoserver.security.GeoServerUserGroupService

• org.geoserver.security.GeoServerUserGroupService
  This interface is an extenstion to {@link UserDetailsService}A class implementing this interface implements a read only backend for user and group management @author christian

        LdapAuthoritiesPopulator authPopulator = null;
        LdapAuthenticationProvider provider = null;
        String ugServiceName = ldapConfig.getUserGroupServiceName();
        if (ugServiceName != null) {
            // use local user group service for loading authorities
            GeoServerUserGroupService ugService;
            try {
                ugService = securityManager.loadUserGroupService(ugServiceName);
                authPopulator = new UserDetailsServiceLdapAuthoritiesPopulator(
                        ugService);
                provider = new LdapAuthenticationProvider(authenticator,

        String principal = getPreAuthenticatedPrincipalName(request);
        if (principal!=null && principal.trim().length()==0)
            principal=null;
        try {
            if (principal!=null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource())) {
                GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName());
                GeoServerUser u = service.getUserByUsername(principal);
                if (u!=null && u.isEnabled()==false) {
                    principal=null;
                    handleDisabledUser(u, request);
                }

     * @throws IOException
     */
    protected Collection<GeoServerRole> getRolesFromUserGroupService(HttpServletRequest request, String principal) throws IOException{
        Collection<GeoServerRole> roles = new ArrayList<GeoServerRole>();

        GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName());
        UserDetails details=null;
        try {
             details = service.loadUserByUsername(principal);
        } catch (UsernameNotFoundException ex) {
            LOGGER.log(Level.WARNING,"User "+ principal + " not found in " + getUserGroupServiceName());
        }

        if (details!=null) {

        UserDetails details = null;

        if (userGroupServiceName!=null) {
            try {
                GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(userGroupServiceName);
                details = service.loadUserByUsername(user);
                if (details.isEnabled()==false) {
                    log (new DisabledException("User "+user+" is disabled"));
                    return null;
                }
            } catch (IOException ex ) {

    }

    @Test
    public void testAuthentificationWithUserGroupService() throws Exception {
        GeoServerRoleService roleService = createRoleService("jdbc2");
        GeoServerUserGroupService ugService = createUserGroupService("jdbc2");
        JDBCConnectAuthProviderConfig config = createAuthConfg("jdbc2", ugService.getName());
        getSecurityManager().saveAuthenticationProvider(config);
        GeoServerAuthenticationProvider provider = getSecurityManager().loadAuthenticationProvider("jdbc2");

        GeoServerUserGroupStore ugStore =  ugService.createStore();
        GeoServerUser sa = ugStore.createUserObject("sa", "", true);
        ugStore.addUser(sa);
        ugStore.store();

        GeoServerRoleStore roleStore =  roleService.createStore();
        roleStore.addRole(GeoServerRole.ADMIN_ROLE);
        roleStore.associateRoleToUser(GeoServerRole.ADMIN_ROLE, sa.getUsername());
        roleStore.store();
        getSecurityManager().setActiveRoleService(roleService);


        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("sa","");
        token.setDetails("details");
        assertTrue(provider.supports(token.getClass()));
        assertFalse(provider.supports(RememberMeAuthenticationToken.class));

        Authentication auth = provider.authenticate(token);
        assertNotNull(auth);
        assertEquals("sa", auth.getPrincipal());
        assertNull(auth.getCredentials());
        assertEquals("details", auth.getDetails());
        assertEquals(2, auth.getAuthorities().size());
        checkForAuthenticatedRole(auth);
        assertTrue(auth.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));


        // Test disabled user
        ugStore =  ugService.createStore();
        sa.setEnabled(false);
        ugStore.updateUser(sa);
        ugStore.store();

        assertNull(provider.authenticate(token));

        String user = m.group(1).replace("\\@", "@");
        String service = m.group(2);

        try {
            GeoServerUserGroupService ugService = securityManager.loadUserGroupService(service);
            return new RememberMeUserDetails(ugService.loadUserByUsername(user),service);
        } catch (IOException e) {
            throw new DataAccessException("Error loading user group service " + service, e) {};
        }
    }

    @Override
    public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
        UsernamePasswordAuthenticationProviderConfig upAuthConfig =
                (UsernamePasswordAuthenticationProviderConfig) config;

        GeoServerUserGroupService ugService =
            getSecurityManager().loadUserGroupService(upAuthConfig.getUserGroupServiceName());
        if (ugService == null) {
            throw new IllegalArgumentException("Unable to load user group service "
                + upAuthConfig.getUserGroupServiceName());
        }

            if (file.isAbsolute() &&
                file.getCanonicalPath().startsWith(
                        new File(manager.getUserGroupRoot(),config.getName()).getCanonicalPath()+File.separator)==false)
                return;
            // file in security sub dir, check if roles exists
            GeoServerUserGroupService service = manager.loadUserGroupService(config.getName());
            if (service.getGroupCount()>0 || service.getUserCount()>0) {
                throw createSecurityException(USERGROUP_SERVICE_NOT_EMPTY_$1, config.getName());
            }

        } catch (IOException e) {
            throw new RuntimeException();

        SecurityManagerConfig mconfig = getSecurityManager().loadSecurityConfig();
        mconfig.setRoleServiceName("rs1");
        getSecurityManager().saveSecurityConfig(mconfig);

        GeoServerUserGroupService ugservice = createUserGroupService("ug1");
        GeoServerUserGroupStore ugstore = ugservice.createStore();
        GeoServerUser u1 = ugstore.createUserObject(testUserName, testPassword, true);
        ugstore.addUser(u1);
        GeoServerUser u2 = ugstore.createUserObject("abc@xyz.com", "abc", true);
        ugstore.addUser(u2);
        GeoServerUser u3 = ugstore.createUserObject("castest", "castest", true);
        ugstore.addUser(u3);


        ugstore.store();

        GeoServerAuthenticationProvider prov = createAuthProvider(testProviderName, ugservice.getName());
        prepareAuthProviders(prov.getName());

    }

    protected void prepareFilterChain(String pattern, String... filterNames) throws Exception{
        prepareFilterChain(HtmlLoginFilterChain.class,pattern, filterNames);
    }

    protected void updateUser(String ugService, String userName,boolean enabled) throws Exception {
        GeoServerUserGroupService ugservice = getSecurityManager().loadUserGroupService(ugService);
        GeoServerUserGroupStore ugstore = ugservice.createStore();
        GeoServerUser u1 = ugstore.getUserByUsername(userName);
        u1.setEnabled(enabled);
        ugstore.updateUser(u1);
        ugstore.store();
    }