Examples of org.geoserver.security.config.X509CertificateAuthenticationFilterConfig

org.geoserver.security.config.X509CertificateAuthenticationFilterConfig
{@link GeoServerX509CertificateAuthenticationFilter} configuration object.
@author christian

         }
     }


    @Test
    public void testX509FilterConfigValidation() throws Exception{
        X509CertificateAuthenticationFilterConfig config = new X509CertificateAuthenticationFilterConfig();
        config.setClassName(GeoServerX509CertificateAuthenticationFilter.class.getName());
        config.setName("testX509");


        check((J2eeAuthenticationBaseFilterConfig) config);
    }

View Full Code Here

    }


    @Test
    public void testX509Auth() throws Exception{


        X509CertificateAuthenticationFilterConfig config = 
                new X509CertificateAuthenticationFilterConfig();        
        config.setClassName(GeoServerX509CertificateAuthenticationFilter.class.getName());        
        config.setName(testFilterName8);
        config.setRoleServiceName("rs1");
        config.setRoleSource(org.geoserver.security.config.X509CertificateAuthenticationFilterConfig.J2EERoleSource.RoleService);
        config.setUserGroupServiceName("ug1");        
        config.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(config);
        
        prepareFilterChain(pattern,
            testFilterName8);
        
        modifyChain(pattern, false, true,null);




        SecurityContextHolder.getContext().setAuthentication(null);
        
        // Test entry point                
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();                
        
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        SecurityContext ctx = (SecurityContext)request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);        
        assertNull(ctx);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        
        
        for (org.geoserver.security.config.X509CertificateAuthenticationFilterConfig.J2EERoleSource rs : 
            org.geoserver.security.config.X509CertificateAuthenticationFilterConfig.J2EERoleSource.values()) {
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();
            if (rs==J2EERoleSource.Header) {
                request.setHeader("roles", derivedRole+";"+rootRole);
            }
            if(rs==J2EERoleSource.J2EE) {                
                request.setUserInRole(derivedRole,true);
                request.setUserInRole(rootRole,false);
            }
            
            setCertifacteForUser(testUserName, request);                        
            getProxy().doFilter(request, response, chain);            
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            ctx = (SecurityContext)request.getSession(true).getAttribute(
                    HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);        
            assertNotNull(ctx);
            Authentication auth = ctx.getAuthentication();
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals(testUserName, auth.getPrincipal());
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));        
        }


        // unknown user
        for (org.geoserver.security.config.X509CertificateAuthenticationFilterConfig.J2EERoleSource rs : 
            org.geoserver.security.config.X509CertificateAuthenticationFilterConfig.J2EERoleSource.values()) {
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);


            config.setRoleSource(rs);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();
            if(rs==J2EERoleSource.J2EE) {                
                request.setUserInRole(derivedRole,false);
                request.setUserInRole(rootRole,false);
            }
            //TODO
            setCertifacteForUser("unknown", request);
            getProxy().doFilter(request, response, chain);            
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            ctx = (SecurityContext)request.getSession(true).getAttribute(
                    HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);        
            assertNotNull(ctx);
            Authentication auth = ctx.getAuthentication();
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals("unknown", auth.getPrincipal());
        }


        // test disabled user
        updateUser("ug1", testUserName, false);
        config.setRoleSource(org.geoserver.security.config.X509CertificateAuthenticationFilterConfig.J2EERoleSource.UserGroupService);
        getSecurityManager().saveFilter(config);
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        setCertifacteForUser(testUserName, request);

View Full Code Here

    }


    @Test
    public void testX509Auth() throws Exception{


        X509CertificateAuthenticationFilterConfig config = 
                new X509CertificateAuthenticationFilterConfig();        
        config.setClassName(GeoServerX509CertificateAuthenticationFilter.class.getName());        
        config.setName(testFilterName8);
        config.setRoleServiceName("rs1");
        config.setRoleSource(PreAuthenticatedUserNameRoleSource.RoleService);
        config.setUserGroupServiceName("ug1");
        config.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(config);
        
        prepareFilterChain(pattern,
            testFilterName8);




        SecurityContextHolder.getContext().setAuthentication(null);
        
        // Test entry point                
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();                
        
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        
        
        for (PreAuthenticatedUserNameRoleSource rs : 
            PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                request.setHeader("roles", derivedRole+";"+rootRole);
            }
            setCertifacteForUser(testUserName, request);                        
            getProxy().doFilter(request, response, chain);            
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                continue; // no cache
            }
            Authentication auth = getAuth(testFilterName8, testUserName,null,null);
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals(testUserName, auth.getPrincipal());
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));        
        }


        // unknown user
        for (PreAuthenticatedUserNameRoleSource rs : 
            PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);


            config.setRoleSource(rs);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();
            //TODO
            setCertifacteForUser("unknown", request);
            getProxy().doFilter(request, response, chain);            
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                continue; // no cache
            }
            Authentication auth = getAuth(testFilterName8, "unknown",null,null);
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals("unknown", auth.getPrincipal());
        }


        // test disabled user, should not work because of active cache
        updateUser("ug1", testUserName, false);
        config.setRoleSource(PreAuthenticatedUserNameRoleSource.UserGroupService);
        // saving the filter clears the cache
        getSecurityManager().saveFilter(config);
                
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();

View Full Code Here

TOP

Related Classes of org.geoserver.security.config.X509CertificateAuthenticationFilterConfig

org.geoserver.security.auth.AuthenticationCacheFilterTest

org.geoserver.security.auth.AuthenticationFilterTest

org.geoserver.security.validation.FilterConfigValidatorTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.