GeoServerRootAuthenticationProvider.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security.auth;

import java.util.ArrayList;
import java.util.Collection;

import javax.servlet.http.HttpServletRequest;

import org.geoserver.security.GeoServerAuthenticationProvider;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/**
 * An authentication provider for the superuser called {@link #ROOTUSERNAME}.
 * This user hat the administrator role {@link GeoServerRole#ADMIN_ROLE}
 * No other users are authenticated.
 * 
 * The password is checked using  {@link GeoServerSecurityManager#checkMasterPassword(String)}
 * 
 * If the password does not match, NO {@link BadCredentialsException} is thrown.
 * Maybe there is a user in one of the {@link GeoServerUserGroupService} objects
 * with the same name.
 *  
 * @author christian
 *
 */
public class GeoServerRootAuthenticationProvider extends GeoServerAuthenticationProvider {


    public GeoServerRootAuthenticationProvider() {
        super();
        setName("root");
    }

    @Override
    public boolean supports(Class<? extends Object> authentication, HttpServletRequest request) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
    }

    @Override
    public Authentication authenticate(Authentication authentication, HttpServletRequest request)
            throws AuthenticationException {
        
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;

        // check if name is root
        if (GeoServerUser.ROOT_USERNAME.equals(token.getPrincipal())==false) return null;

        //check password        
        if (token.getCredentials() !=null) {
            if (getSecurityManager().checkMasterPassword(token.getCredentials().toString())) {
                Collection<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
                roles.add(GeoServerRole.ADMIN_ROLE);

                UsernamePasswordAuthenticationToken result = 
                    new UsernamePasswordAuthenticationToken(GeoServerUser.ROOT_USERNAME, null,roles);
                result.setDetails(token.getDetails());
                return result;        
            }
        }
            
        // not BadCredentialException is thrown, maybe there is another user with 
        // the same name
        log(new BadCredentialsException("Bad credentials for: "+ token.getPrincipal()));
        return null;
    }

}