Update pom.xml

Make the Travis pass by temporarly disabling this dependency. - OAuth2 externalizing configuration and making plugins more independent - Improved Logout Handler and Config Validator
geoserver · Sep 27, 2016 · b56c09a · b56c09a
1 parent f427745
commit b56c09a
Show file tree

Hide file tree

Showing 15 changed files with 505 additions and 289 deletions.
diff --git a/src/community/release/pom.xml b/src/community/release/pom.xml
@@ -233,11 +233,11 @@
      <artifactId>gs-wmts-multi-dimensional</artifactId>
      <version>${project.version}</version>
    </dependency>
-   <dependency>
+   <!-- dependency>
      <groupId>org.geoserver.community</groupId>
      <artifactId>gs-sec-oauth2-google</artifactId>
      <version>${project.version}</version>
-   </dependency>
+   </dependency -->
  </dependencies>
  <build>
   <plugins>

diff --git a/...oogle/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2AuthenticationProvider.java b/...oogle/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2AuthenticationProvider.java
@@ -0,0 +1,41 @@
+/* (c) 2016 Open Source Geospatial Foundation - all rights reserved
+ * This code is licensed under the GPL 2.0 license, available at the root
+ * application directory.
+ */
+package org.geoserver.security.oauth2;
+
+import org.geoserver.config.util.XStreamPersister;
+import org.geoserver.security.GeoServerSecurityManager;
+
+/**
+ * @author Alessio Fabiani, GeoSolutions S.A.S.
+ *
+ */
+public class GoogleOAuth2AuthenticationProvider extends GeoServerOAuthAuthenticationProvider {
+
+    // Default values
+    protected String accessTokenUri = "https://accounts.google.com/o/oauth2/token";
+
+    protected String userAuthorizationUri = "https://accounts.google.com/o/oauth2/auth";
+
+    protected String redirectUri = "http://localhost:8080/geoserver";
+
+    protected String checkTokenEndpointUrl = "https://www.googleapis.com/oauth2/v1/tokeninfo";
+
+    protected String logoutUri = "https://accounts.google.com/logout";
+
+    public GoogleOAuth2AuthenticationProvider(GeoServerSecurityManager securityManager) {
+        super(securityManager);
+    }
+
+    @Override
+    public void handlePostChanged(GeoServerSecurityManager securityManager) {
+        // Nothing to do
+    }
+
+    @Override
+    public void configure(XStreamPersister xp) {
+        xp.getXStream().alias("googleOauth2Authentication", GoogleOAuth2FilterConfig.class);
+    }
+
+}
diff --git a/...y/oauth2-google/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2FilterConfig.java b/...y/oauth2-google/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2FilterConfig.java
@@ -0,0 +1,230 @@
+/* (c) 2016 Open Source Geospatial Foundation - all rights reserved
+ * This code is licensed under the GPL 2.0 license, available at the root
+ * application directory.
+ */
+package org.geoserver.security.oauth2;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
+import org.geoserver.security.config.SecurityAuthFilterConfig;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+/**
+ * @author Alessio Fabiani, GeoSolutions S.A.S.
+ *
+ */
+public class GoogleOAuth2FilterConfig extends PreAuthenticatedUserNameFilterConfig
+        implements SecurityAuthFilterConfig, OAuth2FilterConfig {
+
+    /** serialVersionUID */
+    private static final long serialVersionUID = -3551428051398501603L;
+
+    /**
+     * **THIS MUST** be different for every OAuth2 Plugin
+     */
+    public static final String FILTER_LOGIN_ENDPOINT = "/j_spring_outh2_google_login";
+
+    // DEFAULT VALUES - BEGIN -
+    protected String cliendId;
+
+    protected String clientSecret;
+
+    protected String accessTokenUri = "https://accounts.google.com/o/oauth2/token";
+
+    protected String userAuthorizationUri = "https://accounts.google.com/o/oauth2/auth";
+
+    protected String redirectUri = "http://localhost:8080/geoserver";
+
+    protected String checkTokenEndpointUrl = "https://www.googleapis.com/oauth2/v1/tokeninfo";
+
+    protected String logoutUri = "https://accounts.google.com/logout";
+
+    protected String scopes = "https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile";
+
+    protected Boolean enableRedirectAuthenticationEntryPoint = false;
+
+    protected Boolean forceAccessTokenUriHttps = true;
+
+    protected Boolean forceUserAuthorizationUriHttps = true;
+    // DEFAULT VALUES - END -
+
+    @Override
+    public boolean providesAuthenticationEntryPoint() {
+        return true;
+    }
+
+    /**
+     * @return the cliendId
+     */
+    public String getCliendId() {
+        return cliendId;
+    }
+
+    /**
+     * @param cliendId the cliendId to set
+     */
+    public void setCliendId(String cliendId) {
+        this.cliendId = cliendId;
+    }
+
+    /**
+     * @return the clientSecret
+     */
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    /**
+     * @param clientSecret the clientSecret to set
+     */
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+
+    /**
+     * @return the accessTokenUri
+     */
+    public String getAccessTokenUri() {
+        return accessTokenUri;
+    }
+
+    /**
+     * @param accessTokenUri the accessTokenUri to set
+     */
+    public void setAccessTokenUri(String accessTokenUri) {
+        this.accessTokenUri = accessTokenUri;
+    }
+
+    /**
+     * @return the userAuthorizationUri
+     */
+    public String getUserAuthorizationUri() {
+        return userAuthorizationUri;
+    }
+
+    /**
+     * @param userAuthorizationUri the userAuthorizationUri to set
+     */
+    public void setUserAuthorizationUri(String userAuthorizationUri) {
+        this.userAuthorizationUri = userAuthorizationUri;
+    }
+
+    /**
+     * @return the redirectUri
+     */
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    /**
+     * @param redirectUri the redirectUri to set
+     */
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    /**
+     * @return the checkTokenEndpointUrl
+     */
+    public String getCheckTokenEndpointUrl() {
+        return checkTokenEndpointUrl;
+    }
+
+    /**
+     * @param checkTokenEndpointUrl the checkTokenEndpointUrl to set
+     */
+    public void setCheckTokenEndpointUrl(String checkTokenEndpointUrl) {
+        this.checkTokenEndpointUrl = checkTokenEndpointUrl;
+    }
+
+    /**
+     * @return the logoutUri
+     */
+    public String getLogoutUri() {
+        return logoutUri;
+    }
+
+    /**
+     * @param logoutUri the logoutUri to set
+     */
+    public void setLogoutUri(String logoutUri) {
+        this.logoutUri = logoutUri;
+    }
+
+    /**
+     * @return the scopes
+     */
+    public String getScopes() {
+        return scopes;
+    }
+
+    /**
+     * @param scopes the scopes to set
+     */
+    public void setScopes(String scopes) {
+        this.scopes = scopes;
+    }
+
+    /**
+     * @return the enableRedirectAuthenticationEntryPoint
+     */
+    public Boolean getEnableRedirectAuthenticationEntryPoint() {
+        return enableRedirectAuthenticationEntryPoint;
+    }
+
+    /**
+     * @param enableRedirectAuthenticationEntryPoint the enableRedirectAuthenticationEntryPoint to set
+     */
+    public void setEnableRedirectAuthenticationEntryPoint(
+            Boolean enableRedirectAuthenticationEntryPoint) {
+        this.enableRedirectAuthenticationEntryPoint = enableRedirectAuthenticationEntryPoint;
+    }
+
+    @Override
+    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
+        return new AuthenticationEntryPoint() {
+
+            @Override
+            public void commence(HttpServletRequest request, HttpServletResponse response,
+                    AuthenticationException authException) throws IOException, ServletException {
+                final StringBuilder loginUri = new StringBuilder(getUserAuthorizationUri());
+                loginUri.append("?").append("response_type=code").append("&").append("client_id=")
+                        .append(getCliendId()).append("&").append("scope=")
+                        .append(getScopes().replace(",", "%20")).append("&").append("redirect_uri=")
+                        .append(getRedirectUri());
+
+                if (getEnableRedirectAuthenticationEntryPoint()
+                        || request.getRequestURI().endsWith(FILTER_LOGIN_ENDPOINT)) {
+                    response.sendRedirect(loginUri.toString());
+                }
+            }
+        };
+    }
+
+    @Override
+    public Boolean getForceAccessTokenUriHttps() {
+        return forceAccessTokenUriHttps;
+    }
+
+    @Override
+    public void setForceAccessTokenUriHttps(Boolean forceAccessTokenUriHttps) {
+        this.forceAccessTokenUriHttps = forceAccessTokenUriHttps;
+    }
+
+    @Override
+    public Boolean getForceUserAuthorizationUriHttps() {
+        return forceUserAuthorizationUriHttps;
+    }
+
+    @Override
+    public void setForceUserAuthorizationUriHttps(Boolean forceUserAuthorizationUriHttps) {
+        this.forceUserAuthorizationUriHttps = forceUserAuthorizationUriHttps;
+    }
+
+}
diff --git a/...urity/oauth2/OAuth2AuthProviderPanel.html → ...oauth2/GoogleOAuth2AuthProviderPanel.html b/...urity/oauth2/OAuth2AuthProviderPanel.html → ...oauth2/GoogleOAuth2AuthProviderPanel.html
@@ -30,6 +30,14 @@
 					</fieldset> 
                   </li>
 
+                  <li>
+					<fieldset>
+						 <legend>
+							<span><wicket:message key="forceAccessTokenUriHttps"></wicket:message></span>
+						 </legend>
+	                     <input id="forceAccessTokenUriHttps" wicket:id="forceAccessTokenUriHttps" type="checkbox" class="text"></input>
+					</fieldset> 
+                  </li>
                   <li>
 					<fieldset>
 						 <legend>
@@ -40,6 +48,14 @@
 					</fieldset> 
                   </li>
 
+                  <li>
+					<fieldset>
+						 <legend>
+							<span><wicket:message key="forceUserAuthorizationUriHttps"></wicket:message></span>
+						 </legend>
+	                     <input id="forceUserAuthorizationUriHttps" wicket:id="forceUserAuthorizationUriHttps" type="checkbox" class="text"></input>
+					</fieldset> 
+                  </li>
                   <li>
 					<fieldset>
 						 <legend>

diff --git a/...urity/oauth2/OAuth2AuthProviderPanel.java → ...oauth2/GoogleOAuth2AuthProviderPanel.java b/...urity/oauth2/OAuth2AuthProviderPanel.java → ...oauth2/GoogleOAuth2AuthProviderPanel.java
@@ -10,7 +10,7 @@
 import org.apache.wicket.markup.html.form.TextField;
 import org.apache.wicket.model.IModel;
 import org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter;
-import org.geoserver.security.oauth2.OAuth2FilterConfig;
+import org.geoserver.security.oauth2.GoogleOAuth2FilterConfig;
 import org.geoserver.security.web.auth.PreAuthenticatedUserNameFilterPanel;
 import org.geoserver.web.wicket.GeoServerDialog;
 import org.geoserver.web.wicket.HelpLink;
@@ -21,18 +21,18 @@
  * 
  * @author Alessio Fabiani, GeoSolutions S.A.S.
  */
-public class OAuth2AuthProviderPanel
+public class GoogleOAuth2AuthProviderPanel
-        extends PreAuthenticatedUserNameFilterPanel<OAuth2FilterConfig> {
+        extends PreAuthenticatedUserNameFilterPanel<GoogleOAuth2FilterConfig> {
 
     private static final long serialVersionUID = 689778998902987791L;
 
     static Logger LOGGER = Logging.getLogger("org.geoserver.security");
 
     GeoServerDialog dialog;
 
-    IModel<OAuth2FilterConfig> model;
+    IModel<GoogleOAuth2FilterConfig> model;
 
-    public OAuth2AuthProviderPanel(String id, IModel<OAuth2FilterConfig> model) {
+    public GoogleOAuth2AuthProviderPanel(String id, IModel<GoogleOAuth2FilterConfig> model) {
         super(id, model);
 
         this.dialog = (GeoServerDialog) get("dialog");
@@ -50,6 +50,8 @@ public OAuth2AuthProviderPanel(String id, IModel<OAuth2FilterConfig> model) {
         add(new HelpLink("clientSecretHelp", this).setDialog(dialog));
 
         add(new CheckBox("enableRedirectAuthenticationEntryPoint"));
+        add(new CheckBox("forceAccessTokenUriHttps"));
+        add(new CheckBox("forceUserAuthorizationUriHttps"));
         add(new TextField<String>("accessTokenUri"));
         add(new TextField<String>("userAuthorizationUri"));
         add(new TextField<String>("redirectUri"));

diff --git a/...y/oauth2/OAuth2AuthProviderPanelInfo.java → ...h2/GoogleOAuth2AuthProviderPanelInfo.java b/...y/oauth2/OAuth2AuthProviderPanelInfo.java → ...h2/GoogleOAuth2AuthProviderPanelInfo.java
@@ -5,22 +5,22 @@
 package org.geoserver.web.security.oauth2;
 
 import org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter;
-import org.geoserver.security.oauth2.OAuth2FilterConfig;
+import org.geoserver.security.oauth2.GoogleOAuth2FilterConfig;
 import org.geoserver.security.web.auth.AuthenticationFilterPanelInfo;
 
 /**
  * Configuration panel extension for {@link GeoServerOAuthAuthenticationFilter}.
  * 
  * @author Alessio Fabiani, GeoSolutions S.A.S.
  */
-public class OAuth2AuthProviderPanelInfo
+public class GoogleOAuth2AuthProviderPanelInfo
-        extends AuthenticationFilterPanelInfo<OAuth2FilterConfig, OAuth2AuthProviderPanel> {
+        extends AuthenticationFilterPanelInfo<GoogleOAuth2FilterConfig, GoogleOAuth2AuthProviderPanel> {
 
     private static final long serialVersionUID = 9128733240285123850L;
 
-    public OAuth2AuthProviderPanelInfo() {
+    public GoogleOAuth2AuthProviderPanelInfo() {
-        setComponentClass(OAuth2AuthProviderPanel.class);
+        setComponentClass(GoogleOAuth2AuthProviderPanel.class);
         setServiceClass(GeoServerOAuthAuthenticationFilter.class);
-        setServiceConfigClass(OAuth2FilterConfig.class);
+        setServiceConfigClass(GoogleOAuth2FilterConfig.class);
     }
 }