- Fixes as per @aaime review

doc/en/user/source/security/passwd.rst

@@ -103,7 +103,7 @@ Refer to :ref:`security_webadmin_masterpasswordprovider` for information on how
 
 .. note:: By default the login to Admin GUI and REST APIs with Master Password is disabled. In order to enable it you will need to manually change the Master Password Provider ``config.xml``, usually located into ``security/masterpw/default/config.xml``, by adding the following statement::
 
-    ``<canLogin>true</canLogin>``
+    ``<loginEnabled>true</loginEnabled>``
 
 .. _security_passwd_policy:
 

doc/en/user/source/security/webadmin/passwords.rst

@@ -37,7 +37,7 @@ This section provides the options for adding, removing, and editing master passw
 
 .. note:: By default the login to Admin GUI and REST APIs with Master Password is disabled. In order to enable it you will need to manually change the Master Password Provider ``config.xml``, usually located into ``security/masterpw/default/config.xml``, by adding the following statement::
 
-    ``<canLogin>true</canLogin>``
+    ``<loginEnabled>true</loginEnabled>``
 
 Password policies
 -----------------

src/main/src/main/java/org/geoserver/security/GeoServerSecurityManager.java

@@ -1722,7 +1722,7 @@ public boolean checkMasterPassword(char[] passwd) {
         try {
             if (!this.masterPasswordProviderHelper
                     .loadConfig(this.masterPasswordConfig.getProviderName())
-                    .isCanLogin()) {
+                    .isLoginEnabled()) {
                 return false;
             }
         } catch (IOException e) {

src/main/src/main/java/org/geoserver/security/password/MasterPasswordProviderConfig.java

@@ -16,14 +16,14 @@ public class MasterPasswordProviderConfig extends BaseSecurityNamedServiceConfig
 
     boolean readOnly;
 
-    boolean canLogin;
+    boolean loginEnabled;
 
     public MasterPasswordProviderConfig() {}
 
     public MasterPasswordProviderConfig(MasterPasswordProviderConfig other) {
         super(other);
         this.readOnly = other.isReadOnly();
-        this.canLogin = other.canLogin;
+        this.loginEnabled = other.loginEnabled;
     }
 
     /** Flag determining if the url is read only and may not be written back to. */
@@ -37,12 +37,12 @@ public void setReadOnly(boolean readOnly) {
     }
 
     /** Flag determining if the root can login to GeoServer or not. */
-    public boolean isCanLogin() {
-        return canLogin;
+    public boolean isLoginEnabled() {
+        return loginEnabled;
     }
 
     /** Sets flag determining if the root can login to GeoServer or not. */
-    public void setCanLogin(boolean canLogin) {
-        this.canLogin = canLogin;
+    public void setLoginEnabled(boolean loginEnabled) {
+        this.loginEnabled = loginEnabled;
     }
 }

src/restconfig/src/test/java/org/geoserver/rest/security/MasterPasswordControllerTest.java

@@ -63,7 +63,7 @@ protected void onSetUp(SystemTestData testData) throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
     }
 

src/security/security-tests/src/test/java/org/geoserver/security/auth/AuthenticationCacheFilterTest.java

@@ -552,7 +552,7 @@ public void testDigestAuth() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         headerValue =
@@ -729,7 +729,7 @@ public void testBasicAuthWithRememberMe() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
         response = new MockHttpServletResponse();
         getProxy().doFilter(request, response, chain);

src/security/security-tests/src/test/java/org/geoserver/security/auth/AuthenticationFilterTest.java

@@ -211,7 +211,7 @@ public void testBasicAuth() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         request.addHeader(
@@ -867,7 +867,7 @@ public void testDigestAuth() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         headerValue =
@@ -1059,7 +1059,7 @@ public void testBasicAuthWithRememberMe() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         request.addHeader(
@@ -1436,7 +1436,7 @@ public void testFormLoginWithRememberMe() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         request.setMethod("POST");

src/security/security-tests/src/test/java/org/geoserver/security/auth/GeoServerRootAuthenticationProviderTest.java

@@ -52,7 +52,7 @@ public void testRootProvider() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
         token =
                 new UsernamePasswordAuthenticationToken(

src/security/security-tests/src/test/java/org/geoserver/security/password/MasterPasswordChangeTest.java

@@ -50,7 +50,7 @@ public void testMasterPasswordChange() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         String masterPWAsString = getMasterPassword();
@@ -119,7 +119,7 @@ public void testMasterPasswordChange() throws Exception {
 
         /////////////////////// change simulating spring injection
         MasterPasswordProviderConfig mpConfig2 = new MasterPasswordProviderConfig();
-        mpConfig2.setCanLogin(true);
+        mpConfig2.setLoginEnabled(true);
         mpConfig2.setName("test");
         mpConfig2.setClassName(TestMasterPasswordProvider.class.getCanonicalName());
         getSecurityManager().saveMasterPasswordProviderConfig(mpConfig2);

src/security/security-tests/src/test/java/org/geoserver/security/password/URLMasterPasswordProviderTest.java

@@ -29,7 +29,7 @@ public void testEncryption() throws Exception {
         URLMasterPasswordProviderConfig config = new URLMasterPasswordProviderConfig();
         config.setName("test");
         config.setReadOnly(false);
-        config.setCanLogin(true);
+        config.setLoginEnabled(true);
         config.setClassName(URLMasterPasswordProvider.class.getCanonicalName());
         config.setURL(URLs.fileToUrl(tmp));
         config.setEncrypting(true);

src/web/security/core/src/main/java/org/geoserver/security/web/passwd/MasterPasswordProviderPanel.html

@@ -16,6 +16,10 @@
              <input type="checkbox" wicket:id="readOnly"/>
              <label for="readOnly"><wicket:message key="readOnly"></wicket:message></label>
            </li>
+           <li class="choiceItem">
+             <input type="checkbox" wicket:id="loginEnabled"/>
+             <label for="loginEnabled"><wicket:message key="loginEnabled"></wicket:message></label>
+           </li>
            <li>
              <wicket:child></wicket:child>
            </li>

src/web/security/core/src/main/java/org/geoserver/security/web/passwd/MasterPasswordProviderPanel.java

@@ -23,6 +23,7 @@ public MasterPasswordProviderPanel(String id, IModel<T> model) {
         super(id, model);
 
         add(new CheckBox("readOnly"));
+        add(new CheckBox("loginEnabled"));
         add(new HelpLink("settingsHelp", this).setDialog(dialog));
     }
 

src/web/security/core/src/main/resources/GeoServerApplication.properties

@@ -700,6 +700,7 @@ MasterPasswordChangePage.newPassword=New password
 MasterPasswordChangePage.newPasswordConfirm=Confirmation
 
 MasterPasswordProviderPanel.readOnly=Read-only
+MasterPasswordProviderPanel.loginEnabled=Allow "root" user to login as Admin
 MasterPasswordProviderPanel.settingsHelp.title=Master Password Providers
 MasterPasswordProviderPanel.settingsHelp=<p>A Master Password Provider is a source of the GeoServer \
  master password. A provider may be <strong>read-only</strong> in that it acts strictly as a source \

src/web/security/core/src/test/java/org/geoserver/security/web/passwd/MasterPasswordChangePanelTest.java

@@ -24,7 +24,7 @@ public void setUp() throws Exception {
                 getSecurityManager()
                         .loadMasterPassswordProviderConfig(
                                 getSecurityManager().getMasterPasswordConfig().getProviderName());
-        masterPasswordConfig.setCanLogin(true);
+        masterPasswordConfig.setLoginEnabled(true);
         getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordConfig);
 
         login();

src/web/security/core/src/test/java/org/geoserver/security/web/passwd/MasterPasswordProviderPanelTest.java

@@ -145,7 +145,7 @@ public void testRemove() throws Exception {
         config.setName("default2");
         config.setClassName(URLMasterPasswordProvider.class.getCanonicalName());
         config.setURL(new URL("file:passwd"));
-        config.setCanLogin(true);
+        config.setLoginEnabled(true);
 
         getSecurityManager().saveMasterPasswordProviderConfig(config);
         activatePanel();