|
There is a little issue with doing actions that uses Geoserver catalog.
I.e.
When you authenticate with some user in code like this
// ...
securityContext.setAuthentication(authentication);
and attempt to call method from catalog like getFeatureTypeByName which is checked by GeoFence before execution you will get NullPointerException in BruteForceListener.
java.lang.NullPointerException
at org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:47)
at org.geoserver.security.BruteForceListener.lambda$requestAddressInWhiteList$0(BruteForceListener.java:122)
at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90)
at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1351)
at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)
at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:449)
at org.geoserver.security.BruteForceListener.requestAddressInWhiteList(BruteForceListener.java:122)
at org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:66)
at org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:30)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:167)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:383)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:337)
at org.springframework.security.authentication.DefaultAuthenticationEventPublisher.publishAuthenticationSuccess(DefaultAuthenticationEventPublisher.java:84)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:213)
at org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
at org.geoserver.wps.gs.LuceneScheduler.setAuthentication(LuceneScheduler.java:58)
at org.geoserver.wps.gs.LuceneScheduler.indexAllData(LuceneScheduler.java:37)
at sun.reflect.GeneratedMethodAccessor1123.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
This exception is throwed because in fact you don’t send request but BruteForceListener catch it like request.
To fix it you need to do simple check in BruteForceListener
Here is completed code that works
private boolean requestAddressInWhiteList(HttpServletRequest request,
BruteForcePreventionConfig config) {
// is there a white list?
if (config.getWhitelistAddressMatchers() == null) {
return false;
}
if(request==null)
{
return true;
}
return config.getWhitelistAddressMatchers().stream()
.anyMatch(matcher -> matcher.matches(request));
}
|
