@Override public void cleanup() { AdminRequest.finish(); } }
@Override public void apply(Map<String, Object> storage) { Object state = storage.get(KEY); AdminRequest.start(state); }
@Override public void collect(Map<String, Object> storage) { Object state = AdminRequest.get(); storage.put(KEY, state); }
@Override public void onRequestTargetSet(Class<? extends IRequestablePage> requestTarget) { // for non secured page requests we abort the admin request since they are meant to be // accessible anonymously, so we don't consider this an admin request if (requestTarget == null || !(GeoServerSecuredPage.class.isAssignableFrom(requestTarget) || GeoServerHomePage.class.isAssignableFrom(requestTarget))) { AdminRequest.abort(); } }
@Override public void onRequestTargetSet(IRequestTarget requestTarget) { //for non secured page requests we abort the admin request since they are meant to be // accessible anonymously, so we don't consider this an admin request Class pageClass = null; if (requestTarget instanceof PageRequestTarget) { pageClass = ((PageRequestTarget) requestTarget).getPage().getPageClass(); } if (requestTarget instanceof IBookmarkablePageRequestTarget) { pageClass = ((IBookmarkablePageRequestTarget) requestTarget).getPageClass(); } if (requestTarget instanceof AjaxRequestTarget) { Page p = ((AjaxRequestTarget)requestTarget).getPage(); pageClass = p != null ? p.getClass() : null; } if (pageClass == null || !(GeoServerSecuredPage.class.isAssignableFrom(pageClass) || GeoServerHomePage.class.isAssignableFrom(pageClass))) { AdminRequest.abort(); } }
@After public void cleanupThreadLocals() { AdminRequest.finish(); }
@Test public void testAdminRequest() throws InterruptedException, ExecutionException { // setup the state final Object myState = new Object(); AdminRequest.start(myState); // test it's transferred properly using the base class machinery testThreadLocalTransfer( new ThreadLocalTransferCallable(new AdminRequestThreadLocalTransfer()) { @Override void assertThreadLocalCleaned() { assertNull(AdminRequest.get()); } @Override void assertThreadLocalApplied() { assertSame(myState, AdminRequest.get()); } }); } }
private boolean canAccess(Authentication user, SecureTreeNode node) { boolean access = node.canAccess(user, AccessMode.READ); if (access && AdminRequest.get() != null) { // admin request, we need to check if we can also admin those return node.canAccess(user, AccessMode.ADMIN); } else { return access; } }
@After public void cleanupThreadLocals() { Dispatcher.REQUEST.remove(); AdminRequest.finish(); LocalPublished.remove(); LocalWorkspace.remove(); SecurityContextHolder.getContext().setAuthentication(null); }
LocalWorkspace.set(ws); final Object myState = new Object(); AdminRequest.start(myState); final Authentication auth = new UsernamePasswordAuthenticationToken("user", "password"); SecurityContextHolder.getContext().setAuthentication(auth);
@Override void assertThreadLocalApplied() { assertSame(myState, AdminRequest.get()); } });
@Override public void finished(Request request, Response response) { AdminRequest.finish(); }
@Override public void onBeginRequest() { AdminRequest.start(this); }
@Override void assertThreadLocalCleaned() { assertNull(AdminRequest.get()); }
@Override public void finished( HttpServletRequest HttpServletRequest, HttpServletResponse HttpServletResponse) { AdminRequest.finish(); } }
@Override public void onBeginRequest() { AdminRequest.start(this); }
public WorkspaceAccessLimits getAccessLimits(Authentication user, WorkspaceInfo workspace) { boolean readable = canAccess(user, workspace, AccessMode.READ); boolean writable = canAccess(user, workspace, AccessMode.WRITE); boolean adminable = canAccess(user, workspace, AccessMode.ADMIN); CatalogMode mode = getMode(); if (readable && writable) { if (AdminRequest.get() == null) { // not admin request, read+write means full acesss return null; } } return new WorkspaceAccessLimits(mode, readable, writable, adminable); }
@Override public void onEndRequest() { AdminRequest.finish(); }
@Override public void dispatched(Request request, Response response, Restlet restlet) { if (unwrap(restlet) instanceof AbstractCatalogFinder) { //restconfig request AdminRequest.start(this); } }
public WorkspaceAccessLimits getAccessLimits(Authentication user, WorkspaceInfo workspace) { boolean readable = delegate.canAccess(user, workspace, AccessMode.READ); boolean writable = delegate.canAccess(user, workspace, AccessMode.WRITE); boolean adminable = delegate.canAccess(user, workspace, AccessMode.ADMIN); CatalogMode mode = delegate.getMode(); if (readable && writable) { if (AdminRequest.get() == null) { // not admin request, read+write means full acesss return null; } } return new WorkspaceAccessLimits(mode, readable, writable, adminable); }