protected VectorAccessLimits intersection(VectorAccessLimits a, VectorAccessLimits b) { if (a == null) return b; if (b == null) return a; CatalogMode mode = intersection(a.getMode(), b.getMode()); List<PropertyName> readAttributes = intersection(a.getReadAttributes(), b.getReadAttributes()); Filter readFilter = intersection(a.getReadFilter(), b.getReadFilter()); List<PropertyName> writeAttributes = intersection(a.getReadAttributes(), b.getReadAttributes()); Filter writeFilter = intersection(a.getWriteFilter(), b.getWriteFilter()); return new VectorAccessLimits( mode, readAttributes, readFilter, writeAttributes, writeFilter); }
/** Returns a GeoTools query wrapping the read attributes and the read filter */ public Query getReadQuery() { return buildQuery(readAttributes, readFilter); }
@Test public void testAnonymousUser() { if (!IS_GEOFENCE_AVAILABLE) { return; } // check workspace access // WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); // WorkspaceAccessLimits wl = manager.getAccessLimits(null, citeWS); // assertFalse(wl.isReadable()); // assertFalse(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(null, layer); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
DataAccessLimits buildLimits( Class<? extends ResourceInfo> resourceClass, Filter readFilter, Filter writeFilter) { CatalogMode mode = delegate.getMode(); // allow the secure catalog to avoid any kind of wrapping if there are no limits if ((readFilter == null || readFilter == Filter.INCLUDE) && (writeFilter == null || writeFilter == Filter.INCLUDE || WMSLayerInfo.class.isAssignableFrom(resourceClass) || WMTSLayerInfo.class.isAssignableFrom(resourceClass) || CoverageInfo.class.isAssignableFrom(resourceClass))) { return null; } // build the appropriate limit class if (FeatureTypeInfo.class.isAssignableFrom(resourceClass)) { return new VectorAccessLimits(mode, null, readFilter, null, writeFilter); } else if (CoverageInfo.class.isAssignableFrom(resourceClass)) { return new CoverageAccessLimits(mode, readFilter, null, null); } else if (WMSLayerInfo.class.isAssignableFrom(resourceClass)) { return new WMSAccessLimits(mode, readFilter, null, true); } else if (WMTSLayerInfo.class.isAssignableFrom(resourceClass)) { return new WMTSAccessLimits(mode, readFilter, null); } else { LOGGER.log( Level.INFO, "Warning, adapting to generic access limits for unrecognized resource type " + resourceClass); return new DataAccessLimits(mode, readFilter); } }
@Test public void testWmsLimited() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("wmsuser", "wmsuser"); // check layer in the sf workspace with a wfs request Request request = new Request(); request.setService("WFS"); request.setRequest("GetFeature"); Dispatcher.REQUEST.set(request); LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); // now fake a getmap request (using a service and request with a different case than the // geofenceService) request = new Request(); request.setService("wms"); Dispatcher.REQUEST.set(request); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); }
canRead = dl.getReadFilter() != Filter.EXCLUDE; if (dl instanceof VectorAccessLimits) { canWrite = ((VectorAccessLimits) dl).getWriteFilter() != Filter.EXCLUDE; } else { canWrite = false;
SecuredSimpleFeatureCollection( FeatureCollection<SimpleFeatureType, SimpleFeature> delegate, WrapperPolicy policy) { super(delegate, policy); if (policy.getLimits() instanceof VectorAccessLimits) { List<PropertyName> properties = ((VectorAccessLimits) policy.getLimits()).getReadAttributes(); if (properties == null) { this.readSchema = getSchema(); } else { List<String> names = new ArrayList<String>(); for (PropertyName property : properties) { names.add(property.getPropertyName()); } String[] nameArray = (String[]) names.toArray(new String[names.size()]); try { this.readSchema = DataUtilities.createSubType(getSchema(), nameArray); } catch (SchemaException e) { // should just not happen throw new RuntimeException(e); } } } else { this.readSchema = getSchema(); } }
@Test public void testAnonymousUser() { if (!IS_GEOFENCE_AVAILABLE) { return; } // check workspace access // WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); // WorkspaceAccessLimits wl = manager.getAccessLimits(null, citeWS); // assertFalse(wl.isReadable()); // assertFalse(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(null, layer); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
DataAccessLimits buildLimits( Class<? extends ResourceInfo> resourceClass, Filter readFilter, Filter writeFilter) { CatalogMode mode = getMode(); // allow the secure catalog to avoid any kind of wrapping if there are no limits if ((readFilter == null || readFilter == Filter.INCLUDE) && (writeFilter == null || writeFilter == Filter.INCLUDE || WMSLayerInfo.class.isAssignableFrom(resourceClass) || WMTSLayerInfo.class.isAssignableFrom(resourceClass) || CoverageInfo.class.isAssignableFrom(resourceClass))) { return null; } // build the appropriate limit class if (FeatureTypeInfo.class.isAssignableFrom(resourceClass)) { return new VectorAccessLimits(mode, null, readFilter, null, writeFilter); } else if (CoverageInfo.class.isAssignableFrom(resourceClass)) { return new CoverageAccessLimits(mode, readFilter, null, null); } else if (WMSLayerInfo.class.isAssignableFrom(resourceClass)) { return new WMSAccessLimits(mode, readFilter, null, true); } else if (WMTSLayerInfo.class.isAssignableFrom(resourceClass)) { return new WMTSAccessLimits(mode, readFilter, null); } else { LOGGER.log( Level.INFO, "Warning, adapting to generic access limits for unrecognized resource type " + resourceClass); return new DataAccessLimits(mode, readFilter); } }
@Test public void testWmsLimited() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("wmsuser", "wmsuser"); // check layer in the sf workspace with a wfs request Request request = new Request(); request.setService("WFS"); request.setRequest("GetFeature"); Dispatcher.REQUEST.set(request); LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); if (generic != null) { VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); // now fake a getmap request (using a service and request with a different case than the // geofenceService) request = new Request(); request.setService("wms"); Dispatcher.REQUEST.set(request); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); } }
private boolean canAccess(AccessMode mode, DataAccessLimits limits) { if (limits == null) { return true; } else if (mode == AccessMode.READ) { return limits.getReadFilter() != Filter.EXCLUDE; } else if (mode == AccessMode.WRITE) { if (limits instanceof VectorAccessLimits) { return ((VectorAccessLimits) limits).getWriteFilter() != Filter.EXCLUDE; } else { return false; } } else { throw new RuntimeException("Unknown access mode " + mode); } }
assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); Dispatcher.REQUEST.set(request); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter());
private DataAccessLimits hide(ResourceInfo info) { if (info instanceof FeatureTypeInfo) { return new VectorAccessLimits( CatalogMode.HIDE, null, Filter.EXCLUDE, null, Filter.EXCLUDE); } else if (info instanceof CoverageInfo) { return new CoverageAccessLimits(CatalogMode.HIDE, Filter.EXCLUDE, null, null); } else if (info instanceof WMSLayerInfo) { return new WMSAccessLimits(CatalogMode.HIDE, Filter.EXCLUDE, null, false); } else { // TODO: Log warning about unknown resource type return new DataAccessLimits(CatalogMode.HIDE, Filter.EXCLUDE); } }
@Test public void testAreaLimited() throws Exception { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("area", "area"); // check we have the geometry filter set LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); FilterFactory2 ff = CommonFactoryFinder.getFilterFactory2(null); Geometry limit = new WKTReader().read("MULTIPOLYGON(((48 62, 48 63, 49 63, 49 62, 48 62)))"); Filter filter = ff.intersects(ff.property(""), ff.literal(limit)); assertEquals(filter, vl.getReadFilter()); assertEquals(filter, vl.getWriteFilter()); }
/** Returns a GeoTools query wrapping the write attributes and the write filter */ public Query getWriteQuery() { return buildQuery(writeAttributes, writeFilter); }
@Test public void testAdmin() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "admin", "geoserver", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_ADMINISTRATOR") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, layer); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
private WrapperPolicy buildPolicyForFeatureSource() { WrapperPolicy childPolicy; if (policy.getLimits() instanceof VectorAccessLimits) { childPolicy = policy; } else { final AccessLimits limits = policy.getLimits(); VectorAccessLimits vectorLimits = new VectorAccessLimits( limits.getMode(), null, Filter.INCLUDE, null, Filter.EXCLUDE); childPolicy = this.policy.derive(vectorLimits); } return childPolicy; }
@Test public void testAreaLimited() throws Exception { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("area", "area"); // check we have the geometry filter set LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); FilterFactory2 ff = CommonFactoryFinder.getFilterFactory2(null); Geometry limit = new WKTReader().read("MULTIPOLYGON(((48 62, 48 63, 49 63, 49 62, 48 62)))"); Filter filter = ff.intersects(ff.property(""), ff.literal(limit)); assertEquals(filter, vl.getReadFilter()); assertEquals(filter, vl.getWriteFilter()); }
assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); Dispatcher.REQUEST.set(request); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter());
public void testVectorAccessLimits() throws Exception { List<PropertyName> properties = new ArrayList<PropertyName>(); properties.add(ff.property("test")); VectorAccessLimits limits = new VectorAccessLimits(CatalogMode.MIXED, properties, filter, properties, filter); testObjectSerialization(limits); }