protected void addLayerAccessRule( String workspace, String layer, AccessMode mode, String... roles) throws IOException { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); DataAccessRule rule = new DataAccessRule(); rule.setRoot(workspace); rule.setLayer(layer); rule.setAccessMode(mode); rule.getRoles().addAll(Arrays.asList(roles)); dao.addRule(rule); dao.storeRules(); }
/** Turns the rules list into a property bag */ protected Properties toProperties() { Properties props = new Properties(); props.put("mode", catalogMode.toString()); for (DataAccessRule rule : rules) { StringBuilder sbKey = new StringBuilder(rule.getRoot().replaceAll("\\.", "\\\\.")); if (!rule.isGlobalGroupRule()) { sbKey.append(".").append(rule.getLayer().replaceAll("\\.", "\\\\.")); } sbKey.append(".").append(rule.getAccessMode().getAlias()); props.put(sbKey.toString(), rule.getValue()); } return props; }
/** * Prevents removal of a role used by access rules Only checks if {@link #checkAgainstRules} is * <code>true</code> * * @param role * @throws IOException */ public void checkRoleIsUsed(GeoServerRole role) throws IOException { if (checkAgainstRules == false) return; GeoServerSecurityManager secMgr = getSecurityManager(); List<String> keys = new ArrayList<String>(); for (ServiceAccessRule rule : secMgr.getServiceAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); for (DataAccessRule rule : secMgr.getDataAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); if (keys.size() > 0) { String ruleString = StringUtils.collectionToCommaDelimitedString(keys); throw createSecurityException(ROLE_IN_USE_$2, role.getAuthority(), ruleString); } }
@Override protected void onFormSubmit(DataAccessRule rule) { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); // we cannot update the original because it might have been serialized // and thus detached, we'll update the rule that is the same as the original one instead dao.getRules() .forEach( r -> { if (r.equals(orig)) { r.setRoot(rule.getRoot()); r.setGlobalGroupRule(rule.isGlobalGroupRule()); r.setLayer(rule.getLayer()); r.setAccessMode(rule.getAccessMode()); r.getRoles().clear(); r.getRoles().addAll(rule.getRoles()); } }); dao.storeRules(); doReturn(DataSecurityPage.class); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } } }
@Override protected void onFormSubmit(DataAccessRule rule) { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); //update original orig.setWorkspace(rule.getWorkspace()); orig.setLayer(rule.getLayer()); orig.setAccessMode(rule.getAccessMode()); orig.getRoles().clear(); orig.getRoles().addAll(rule.getRoles()); dao.storeRules(); doReturn(DataSecurityPage.class); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } }
result.add(new DataAccessRule(DataAccessRule.READ_ALL)); result.add(new DataAccessRule(DataAccessRule.WRITE_ALL));
List<String> lookupWorkspaceAdminRoles() { List<String> roles = new ArrayList<String>(); DataAccessRuleDAO dao = DataAccessRuleDAO.get(); for (DataAccessRule rule : dao.getRules()) { if (rule.getAccessMode() == AccessMode.ADMIN) { roles.addAll(rule.getRoles()); } } return roles; } }
@Test public void testDifferentRoot() { DataAccessRule rule1 = new DataAccessRule("*", "*", AccessMode.READ); DataAccessRule rule2 = new DataAccessRule("*", "*", AccessMode.WRITE); assertEquals(-1, rule1.compareTo(rule2)); assertFalse(rule1.equals(rule2)); }
@Override public void onSubmit() { DataAccessRule rule = (DataAccessRule) getForm().getModelObject(); if (rolesFormComponent.isHasAnyRole()) { rule.getRoles().clear(); rule.getRoles().add(GeoServerRole.ANY_ROLE.getAuthority()); } if (globalGroupRule.getModelObject()) { // just to be on the safe side rule.setLayer(null); } onFormSubmit(rule); } });
layerContainer.add(layerAndLabel = new WebMarkupContainer("layerAndLabel")); layerAndLabel.add( layerChoice = new DropDownChoice<String>("layer", getLayerNames(rule.getRoot()))); layerAndLabel.setVisible(!rule.isGlobalGroupRule()); layerChoice.setRequired(true); layerChoice.setOutputMarkupId(true); new RuleRolesFormComponent("roles", new PropertyModel(rule, "roles")) .setHasAnyRole( rule.getRoles() .contains(GeoServerRole.ANY_ROLE.getAuthority())));
form.add(layerChoice = new DropDownChoice<String>("layer", getLayerNames(rule.getWorkspace()))); layerChoice.setRequired(true); layerChoice.setOutputMarkupId(true); rule.getRoles().contains(GeoServerRole.ANY_ROLE.getAuthority())));
/** * Returns a sorted set of rules associated to the role * * @param role */ public SortedSet<DataAccessRule> getRulesAssociatedWithRole(String role) { SortedSet<DataAccessRule> result = new TreeSet<DataAccessRule>(); for (DataAccessRule rule : getRules()) if (rule.getRoles().contains(role)) result.add(rule); return result; } }
@Test public void testEqualRoot() { DataAccessRule rule1 = new DataAccessRule("*", "*", AccessMode.READ); DataAccessRule rule2 = new DataAccessRule("*", "*", AccessMode.READ); assertEquals(0, rule1.compareTo(rule2)); assertEquals(rule1, rule2); assertEquals(rule1.hashCode(), rule2.hashCode()); }
@Override protected void onFormSubmit(DataAccessRule rule) { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); //update original orig.setWorkspace(rule.getWorkspace()); orig.setLayer(rule.getLayer()); orig.setAccessMode(rule.getAccessMode()); orig.getRoles().clear(); orig.getRoles().addAll(rule.getRoles()); dao.storeRules(); doReturn(DataSecurityPage.class); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } }
return new DataAccessRule(root, layerName, mode, roles);
@Test public void testDifferenPath() { DataAccessRule rule1 = new DataAccessRule("topp", "layer1", AccessMode.READ); DataAccessRule rule2 = new DataAccessRule("topp", "layer2", AccessMode.READ); assertEquals(-1, rule1.compareTo(rule2)); assertFalse(rule1.equals(rule2)); } }
form.add(layerChoice = new DropDownChoice<String>("layer", getLayerNames(rule.getWorkspace()))); layerChoice.setRequired(true); layerChoice.setOutputMarkupId(true); rule.getRoles().contains(GeoServerRole.ANY_ROLE.getAuthority())));