protected void addLayerAccessRule( String workspace, String layer, AccessMode mode, String... roles) throws IOException { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); DataAccessRule rule = new DataAccessRule(); rule.setRoot(workspace); rule.setLayer(layer); rule.setAccessMode(mode); rule.getRoles().addAll(Arrays.asList(roles)); dao.addRule(rule); dao.storeRules(); }
/** * Returns a sorted set of rules associated to the role * * @param role */ public SortedSet<DataAccessRule> getRulesAssociatedWithRole(String role) { SortedSet<DataAccessRule> result = new TreeSet<DataAccessRule>(); for (DataAccessRule rule : getRules()) if (rule.getRoles().contains(role)) result.add(rule); return result; } }
public CatalogMode getMode() { return dao.getMode(); }
@Override public void onSubmit() { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); CatalogMode newMode = dao.getByAlias(catalogModeChoice.getValue()); dao.setCatalogMode(newMode); dao.storeRules(); doReturn(); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving user", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } } });
protected boolean onSubmit(AjaxRequestTarget target, Component contents) { // cascade delete the whole selection Catalog catalog = GeoServerApplication.get().getCatalog(); CascadeDeleteVisitor visitor = new CascadeDeleteVisitor(catalog); DataAccessRuleDAO dao = DataAccessRuleDAO.get(); for (DataAccessRule rule : removePanel.getRoots()) { dao.removeRule(rule); } try { dao.storeRules(); } catch (IOException e) { e.printStackTrace(); } // the deletion will have changed what we see in the page // so better clear out the selection rules.clearSelection(); return true; }
@Override protected void onFormSubmit(DataAccessRule rule) { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); // we cannot update the original because it might have been serialized // and thus detached, we'll update the rule that is the same as the original one instead dao.getRules() .forEach( r -> { if (r.equals(orig)) { r.setRoot(rule.getRoot()); r.setGlobalGroupRule(rule.isGlobalGroupRule()); r.setLayer(rule.getLayer()); r.setAccessMode(rule.getAccessMode()); r.getRoles().clear(); r.getRoles().addAll(rule.getRoles()); } }); dao.storeRules(); doReturn(DataSecurityPage.class); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } } }
@Test public void testAdd() { assertEquals(4, dao.getRules().size()); DataAccessRule newRule = dao.parseDataAccessRule("*.*.w", "ROLE_GENERIC_W"); assertTrue(dao.addRule(newRule)); assertEquals(5, dao.getRules().size()); assertEquals(newRule, dao.getRules().get(1)); assertFalse(dao.addRule(newRule)); }
@Override protected void onFormSubmit(DataAccessRule rule) { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); //update original orig.setWorkspace(rule.getWorkspace()); orig.setLayer(rule.getLayer()); orig.setAccessMode(rule.getAccessMode()); orig.getRoles().clear(); orig.getRoles().addAll(rule.getRoles()); dao.storeRules(); doReturn(DataSecurityPage.class); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } }
@Test public void testRemove() { assertEquals(4, dao.getRules().size()); DataAccessRule newRule = dao.parseDataAccessRule("*.*.w", "ROLE_GENERIC_W"); assertFalse(dao.removeRule(newRule)); DataAccessRule first = dao.getRules().get(0); assertTrue(dao.removeRule(first)); assertFalse(dao.removeRule(first)); assertEquals(3, dao.getRules().size()); }
throw new RestException("Not a valid mode: " + mode, HttpStatus.UNPROCESSABLE_ENTITY); ruleDAO.setCatalogMode(modeValue); ruleDAO.storeRules();
public DataAccessRuleDAO getDataAccessRuleDAO() { return DataAccessRuleDAO.get(); }
@Test public void testStoreEscapedDots() throws Exception { dao.clear(); dao.addRule( new DataAccessRule( "it.geosolutions", "layer.dots", AccessMode.READ, Collections.singleton("ROLE_ABC"))); Properties ps = dao.toProperties(); assertEquals(2, ps.size()); assertEquals("ROLE_ABC", ps.getProperty("it\\.geosolutions.layer\\.dots.r")); ByteArrayOutputStream bos = new ByteArrayOutputStream(); ps.store(bos, null); } }
@Test public void testInvalidAuthChallenge() throws Exception { DataAccessRuleDAO dao = GeoServerExtensions.bean(DataAccessRuleDAO.class, applicationContext); dao.setCatalogMode(CatalogMode.CHALLENGE); MockHttpServletRequest request = createRequest( "wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS)); request.addHeader( "Authorization", "Basic " + new String(Base64.encodeBase64("cite:wrongpassword".getBytes()))); MockHttpServletResponse resp = dispatch(request); assertEquals(401, resp.getStatus()); assertEquals("Basic realm=\"GeoServer Realm\"", resp.getHeader("WWW-Authenticate")); }
rule.setAccessMode(AccessMode.READ); rule.getRoles().add("readcdf"); ruleDao.addRule(rule); rule.setAccessMode(AccessMode.WRITE); rule.getRoles().add("writecdf"); ruleDao.addRule(rule); rule.setAccessMode(AccessMode.ADMIN); rule.getRoles().add("admincdf"); ruleDao.addRule(rule); rule.setAccessMode(AccessMode.READ); rule.getRoles().add("readcite"); ruleDao.addRule(rule); rule.setAccessMode(AccessMode.WRITE); rule.getRoles().add("writecite"); ruleDao.addRule(rule); rule.setAccessMode(AccessMode.ADMIN); rule.getRoles().add("admincite"); ruleDao.addRule(rule);
@Override public void onSubmit() { try { DataAccessRuleDAO dao = DataAccessRuleDAO.get(); CatalogMode newMode = dao.getByAlias(catalogModeChoice.getValue()); dao.setCatalogMode(newMode); dao.storeRules(); doReturn(); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving user", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } } });
protected boolean onSubmit(AjaxRequestTarget target, Component contents) { // cascade delete the whole selection Catalog catalog = GeoServerApplication.get().getCatalog(); CascadeDeleteVisitor visitor = new CascadeDeleteVisitor(catalog); DataAccessRuleDAO dao = DataAccessRuleDAO.get(); for (DataAccessRule rule : removePanel.getRoots()) { dao.removeRule(rule); } try { dao.storeRules(); } catch (IOException e) { e.printStackTrace(); } // the deletion will have changed what we see in the page // so better clear out the selection rules.clearSelection(); return true; }