/** * Parses the rules contained in the property file * * @param props */ protected void loadRules(Properties props) { TreeSet<ServiceAccessRule> result = new TreeSet<ServiceAccessRule>(); for (Map.Entry<Object, Object> entry : props.entrySet()) { String ruleKey = (String) entry.getKey(); String ruleValue = (String) entry.getValue(); ServiceAccessRule rule = parseServiceAccessRule(ruleKey, ruleValue); if (rule != null) { if (result.contains(rule)) LOGGER.warning( "Rule " + ruleKey + "." + ruleValue + " overwrites another rule on the same path"); result.add(rule); } } // make sure to add the "all access alloed" rule if the set if empty if (result.size() == 0) { result.add(new ServiceAccessRule(new ServiceAccessRule())); } rules = result; }
ServiceAccessRule bestMatch = null; for (ServiceAccessRule rule : rules) { if (rule.getService().equals(ServiceAccessRule.ANY) || rule.getService().equalsIgnoreCase(service)) { if (rule.getMethod().equals(ServiceAccessRule.ANY) || rule.getMethod().equalsIgnoreCase(method)) { bestMatch = rule; Set<String> allowedRoles = bestMatch.getRoles();
/** * Prevents removal of a role used by access rules Only checks if {@link #checkAgainstRules} is * <code>true</code> * * @param role * @throws IOException */ public void checkRoleIsUsed(GeoServerRole role) throws IOException { if (checkAgainstRules == false) return; GeoServerSecurityManager secMgr = getSecurityManager(); List<String> keys = new ArrayList<String>(); for (ServiceAccessRule rule : secMgr.getServiceAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); for (DataAccessRule rule : secMgr.getDataAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); if (keys.size() > 0) { String ruleString = StringUtils.collectionToCommaDelimitedString(keys); throw createSecurityException(ROLE_IN_USE_$2, role.getAuthority(), ruleString); } }
/** * Returns a sorted set of rules associated to the role * * @param role */ public SortedSet<ServiceAccessRule> getRulesAssociatedWithRole(String role) { SortedSet<ServiceAccessRule> result = new TreeSet<ServiceAccessRule>(); for (ServiceAccessRule rule : getRules()) if (rule.getRoles().contains(role)) result.add(rule); return result; } }
@Override public List<String> getObject() { List<String> result = new ArrayList<String>(); for (Service ows : GeoServerExtensions.extensions(Service.class)) { String service = rule.getService(); if (ows.getId().equals(service)) { for (String operation : ows.getOperations()) { if (!result.contains(operation)) { result.add(operation); } } } } Collections.sort(result); result.add(0, "*"); return result; }
/** * Comparison implemented so that generic rules get first, specific one are compared by service * and method */ public int compareTo(ServiceAccessRule other) { int compareService = compareServiceItems(service, other.service); if (compareService != 0) return compareService; return compareServiceItems(method, other.method); }
@Override protected String keyFor(Comparable rule) { return ((ServiceAccessRule) rule).getKey(); }
@Override protected void onFormSubmit(ServiceAccessRule rule) { try { ServiceAccessRuleDAO dao = ServiceAccessRuleDAO.get(); //update the original orig.getRoles().clear(); orig.getRoles().addAll(rolesFormComponent.getRolesNamesForStoring()); dao.storeRules(); doReturn(ServiceAccessRulePage.class); } catch(Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } }
@Override public List<String> getObject() { ArrayList<String> result = new ArrayList<String>(); boolean flag = true; for (Service ows : GeoServerExtensions.extensions(Service.class)) { String service = rule.getService(); if (service.equals(ows.getId()) && !result.contains(ows.getOperations()) && flag) { flag = false; result.addAll(ows.getOperations()); } } Collections.sort(result); result.add(0, "*"); return result; }
return new ServiceAccessRule(service, method, roles);
public void validate(Form<?> form) { // only validate on final submit if (form.findSubmittingButton() != form.get("save")) { return; } updateModels(); ServiceAccessRule rule = (ServiceAccessRule) form.getModelObject(); if (ServiceAccessRuleDAO.get().getRules().contains(rule)) { form.error(new ParamResourceModel("duplicateRule", getPage(), rule .getKey()).getString()); } }
@Override protected void onFormSubmit(ServiceAccessRule rule) { try { ServiceAccessRuleDAO dao = ServiceAccessRuleDAO.get(); // update the original orig.getRoles().clear(); orig.getRoles().addAll(rolesFormComponent.getRolesNamesForStoring()); dao.storeRules(); doReturn(ServiceAccessRulePage.class); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } } }
@Override public List<String> getObject() { ArrayList<String> result = new ArrayList<String>(); boolean flag = true; for (Service ows : GeoServerExtensions.extensions(Service.class)) { String service = rule.getService(); if (service.equals(ows.getId()) && !result.contains(ows.getOperations()) && flag) { flag = false; result.addAll(ows.getOperations()); } } Collections.sort(result); result.add(0, "*"); return result; }
@Override protected Comparable convertEntryToRule(Entry entry) { String[] parts = parseElements((String) entry.getKey()); return new ServiceAccessRule(parts[0], parts[1], parseRoles((String) entry.getValue())); }
public void validate(Form<?> form) { // only validate on final submit if (form.findSubmittingButton() != form.get("save")) { return; } updateModels(); ServiceAccessRule rule = (ServiceAccessRule) form.getModelObject(); if (ServiceAccessRuleDAO.get().getRules().contains(rule)) { form.error(new ParamResourceModel("duplicateRule", getPage(), rule .getKey()).getString()); } }
@Override protected void onFormSubmit(ServiceAccessRule rule) { try { ServiceAccessRuleDAO dao = ServiceAccessRuleDAO.get(); //update the original orig.getRoles().clear(); orig.getRoles().addAll(rolesFormComponent.getRolesNamesForStoring()); dao.storeRules(); doReturn(ServiceAccessRulePage.class); } catch(Exception e) { LOGGER.log(Level.SEVERE, "Error occurred while saving rule ", e); error(new ParamResourceModel("saveError", getPage(), e.getMessage())); } }
public EditServiceAccessRulePage(ServiceAccessRule rule) { super(new ServiceAccessRule(rule)); //save the original this.orig = rule; //set drop downs to disabled serviceChoice.setEnabled(false); methodChoice.setEnabled(false); }