@Override public RuleFilter clone() { return new RuleFilter(this); }
@Override public RuleFilter clone() { return new RuleFilter(this); }
@Override public long getCountAll() { return count(new RuleFilter(RuleFilter.SpecialFilterType.ANY)); }
/** * @deprecated */ @Override @Deprecated public List<ShortRule> getMatchingRules( String userName, String profileName, String instanceName, String sourceAddress, String service, String request, String workspace, String layer) { return getMatchingRules(new RuleFilter(userName, profileName, instanceName, sourceAddress, service, request, workspace, layer)); }
/** * @deprecated */ @Override @Deprecated public AccessInfo getAccessInfo(String userName, String roleName, String instanceName, String sourceAddress, String service, String request, String workspace, String layer) { return getAccessInfo(new RuleFilter(userName, roleName, instanceName, sourceAddress, service, request, workspace, layer)); }
@Override public long getCountAll() { return count(new RuleFilter(RuleFilter.SpecialFilterType.ANY)); }
@Override public Response delete(Long id, boolean cascade) throws ConflictRestEx, NotFoundRestEx, InternalErrorRestEx { try { if ( cascade ) { ruleAdminService.deleteRulesByInstance(id); } else { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY); filter.setInstance(id); filter.getInstance().setIncludeDefault(false); long cnt = ruleAdminService.count(filter); if ( cnt > 0 ) { throw new ConflictRestEx("Existing rules reference the GSInstance " + id); } } if ( ! instanceAdminService.delete(id)) { LOGGER.warn("GSInstance not found: " + id); throw new NotFoundRestEx("GSInstance not found: " + id); } return Response.status(Status.OK).entity("OK\n").build(); } catch (GeoFenceRestEx ex) { // already handled throw ex; } catch (NotFoundServiceEx ex) { LOGGER.warn("GSInstance not found: " + id); throw new NotFoundRestEx("GSInstance not found: " + id); } catch (Exception ex) { LOGGER.error(ex.getMessage(), ex); throw new InternalErrorRestEx(ex.getMessage()); } }
/** We expect the user not to be null and not to be admin */ private boolean isWorkspaceAdmin(Authentication user, String workspaceName) { LOGGER.log(Level.FINE, "Getting admin auth for Workspace {0}", workspaceName); // get the request infos RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY); ruleFilter.setInstance(configurationManager.getConfiguration().getInstanceName()); ruleFilter.setWorkspace(workspaceName); String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } String sourceAddress = retrieveCallerIpAddress(); if (sourceAddress != null) { ruleFilter.setSourceAddress(sourceAddress); } else { LOGGER.log(Level.WARNING, "No source IP address found"); ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT); } if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "AdminAuth filter: {0}", ruleFilter); } AccessInfo auth = rules.getAdminAuthorization(ruleFilter); LOGGER.log( Level.FINE, "Admin auth for User:{0} Workspace:{1}: {2}", new Object[] {user.getName(), workspaceName, auth.getAdminRights()}); return auth.getAdminRights(); }
/** We expect the user not to be null and not to be admin */ private boolean isWorkspaceAdmin(Authentication user, String workspaceName) { LOGGER.log(Level.FINE, "Getting admin auth for Workspace {0}", workspaceName); // get the request infos RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY); ruleFilter.setInstance(configurationManager.getConfiguration().getInstanceName()); ruleFilter.setWorkspace(workspaceName); String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } String sourceAddress = retrieveCallerIpAddress(); if (sourceAddress != null) { ruleFilter.setSourceAddress(sourceAddress); } else { LOGGER.log(Level.WARNING, "No source IP address found"); ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT); } if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "AdminAuth filter: {0}", ruleFilter); } AccessInfo auth = rules.getAdminAuthorization(ruleFilter); LOGGER.log( Level.FINE, "Admin auth for User:{0} Workspace:{1}: {2}", new Object[] {user.getName(), workspaceName, auth.getAdminRights()}); return auth.getAdminRights(); }
@Override public Response delete(String username, boolean cascade) throws ConflictRestEx, NotFoundRestEx, InternalErrorRestEx { try { if ( cascade ) { ruleAdminService.deleteRulesByUser(username); } else { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY); filter.setUser(username); filter.getUser().setIncludeDefault(false); long cnt = ruleAdminService.count(filter); if ( cnt > 0 ) { throw new ConflictRestEx("Existing rules reference the user " + username); } } GSUser user = userAdminService.get(username); // may throw NotFoundServiceEx if ( ! userAdminService.delete(user.getId())) { LOGGER.warn("ILLEGAL STATE -- User not found: " + user); // this should not happen throw new NotFoundRestEx("ILLEGAL STATE -- User not found: " + user); } return Response.status(Status.OK).entity("OK\n").build(); } catch (GeoFenceRestEx ex) { // already handled throw ex; } catch (NotFoundServiceEx ex) { LOGGER.warn("User not found: " + username); throw new NotFoundRestEx("User not found: " +username); } catch (Exception ex) { LOGGER.error(ex.getMessage(), ex); throw new InternalErrorRestEx(ex.getMessage()); } }
@Override public Response delete(String name, boolean cascade) throws ConflictRestEx, NotFoundRestEx, InternalErrorRestEx { try { if ( cascade ) { ruleAdminService.deleteRulesByRole(name); } else { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY); filter.setRole(name); filter.getUser().setIncludeDefault(false); long cnt = ruleAdminService.count(filter); if ( cnt > 0 ) { throw new ConflictRestEx("Existing rules reference the role " + name); } } UserGroup role = userGroupAdminService.get(name); if ( ! userGroupAdminService.delete(role.getId())) { LOGGER.warn("Role not found: " + name); throw new NotFoundRestEx("Role not found: " + name); } return Response.status(Status.OK).entity("OK\n").build(); } catch (GeoFenceRestEx ex) { // already handled throw ex; } catch (NotFoundServiceEx ex) { LOGGER.warn("Role not found: " + name); throw new NotFoundRestEx("Role not found: " + name); } catch (Exception ex) { LOGGER.error(ex.getMessage(), ex); throw new InternalErrorRestEx(ex.getMessage()); } }
protected RuleFilter buildFilter( String userName, Boolean userDefault, String roleName, Boolean groupDefault, String workspace, Boolean workspaceDefault) { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true); setFilter(filter.getUser(), userName, userDefault); setFilter(filter.getRole(), roleName, groupDefault); setFilter(filter.getWorkspace(), workspace, workspaceDefault); return filter; }
@Override protected void onSubmit(AjaxRequestTarget target, Form<?> form) { ((FormComponent<?>) form.get("servicesUrl")).processInput(); String servicesUrl = (String) ((FormComponent<?>) form.get("servicesUrl")) .getConvertedInput(); RuleReaderService ruleReader = getRuleReaderService(servicesUrl); try { ruleReader.getMatchingRules(new RuleFilter()); info( new StringResourceModel( GeofencePage.class.getSimpleName() + ".connectionSuccessful") .getObject()); } catch (Exception e) { error(e); LOGGER.log(Level.WARNING, e.getMessage(), e); } if (getPage() instanceof GeoServerBasePage) { ((GeoServerBasePage) getPage()).addFeedbackPanels(target); } }
@Override protected void onSubmit(AjaxRequestTarget target, Form<?> form) { ((FormComponent<?>) form.get("servicesUrl")).processInput(); String servicesUrl = (String) ((FormComponent<?>) form.get("servicesUrl")) .getConvertedInput(); RuleReaderService ruleReader = getRuleReaderService(servicesUrl); try { ruleReader.getMatchingRules(new RuleFilter()); info( new StringResourceModel( GeofencePage.class.getSimpleName() + ".connectionSuccessful") .getObject()); } catch (Exception e) { error(e); LOGGER.log(Level.WARNING, e.getMessage(), e); } if (getPage() instanceof GeoServerBasePage) { ((GeoServerBasePage) getPage()).addFeedbackPanels(target); } }
protected RuleFilter buildFilter( String userName, Boolean userDefault, String roleName, Boolean groupDefault, Long instanceId, String instanceName, Boolean instanceDefault, String workspace, Boolean workspaceDefault) throws BadRequestRestEx { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true); setFilter(filter.getUser(), userName, userDefault); setFilter(filter.getRole(), roleName, groupDefault); setFilter(filter.getInstance(), instanceId, instanceName, instanceDefault); setFilter(filter.getWorkspace(), workspace, workspaceDefault); return filter; }
protected boolean isGeoFenceAvailable() { geofenceService = (RuleReaderService) applicationContext.getBean( applicationContext .getBeanFactory() .resolveEmbeddedValue("${ruleReaderBackend}")); try { /** * In order to run live tests, you will need to run an instance of GeoFence on port 9191 * and create two rules: * * <p>1) User: admin - grant ALLOW ALL 2) User: * - grant Service: "WMS" ALLOW 3) * - * DENY */ final RuleFilter ruleFilter = new RuleFilter(); ruleFilter.setService("WMS"); final List<ShortRule> matchingRules = geofenceService.getMatchingRules(ruleFilter); if (geofenceService != null && matchingRules != null && matchingRules.size() > 0) { return true; } } catch (Exception e) { LOGGER.log(Level.WARNING, "Error connecting to GeoFence", e); geofenceService = null; } return false; } }
protected RuleFilter buildFilter( String userName, Boolean userDefault, String roleName, Boolean groupDefault, Long instanceId, String instanceName, Boolean instanceDefault, String serviceName, Boolean serviceDefault, String requestName, Boolean requestDefault, String workspace, Boolean workspaceDefault, String layer, Boolean layerDefault) throws BadRequestRestEx { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true); setFilter(filter.getUser(), userName, userDefault); setFilter(filter.getRole(), roleName, groupDefault); setFilter(filter.getInstance(), instanceId, instanceName, instanceDefault); setFilter(filter.getService(), serviceName, serviceDefault); setFilter(filter.getRequest(), requestName, requestDefault); setFilter(filter.getWorkspace(), workspace, workspaceDefault); setFilter(filter.getLayer(), layer, layerDefault); return filter; }
protected RuleFilter buildFilter( String userName, Boolean userDefault, String roleName, Boolean groupDefault, Long instanceId, String instanceName, Boolean instanceDefault, String serviceName, Boolean serviceDefault, String requestName, Boolean requestDefault, String workspace, Boolean workspaceDefault, String layer, Boolean layerDefault) { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true); setFilter(filter.getUser(), userName, userDefault); setFilter(filter.getRole(), roleName, groupDefault); setFilter(filter.getInstance(), instanceId, instanceName, instanceDefault); setFilter(filter.getService(), serviceName, serviceDefault); setFilter(filter.getRequest(), requestName, requestDefault); setFilter(filter.getWorkspace(), workspace, workspaceDefault); setFilter(filter.getLayer(), layer, layerDefault); return filter; }
@Test public void testAdmin() { if (!IS_GEOFENCE_AVAILABLE) { return; } assertTrue(geofenceAdminService.getCountAll() > 0); RuleFilter ruleFilter = new RuleFilter(); ShortRule adminRule = geofenceAdminService.getRule(ruleFilter); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "admin", "geoserver", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_ADMINISTRATOR") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, layer); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
assertEquals(0, cachedRuleReader.getStats().evictionCount()); RuleFilter filter1 = new RuleFilter(); filter1.setUser("test_1"); RuleFilter filter2 = new RuleFilter(); filter2.setUser("test_2"); RuleFilter filter3 = new RuleFilter(); filter3.setUser("test_3");