public LayerInfo getLayerByName(String name) { return catalog.getLayerByName(name); }
public LayerInfo getLayerByName(Name name) { return catalog.getLayerByName(name); }
@Test public void testWmsMilitaryNamedAndPublicOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, statesLayer, roadsLayer); layerGroups = Arrays.asList(named, opaque); populateCatalog(); // setup security buildManager(new String[] {"named.r=MILITARY"}); // try the ro user SecurityContextHolder.getContext().setAuthentication(roUser); // ... direct access to layers not allowed because the named group is not visible assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // ... but we can access the opaque group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(OPAQUE_GROUP_NAME); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); // now try with the military one SecurityContextHolder.getContext().setAuthentication(milUser); // ... direct access to layers allowed because the named group is visible to the mil user assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); }
@Test public void testWmsNamedOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); LayerGroupInfo opaque = prepareNamedAndOpaqueGroup(); // direct access to layers allowed because of the named group assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWmsStandaloneOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); LayerGroupInfo opaque = prepareStandaloneOpaqueGroup(); // direct access to layers not allowed assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWfsNamedOpaqueGroup() throws Exception { setupRequestThreadLocal("WFS"); LayerGroupInfo opaque = prepareNamedAndOpaqueGroup(); // direct access to layers allowed assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // and we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWMSLayerGroupAllowsAccess() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeAllow.properties"); // try with read only user, only layer group A and its contents should be visible SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is not available either assertNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); }
@Test public void testWMSLayerGroupAllowWorkspaceOverride() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeAllowWorkspaceOverride.properties"); // try with read only user, only layer group A and its contents should be visible SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is not available either assertNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); }
@Test public void testWMSLayerGroupAllowLayerOverride() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeAllowLayerOverride.properties"); // try with read only user, only layer group A and its contents should be visible, but // not topp:states SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is not available either assertNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); }
@Test public void testAccessToLayer() throws Exception { CatalogFilterAccessManager mgr = setupAccessManager(); SecureCatalogImpl sc = new SecureCatalogImpl(catalog, mgr) {}; assertNotNull(sc.getLayerByName("topp:states")); WorkspaceInfo ws = sc.getWorkspaceByName("nurc"); LocalWorkspace.set(ws); assertNull(sc.getWorkspaceByName("topp")); assertNull(sc.getResourceByName("topp:states", ResourceInfo.class)); assertNull(sc.getLayerByName("topp:states")); }
@Test public void testWfsStandaloneOpaqueGroup() throws Exception { setupRequestThreadLocal("WFS"); LayerGroupInfo opaque = prepareStandaloneOpaqueGroup(); // direct access to layers is allowed in this case assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // and we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWMSLayerGroupDenyWSAllow() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeDenyWSAllow.properties"); // try with read only user, the layer group A is not allowed SecurityContextHolder.getContext().setAuthentication(roUser); assertNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however cities are allowed explicitly because they are in the nurc ws assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is made available by the workspace rule assertNotNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNotNull(sc.getLayerByName(arcGridLayer.prefixedName())); } }
@Test public void testNestedOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, forestsLayer, opaque); layerGroups = Arrays.asList(named, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); // direct access forests allowed but not states and roads assertNotNull(sc.getLayerByName(forestsLayer.prefixedName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however via group access we can see all layers LayerGroupInfo securedNamedGroup = sc.getLayerGroupByName(NAMED_GROUP_NAME); assertEquals(3, securedNamedGroup.layers().size()); LayerGroupInfo securedOpaqueGroup = sc.getLayerGroupByName(OPAQUE_GROUP_NAME); assertEquals(2, securedOpaqueGroup.layers().size()); }
@Test public void testNestedOpaqueDenyNestedGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, forestsLayer, opaque); layerGroups = Arrays.asList(named, opaque); populateCatalog(); // setup security, disallow nested group buildManager(new String[] {OPAQUE_GROUP_NAME + ".r=MILITARY"}); // try the ro user SecurityContextHolder.getContext().setAuthentication(roUser); // direct access forests allowed but not states and roads assertNotNull(sc.getLayerByName(forestsLayer.prefixedName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // and via group access we cannot reach the nested one either LayerGroupInfo securedNamedGroup = sc.getLayerGroupByName(NAMED_GROUP_NAME); assertEquals(1, securedNamedGroup.layers().size()); assertEquals(forestsLayer.getName(), securedNamedGroup.getLayers().get(0).getName()); // nested nor accessible directly either assertNull(sc.getLayerGroupByName(OPAQUE_GROUP_NAME)); }
/** * Same as {@link #testWmsStandaloneOpaqueGroup()} but with a nested group as the testing target */ @Test public void testWmsNestedInStandaloneOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup group LayerGroupInfo nested = buildLayerGroup(NESTED_GROUP_NAME, Mode.NAMED, null, statesLayer); LayerGroupInfo opaque = buildLayerGroup(OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, nested, roadsLayer); layerGroups = Arrays.asList(nested, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); SecurityContextHolder.getContext().setAuthentication(roUser); // direct access to nested group not allowed, nor to its layers assertNull(sc.getLayerGroupByName(NESTED_GROUP_NAME)); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however we can access the group as part of the opaque one LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); assertThat(securedGroup.getLayers(), contains(nested, roadsLayer)); assertThat(securedGroup.layers(), contains(statesLayer, roadsLayer)); }
@Test public void testWmsSingleAndOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo single = buildLayerGroup(SINGLE_GROUP_NAME, Mode.SINGLE, null, statesLayer, roadsLayer); layerGroups = Arrays.asList(single, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); SecurityContextHolder.getContext().setAuthentication(roUser); // direct access to layers not allowed because the only container is in opaque mode assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // we can access the group and the layers through it LayerGroupInfo opaqueSecuredGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(opaqueSecuredGroup); assertEquals(2, opaqueSecuredGroup.getLayers().size()); LayerGroupInfo securedSingleGroup = sc.getLayerGroupByName(single.prefixedName()); assertNotNull(securedSingleGroup); assertEquals(2, securedSingleGroup.getLayers().size()); }
@Test public void testWmsSingleGroupCMilitaryOnly() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("singleGroupCMilitaryOnly.properties"); // try with read only user, layer group A and its contents should be fine SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B and landmarks should also be accessible assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNotNull(sc.getLayerByName(landmarksLayer.prefixedName())); // check the single group is not available, but its extra layer is assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNotNull(sc.getLayerByName(basesLayer.prefixedName())); // check the mil user sees everything instead SecurityContextHolder.getContext().setAuthentication(milUser); assertNotNull(sc.getFeatureTypeByName("topp:states")); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); LayerGroupInfo securedSingleGroup = sc.getLayerGroupByName(singleGroupC.prefixedName()); assertNotNull(securedSingleGroup); assertEquals(2, securedSingleGroup.layers().size()); assertEquals(statesLayer.prefixedName(), securedSingleGroup.layers().get(0).prefixedName()); assertEquals(basesLayer.prefixedName(), securedSingleGroup.layers().get(1).prefixedName()); }
assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); assertNotNull(sc.getLayerByName(landmarksLayer.prefixedName())); assertNotNull(sc.getLayerByName(basesLayer.prefixedName())); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); assertNotNull(sc.getFeatureTypeByName("topp:states")); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); LayerGroupInfo securedSingleGroup = sc.getLayerGroupByName(singleGroupC.prefixedName()); assertNotNull(wsSpecificGroup); assertEquals(1, wsSpecificGroup.getLayers().size()); assertNotNull(sc.getLayerByName(arcGridLayer.prefixedName()));
assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); assertNull(sc.getLayerByName(forestsLayer.prefixedName())); assertNotNull(sc.getFeatureTypeByName("topp:states")); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); securedSingleGroup = sc.getLayerGroupByName(singleGroupC.prefixedName());
/** Same as {@link #testWmsNamedOpaqueGroup()} but with a nested group as the testing target */ @Test public void testWmsNestedInNamedOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup group LayerGroupInfo nested = buildLayerGroup(NESTED_GROUP_NAME, Mode.NAMED, null, statesLayer); LayerGroupInfo opaque = buildLayerGroup(OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, nested, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, nested, roadsLayer); layerGroups = Arrays.asList(nested, named, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); SecurityContextHolder.getContext().setAuthentication(roUser); // direct access to layers and nested group allowed because of the named group assertNotNull(sc.getLayerGroupByName(nested.prefixedName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // we can access the group and the layers through it LayerGroupInfo securedOpaqueGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedOpaqueGroup); assertEquals(2, securedOpaqueGroup.getLayers().size()); assertThat(securedOpaqueGroup.getLayers(), contains(nested, roadsLayer)); // and same for named LayerGroupInfo securedNamedGroup = sc.getLayerGroupByName(named.prefixedName()); assertNotNull(securedNamedGroup); assertEquals(2, securedNamedGroup.getLayers().size()); assertThat(securedNamedGroup.getLayers(), contains(nested, roadsLayer)); }