public LayerGroupInfo getLayerGroupByName(WorkspaceInfo workspace, String name) { return catalog.getLayerGroupByName(workspace, name); }
public LayerGroupInfo getLayerGroupByName(String name) { return catalog.getLayerGroupByName(name); }
public LayerGroupInfo getLayerGroupByName(String workspaceName, String name) { return catalog.getLayerGroupByName(workspaceName, name); }
@Test public void testWmsNamedTreeAMilitaryOnlyGroupContents() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("lockDownStates.properties"); // try with read only user SecurityContextHolder.getContext().setAuthentication(roUser); final LayerGroupInfo group = sc.getLayerGroupByName(namedTreeA.getName()); assertNotNull(group); // the group should not contain states any more final List<LayerInfo> layers = group.layers(); assertEquals(2, layers.size()); final List<StyleInfo> styles = group.styles(); assertEquals(2, styles.size()); // check the layers and styles are not mis-aligned assertEquals("roads", layers.get(0).getName()); assertEquals("topp-roads-style", styles.get(0).getName()); assertEquals("cities", layers.get(1).getName()); assertEquals("nurc-cities-style", styles.get(1).getName()); }
@Test public void testLockedLayerInGroupMustNotHideGroup() throws Exception { buildManager("lockedLayerInLayerGroup.properties"); SecurityContextHolder.getContext().setAuthentication(rwUser); assertSame(states, sc.getFeatureTypeByName("topp:states")); assertSame(roads, sc.getFeatureTypeByName("topp:roads")); LayerGroupInfo layerGroup = sc.getLayerGroupByName("topp", "layerGroupWithSomeLockedLayer"); assertEquals(2, layerGroup.getLayers().size()); // try with read-only user, not empty LayerGroup should be returned SecurityContextHolder.getContext().setAuthentication(roUser); assertNull(sc.getFeatureTypeByName("topp:states")); assertSame(roads, sc.getFeatureTypeByName("topp:roads")); layerGroup = sc.getLayerGroupByName("topp", "layerGroupWithSomeLockedLayer"); assertNotNull(layerGroup); assertTrue(layerGroup instanceof SecuredLayerGroupInfo); assertEquals(1, layerGroup.getLayers().size()); // try with anonymous user, empty LayerGroup should be returned SecurityContextHolder.getContext().setAuthentication(anonymous); assertNull(sc.getFeatureTypeByName("topp:states")); assertNull(sc.getFeatureTypeByName("topp:roads")); layerGroup = sc.getLayerGroupByName("topp", "layerGroupWithSomeLockedLayer"); assertNotNull(layerGroup); assertTrue(layerGroup instanceof SecuredLayerGroupInfo); assertEquals(0, layerGroup.getLayers().size()); }
/** * Same as {@link #testWmsStandaloneOpaqueGroup()} but with a nested group as the testing target */ @Test public void testWmsNestedInStandaloneOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup group LayerGroupInfo nested = buildLayerGroup(NESTED_GROUP_NAME, Mode.NAMED, null, statesLayer); LayerGroupInfo opaque = buildLayerGroup(OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, nested, roadsLayer); layerGroups = Arrays.asList(nested, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); SecurityContextHolder.getContext().setAuthentication(roUser); // direct access to nested group not allowed, nor to its layers assertNull(sc.getLayerGroupByName(NESTED_GROUP_NAME)); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however we can access the group as part of the opaque one LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); assertThat(securedGroup.getLayers(), contains(nested, roadsLayer)); assertThat(securedGroup.layers(), contains(statesLayer, roadsLayer)); }
@Test public void testWmsSingleAndOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo single = buildLayerGroup(SINGLE_GROUP_NAME, Mode.SINGLE, null, statesLayer, roadsLayer); layerGroups = Arrays.asList(single, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); SecurityContextHolder.getContext().setAuthentication(roUser); // direct access to layers not allowed because the only container is in opaque mode assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // we can access the group and the layers through it LayerGroupInfo opaqueSecuredGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(opaqueSecuredGroup); assertEquals(2, opaqueSecuredGroup.getLayers().size()); LayerGroupInfo securedSingleGroup = sc.getLayerGroupByName(single.prefixedName()); assertNotNull(securedSingleGroup); assertEquals(2, securedSingleGroup.getLayers().size()); }
@Test public void testWMSLayerGroupAllowLayerOverride() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeAllowLayerOverride.properties"); // try with read only user, only layer group A and its contents should be visible, but // not topp:states SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is not available either assertNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); }
@Test public void testWMSLayerGroupAllowsAccess() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeAllow.properties"); // try with read only user, only layer group A and its contents should be visible SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is not available either assertNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); }
@Test public void testWMSLayerGroupAllowWorkspaceOverride() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeAllowWorkspaceOverride.properties"); // try with read only user, only layer group A and its contents should be visible SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is not available either assertNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNull(sc.getLayerByName(arcGridLayer.prefixedName())); }
@Test public void testNestedOpaqueDenyNestedGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, forestsLayer, opaque); layerGroups = Arrays.asList(named, opaque); populateCatalog(); // setup security, disallow nested group buildManager(new String[] {OPAQUE_GROUP_NAME + ".r=MILITARY"}); // try the ro user SecurityContextHolder.getContext().setAuthentication(roUser); // direct access forests allowed but not states and roads assertNotNull(sc.getLayerByName(forestsLayer.prefixedName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // and via group access we cannot reach the nested one either LayerGroupInfo securedNamedGroup = sc.getLayerGroupByName(NAMED_GROUP_NAME); assertEquals(1, securedNamedGroup.layers().size()); assertEquals(forestsLayer.getName(), securedNamedGroup.getLayers().get(0).getName()); // nested nor accessible directly either assertNull(sc.getLayerGroupByName(OPAQUE_GROUP_NAME)); }
@Test public void testNestedOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, forestsLayer, opaque); layerGroups = Arrays.asList(named, opaque); populateCatalog(); // setup security buildManager(DEFAULT_RULES); // direct access forests allowed but not states and roads assertNotNull(sc.getLayerByName(forestsLayer.prefixedName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however via group access we can see all layers LayerGroupInfo securedNamedGroup = sc.getLayerGroupByName(NAMED_GROUP_NAME); assertEquals(3, securedNamedGroup.layers().size()); LayerGroupInfo securedOpaqueGroup = sc.getLayerGroupByName(OPAQUE_GROUP_NAME); assertEquals(2, securedOpaqueGroup.layers().size()); }
@Test public void testWmsSingleGroupCMilitaryOnly() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("singleGroupCMilitaryOnly.properties"); // try with read only user, layer group A and its contents should be fine SecurityContextHolder.getContext().setAuthentication(roUser); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B and landmarks should also be accessible assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNotNull(sc.getLayerByName(landmarksLayer.prefixedName())); // check the single group is not available, but its extra layer is assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNotNull(sc.getLayerByName(basesLayer.prefixedName())); // check the mil user sees everything instead SecurityContextHolder.getContext().setAuthentication(milUser); assertNotNull(sc.getFeatureTypeByName("topp:states")); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); LayerGroupInfo securedSingleGroup = sc.getLayerGroupByName(singleGroupC.prefixedName()); assertNotNull(securedSingleGroup); assertEquals(2, securedSingleGroup.layers().size()); assertEquals(statesLayer.prefixedName(), securedSingleGroup.layers().get(0).prefixedName()); assertEquals(basesLayer.prefixedName(), securedSingleGroup.layers().get(1).prefixedName()); }
assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); assertNull(sc.getLayerGroupByName(nestedContainerE.prefixedName())); assertNull(sc.getLayerByName(forestsLayer.prefixedName())); LayerGroupInfo securedSingleGroup = sc.getLayerGroupByName(singleGroupC.prefixedName()); assertNotNull(securedSingleGroup); assertEquals(2, securedSingleGroup.layers().size()); assertNotNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); assertNotNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); securedSingleGroup = sc.getLayerGroupByName(singleGroupC.prefixedName()); assertNotNull(securedSingleGroup); assertEquals(2, securedSingleGroup.layers().size());
@Test public void testWMSLayerGroupDenyWSAllow() throws Exception { // prepare the stage setupRequestThreadLocal("WMS"); buildManager("namedTreeDenyWSAllow.properties"); // try with read only user, the layer group A is not allowed SecurityContextHolder.getContext().setAuthentication(roUser); assertNull(sc.getLayerGroupByName(namedTreeA.getName())); assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however cities are allowed explicitly because they are in the nurc ws assertNotNull(sc.getLayerByName(citiesLayer.prefixedName())); // layer group B should not be accessible assertNull(sc.getLayerGroupByName(containerTreeB.prefixedName())); assertNull(sc.getLayerByName(landmarksLayer.prefixedName())); // the single group not available either assertNull(sc.getLayerGroupByName(singleGroupC.prefixedName())); assertNull(sc.getLayerByName(basesLayer.prefixedName())); // the ws specific group is made available by the workspace rule assertNotNull(sc.getLayerGroupByName("nurc", "wsContainerD")); assertNotNull(sc.getLayerByName(arcGridLayer.prefixedName())); } }
@Test public void testWmsNamedOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); LayerGroupInfo opaque = prepareNamedAndOpaqueGroup(); // direct access to layers allowed because of the named group assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWmsMilitaryNamedAndPublicOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); // setup groups LayerGroupInfo opaque = buildLayerGroup( OPAQUE_GROUP_NAME, Mode.OPAQUE_CONTAINER, null, statesLayer, roadsLayer); LayerGroupInfo named = buildLayerGroup(NAMED_GROUP_NAME, Mode.NAMED, null, statesLayer, roadsLayer); layerGroups = Arrays.asList(named, opaque); populateCatalog(); // setup security buildManager(new String[] {"named.r=MILITARY"}); // try the ro user SecurityContextHolder.getContext().setAuthentication(roUser); // ... direct access to layers not allowed because the named group is not visible assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // ... but we can access the opaque group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(OPAQUE_GROUP_NAME); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); // now try with the military one SecurityContextHolder.getContext().setAuthentication(milUser); // ... direct access to layers allowed because the named group is visible to the mil user assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); }
@Test public void testWmsStandaloneOpaqueGroup() throws Exception { setupRequestThreadLocal("WMS"); LayerGroupInfo opaque = prepareStandaloneOpaqueGroup(); // direct access to layers not allowed assertNull(sc.getLayerByName(statesLayer.prefixedName())); assertNull(sc.getLayerByName(roadsLayer.prefixedName())); // however we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWfsNamedOpaqueGroup() throws Exception { setupRequestThreadLocal("WFS"); LayerGroupInfo opaque = prepareNamedAndOpaqueGroup(); // direct access to layers allowed assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // and we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }
@Test public void testWfsStandaloneOpaqueGroup() throws Exception { setupRequestThreadLocal("WFS"); LayerGroupInfo opaque = prepareStandaloneOpaqueGroup(); // direct access to layers is allowed in this case assertNotNull(sc.getLayerByName(statesLayer.prefixedName())); assertNotNull(sc.getLayerByName(roadsLayer.prefixedName())); // and we can access the group and the layers through it LayerGroupInfo securedGroup = sc.getLayerGroupByName(opaque.prefixedName()); assertNotNull(securedGroup); assertEquals(2, securedGroup.getLayers().size()); }