protected VectorAccessLimits intersection(VectorAccessLimits a, VectorAccessLimits b) { if (a == null) return b; if (b == null) return a; CatalogMode mode = intersection(a.getMode(), b.getMode()); List<PropertyName> readAttributes = intersection(a.getReadAttributes(), b.getReadAttributes()); Filter readFilter = intersection(a.getReadFilter(), b.getReadFilter()); List<PropertyName> writeAttributes = intersection(a.getReadAttributes(), b.getReadAttributes()); Filter writeFilter = intersection(a.getWriteFilter(), b.getWriteFilter()); return new VectorAccessLimits( mode, readAttributes, readFilter, writeAttributes, writeFilter); }
canRead = dl.getReadFilter() != Filter.EXCLUDE; if (dl instanceof VectorAccessLimits) { canWrite = ((VectorAccessLimits) dl).getWriteFilter() != Filter.EXCLUDE; } else { canWrite = false;
private boolean canAccess(AccessMode mode, DataAccessLimits limits) { if (limits == null) { return true; } else if (mode == AccessMode.READ) { return limits.getReadFilter() != Filter.EXCLUDE; } else if (mode == AccessMode.WRITE) { if (limits instanceof VectorAccessLimits) { return ((VectorAccessLimits) limits).getWriteFilter() != Filter.EXCLUDE; } else { return false; } } else { throw new RuntimeException("Unknown access mode " + mode); } }
@Test public void testWmsLimited() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("wmsuser", "wmsuser"); // check layer in the sf workspace with a wfs request Request request = new Request(); request.setService("WFS"); request.setRequest("GetFeature"); Dispatcher.REQUEST.set(request); LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); // now fake a getmap request (using a service and request with a different case than the // geofenceService) request = new Request(); request.setService("wms"); Dispatcher.REQUEST.set(request); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); }
@Test public void testWmsLimited() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("wmsuser", "wmsuser"); // check layer in the sf workspace with a wfs request Request request = new Request(); request.setService("WFS"); request.setRequest("GetFeature"); Dispatcher.REQUEST.set(request); LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); if (generic != null) { VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); // now fake a getmap request (using a service and request with a different case than the // geofenceService) request = new Request(); request.setService("wms"); Dispatcher.REQUEST.set(request); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); } }
@Test public void testAdmin() { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "admin", "geoserver", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_ADMINISTRATOR") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, layer); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, bpolygons); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter());
VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, bpolygons); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter());
@Test public void testAreaLimited() throws Exception { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("area", "area"); // check we have the geometry filter set LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); FilterFactory2 ff = CommonFactoryFinder.getFilterFactory2(null); Geometry limit = new WKTReader().read("MULTIPOLYGON(((48 62, 48 63, 49 63, 49 62, 48 62)))"); Filter filter = ff.intersects(ff.property(""), ff.literal(limit)); assertEquals(filter, vl.getReadFilter()); assertEquals(filter, vl.getWriteFilter()); }
@Test public void testAreaLimited() throws Exception { if (!IS_GEOFENCE_AVAILABLE) { return; } UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken("area", "area"); // check we have the geometry filter set LayerInfo generic = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, generic); FilterFactory2 ff = CommonFactoryFinder.getFilterFactory2(null); Geometry limit = new WKTReader().read("MULTIPOLYGON(((48 62, 48 63, 49 63, 49 62, 48 62)))"); Filter filter = ff.intersects(ff.property(""), ff.literal(limit)); assertEquals(filter, vl.getReadFilter()); assertEquals(filter, vl.getWriteFilter()); }
@Test public void testAdmin() { if (!IS_GEOFENCE_AVAILABLE) { return; } assertTrue(geofenceAdminService.getCountAll() > 0); RuleFilter ruleFilter = new RuleFilter(); ShortRule adminRule = geofenceAdminService.getRule(ruleFilter); UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( "admin", "geoserver", Arrays.asList( new GrantedAuthority[] { new SimpleGrantedAuthority("ROLE_ADMINISTRATOR") })); // check workspace access WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, citeWS); assertTrue(wl.isReadable()); assertTrue(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(user, layer); assertEquals(Filter.INCLUDE, vl.getReadFilter()); assertEquals(Filter.INCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
@Test public void testAnonymousUser() { if (!IS_GEOFENCE_AVAILABLE) { return; } // check workspace access // WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); // WorkspaceAccessLimits wl = manager.getAccessLimits(null, citeWS); // assertFalse(wl.isReadable()); // assertFalse(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(null, layer); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
@Test public void testAnonymousUser() { if (!IS_GEOFENCE_AVAILABLE) { return; } // check workspace access // WorkspaceInfo citeWS = catalog.getWorkspaceByName(MockData.CITE_PREFIX); // WorkspaceAccessLimits wl = manager.getAccessLimits(null, citeWS); // assertFalse(wl.isReadable()); // assertFalse(wl.isWritable()); // check layer access LayerInfo layer = catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)); VectorAccessLimits vl = (VectorAccessLimits) accessManager.getAccessLimits(null, layer); assertEquals(Filter.EXCLUDE, vl.getReadFilter()); assertEquals(Filter.EXCLUDE, vl.getWriteFilter()); assertNull(vl.getReadAttributes()); assertNull(vl.getWriteAttributes()); }
assertEquals(filter, vl.getWriteFilter());
assertEquals(filter, vl.getWriteFilter());