@Override public LayerGroupAccessLimits getAccessLimits( Authentication user, LayerGroupInfo layerGroup, List<LayerGroupInfo> containers) { boolean allowAccess = canAccess(user, layerGroup, containers == null || containers.isEmpty()); return allowAccess ? null : new LayerGroupAccessLimits(getMode()); }
DataAccessLimits buildLimits( Class<? extends ResourceInfo> resourceClass, Filter readFilter, Filter writeFilter) { CatalogMode mode = getMode(); // allow the secure catalog to avoid any kind of wrapping if there are no limits if ((readFilter == null || readFilter == Filter.INCLUDE) && (writeFilter == null || writeFilter == Filter.INCLUDE || WMSLayerInfo.class.isAssignableFrom(resourceClass) || WMTSLayerInfo.class.isAssignableFrom(resourceClass) || CoverageInfo.class.isAssignableFrom(resourceClass))) { return null; } // build the appropriate limit class if (FeatureTypeInfo.class.isAssignableFrom(resourceClass)) { return new VectorAccessLimits(mode, null, readFilter, null, writeFilter); } else if (CoverageInfo.class.isAssignableFrom(resourceClass)) { return new CoverageAccessLimits(mode, readFilter, null, null); } else if (WMSLayerInfo.class.isAssignableFrom(resourceClass)) { return new WMSAccessLimits(mode, readFilter, null, true); } else if (WMTSLayerInfo.class.isAssignableFrom(resourceClass)) { return new WMTSAccessLimits(mode, readFilter, null); } else { LOGGER.log( Level.INFO, "Warning, adapting to generic access limits for unrecognized resource type " + resourceClass); return new DataAccessLimits(mode, readFilter); } }
public WorkspaceAccessLimits getAccessLimits(Authentication user, WorkspaceInfo workspace) { boolean readable = canAccess(user, workspace, AccessMode.READ); boolean writable = canAccess(user, workspace, AccessMode.WRITE); boolean adminable = canAccess(user, workspace, AccessMode.ADMIN); CatalogMode mode = getMode(); if (readable && writable) { if (AdminRequest.get() == null) { // not admin request, read+write means full acesss return null; } } return new WorkspaceAccessLimits(mode, readable, writable, adminable); }
@Override public Filter getSecurityFilter(Authentication user, Class<? extends CatalogInfo> clazz) { if (getMode() == CatalogMode.CHALLENGE) {
@Test public void testUnknownMode() throws Exception { DefaultResourceAccessManager wo = buildAccessManager("lockedDownUnknown.properties"); // should fall back on the default and complain in the logger assertEquals(CatalogMode.HIDE, wo.getMode()); }
@Test public void testMixedMode() throws Exception { DefaultResourceAccessManager wo = buildAccessManager("lockedDownMixed.properties"); assertEquals(CatalogMode.MIXED, wo.getMode()); }
@Test public void testDefaultMode() throws Exception { DefaultResourceAccessManager wo = buildAccessManager("lockedDown.properties"); assertEquals(CatalogMode.HIDE, wo.getMode()); }
@Test public void testHideMode() throws Exception { DefaultResourceAccessManager wo = buildAccessManager("lockedDownHide.properties"); assertEquals(CatalogMode.HIDE, wo.getMode()); }
@Test public void testChallengeMode() throws Exception { DefaultResourceAccessManager wo = buildAccessManager("lockedDownChallenge.properties"); assertEquals(CatalogMode.CHALLENGE, wo.getMode()); }