protected void checkReservedNames(String roleName) throws IOException { for (GeoServerRole systemRole : GeoServerRole.SystemRoles) { if (systemRole.getAuthority().equals(roleName)) throw createSecurityException(RESERVED_NAME, roleName); } }
protected void checkRoleName(String roleName) throws IOException { if (isNotEmpty(roleName) == false) throw createSecurityException(NAME_REQUIRED); }
/** * Checks if a group name is valid if this validator was constructed with {@link * GeoServerUserGroupService} objects, a cross check is done * * @param groupName * @throws RoleServiceException */ protected void checkValidGroupName(String groupName) throws IOException { if (isNotEmpty(groupName) == false) throw createSecurityException(GROUPNAME_REQUIRED); if (services.length == 0) return; for (GeoServerUserGroupService service : services) { if (service.getGroupByGroupname(groupName) != null) return; } throw createSecurityException(GROUPNAME_NOT_FOUND_$1, groupName); }
/** * Checks if a user name is valid if this validator was constructed with {@link * GeoServerUserGroupService} objects, a cross check is done * * @param userName * @throws RoleServiceException */ protected void checkValidUserName(String userName) throws IOException { if (isNotEmpty(userName) == false) throw createSecurityException(USERNAME_REQUIRED); if (services.length == 0) return; for (GeoServerUserGroupService service : services) { if (service.getUserByUsername(userName) != null) return; } throw createSecurityException(USERNAME_NOT_FOUND_$1, userName); }
protected void checkNotExistingRoleName(String roleName) throws IOException { checkRoleName(roleName); if (service.getRoleByName(roleName) != null) throw createSecurityException(ALREADY_EXISTS, roleName); }
protected void checkExistingRoleName(String roleName) throws IOException { checkRoleName(roleName); if (service.getRoleByName(roleName) == null) throw createSecurityException(NOT_FOUND, roleName); }
protected void checkNotExistingInOtherServices(String roleName) throws IOException { checkRoleName(roleName); for (String serviceName : service.getSecurityManager().listRoleServices()) { // dont check myself if (service.getName().equals(serviceName)) continue; GeoServerRole role = null; try { role = service.getSecurityManager() .loadRoleService(serviceName) .getRoleByName(roleName); } catch (IOException ex) { LOGGER.log(Level.WARNING, ex.getMessage(), ex); throw createSecurityException(CANNOT_CHECK_ROLE_IN_SERVICE, roleName, serviceName); } if (role != null) { throw createSecurityException(ALREADY_EXISTS_IN, roleName, serviceName); } } }
/** * Checks if the roles is mapped to a system role, see * * <p>{@link SecurityRoleServiceConfig#getAdminRoleName()} {@link * SecurityRoleServiceConfig#getGroupAdminRoleName()} * * @param role * @throws IOException */ public void checkRoleIsMapped(GeoServerRole role) throws IOException { GeoServerRole mappedRole = service.getAdminRole(); if (mappedRole != null && mappedRole.equals(role)) throw createSecurityException(ADMIN_ROLE_NOT_REMOVABLE_$1, role.getAuthority()); mappedRole = service.getGroupAdminRole(); if (mappedRole != null && mappedRole.equals(role)) throw createSecurityException(GROUP_ADMIN_ROLE_NOT_REMOVABLE_$1, role.getAuthority()); }
/** * Prevents removal of a role used by access rules Only checks if {@link #checkAgainstRules} is * <code>true</code> * * @param role * @throws IOException */ public void checkRoleIsUsed(GeoServerRole role) throws IOException { if (checkAgainstRules == false) return; GeoServerSecurityManager secMgr = getSecurityManager(); List<String> keys = new ArrayList<String>(); for (ServiceAccessRule rule : secMgr.getServiceAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); for (DataAccessRule rule : secMgr.getDataAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); if (keys.size() > 0) { String ruleString = StringUtils.collectionToCommaDelimitedString(keys); throw createSecurityException(ROLE_IN_USE_$2, role.getAuthority(), ruleString); } }