@Override public AccessInfo getAccessInfo(RuleFilter filter) { LOGGER.info("Requesting access for " + filter); Map<String, List<Rule>> groupedRules = getRules(filter); AccessInfoInternal currAccessInfo = null; for (Entry<String, List<Rule>> ruleGroup : groupedRules.entrySet()) { String role = ruleGroup.getKey(); List<Rule> rules = ruleGroup.getValue(); AccessInfoInternal accessInfo = resolveRuleset(rules); if(LOGGER.isDebugEnabled()) { LOGGER.debug("Filter " + filter + " on role " + role + " has access " + accessInfo); } currAccessInfo = enlargeAccessInfo(currAccessInfo, accessInfo); } AccessInfo ret; if(currAccessInfo == null) { LOGGER.warn("No access for filter " + filter); // Denying by default ret = new AccessInfo(GrantType.DENY); } else { ret = currAccessInfo.toAccessInfo(); } if(ret.getGrant() == GrantType.ALLOW) { ret.setAdminRights(getAdminAuth(filter)); } LOGGER.info("Returning " + ret + " for " + filter); return ret; }
private void checkStyleAllowed(AccessInfo rule, String styleName) { // otherwise check if the requested style is allowed Set<String> allowedStyles = new HashSet<String>(); if (rule.getDefaultStyle() != null) { allowedStyles.add(rule.getDefaultStyle()); } if (rule.getAllowedStyles() != null) { allowedStyles.addAll(rule.getAllowedStyles()); } if ((allowedStyles.size() > 0) && !allowedStyles.contains(styleName)) { throw new ServiceException( "The '" + styleName + "' style is not available on this layer"); } }
private MultiPolygon buildRasterFilter(AccessInfo rule) { MultiPolygon rasterFilter = null; if (rule.getAreaWkt() != null) { WKTReader reader = new WKTReader(); Geometry area = null; try { area = reader.read(rule.getAreaWkt()); } catch (ParseException e) { throw new RuntimeException("Failed to unmarshal the restricted area wkt", e); } rasterFilter = Converters.convert(area, MultiPolygon.class); if (rasterFilter == null) { throw new RuntimeException( "Error applying security rules, cannot convert " + "the Geofence area restriction " + rule.getAreaWkt() + " to a multi-polygon"); } } return rasterFilter; }
Filter readFilter = (rule.getGrant() == GrantType.ALLOW) ? Filter.INCLUDE : Filter.EXCLUDE; Filter writeFilter = (rule.getGrant() == GrantType.ALLOW) ? Filter.INCLUDE : Filter.EXCLUDE; try { if (rule.getCqlFilterRead() != null) { readFilter = ECQL.toFilter(rule.getCqlFilterRead()); if (rule.getCqlFilterWrite() != null) { writeFilter = ECQL.toFilter(rule.getCqlFilterWrite()); toPropertyNames(rule.getAttributes(), PropertyAccessMode.READ); List<PropertyName> writeAttributes = toPropertyNames(rule.getAttributes(), PropertyAccessMode.WRITE); String areaWkt = rule.getAreaWkt(); if (areaWkt != null) { try { if (rule.getCatalogMode() != null) { switch (rule.getCatalogMode()) { case CHALLENGE: catalogMode = CatalogMode.CHALLENGE;
if (rule.getDefaultStyle() != null) { try { StyleInfo si = catalog.getStyleByName(rule.getDefaultStyle()); if (si == null) { throw new ServiceException( "Could not find default style suggested " + "by GeoRepository: " + rule.getDefaultStyle()); throw new ServiceException( "Unable to load the style suggested by GeoRepository: " + rule.getDefaultStyle(), e);
/** We expect the user not to be null and not to be admin */ private boolean isWorkspaceAdmin(Authentication user, String workspaceName) { LOGGER.log(Level.FINE, "Getting admin auth for Workspace {0}", workspaceName); // get the request infos RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY); ruleFilter.setInstance(configurationManager.getConfiguration().getInstanceName()); ruleFilter.setWorkspace(workspaceName); String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } String sourceAddress = retrieveCallerIpAddress(); if (sourceAddress != null) { ruleFilter.setSourceAddress(sourceAddress); } else { LOGGER.log(Level.WARNING, "No source IP address found"); ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT); } if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "AdminAuth filter: {0}", ruleFilter); } AccessInfo auth = rules.getAdminAuthorization(ruleFilter); LOGGER.log( Level.FINE, "Admin auth for User:{0} Workspace:{1}: {2}", new Object[] {user.getName(), workspaceName, auth.getAdminRights()}); return auth.getAdminRights(); }
Filter readFilter = (rule.getGrant() == GrantType.ALLOW) ? Filter.INCLUDE : Filter.EXCLUDE; Filter writeFilter = (rule.getGrant() == GrantType.ALLOW) ? Filter.INCLUDE : Filter.EXCLUDE; try { if (rule.getCqlFilterRead() != null) { readFilter = ECQL.toFilter(rule.getCqlFilterRead()); if (rule.getCqlFilterWrite() != null) { writeFilter = ECQL.toFilter(rule.getCqlFilterWrite()); toPropertyNames(rule.getAttributes(), PropertyAccessMode.READ); List<PropertyName> writeAttributes = toPropertyNames(rule.getAttributes(), PropertyAccessMode.WRITE); String areaWkt = rule.getAreaWkt(); if (areaWkt != null) { try { if (rule.getCatalogMode() != null) { switch (rule.getCatalogMode()) { case CHALLENGE: catalogMode = CatalogMode.CHALLENGE;
if (rule.getDefaultStyle() != null) { try { StyleInfo si = catalog.getStyleByName(rule.getDefaultStyle()); if (si == null) { throw new ServiceException( "Could not find default style suggested " + "by GeoRepository: " + rule.getDefaultStyle()); throw new ServiceException( "Unable to load the style suggested by GeoRepository: " + rule.getDefaultStyle(), e);
/** We expect the user not to be null and not to be admin */ private boolean isWorkspaceAdmin(Authentication user, String workspaceName) { LOGGER.log(Level.FINE, "Getting admin auth for Workspace {0}", workspaceName); // get the request infos RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY); ruleFilter.setInstance(configurationManager.getConfiguration().getInstanceName()); ruleFilter.setWorkspace(workspaceName); String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } String sourceAddress = retrieveCallerIpAddress(); if (sourceAddress != null) { ruleFilter.setSourceAddress(sourceAddress); } else { LOGGER.log(Level.WARNING, "No source IP address found"); ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT); } if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "AdminAuth filter: {0}", ruleFilter); } AccessInfo auth = rules.getAdminAuthorization(ruleFilter); LOGGER.log( Level.FINE, "Admin auth for User:{0} Workspace:{1}: {2}", new Object[] {user.getName(), workspaceName, auth.getAdminRights()}); return auth.getAdminRights(); }
private void checkStyleAllowed(AccessInfo rule, String styleName) { // otherwise check if the requested style is allowed Set<String> allowedStyles = new HashSet<String>(); if (rule.getDefaultStyle() != null) { allowedStyles.add(rule.getDefaultStyle()); } if (rule.getAllowedStyles() != null) { allowedStyles.addAll(rule.getAllowedStyles()); } if ((allowedStyles.size() > 0) && !allowedStyles.contains(styleName)) { throw new ServiceException( "The '" + styleName + "' style is not available on this layer"); } }
} else if ((rule.getDefaultStyle() != null)) { try { StyleInfo si = catalog.getStyleByName(rule.getDefaultStyle()); if (si == null) { throw new ServiceException( "Could not find default style suggested " + "by Geofence: " + rule.getDefaultStyle()); throw new ServiceException( "Unable to load the style suggested by Geofence: " + rule.getDefaultStyle(), e);
private MultiPolygon buildRasterFilter(AccessInfo rule) { MultiPolygon rasterFilter = null; if (rule.getAreaWkt() != null) { WKTReader reader = new WKTReader(); Geometry area = null; try { area = reader.read(rule.getAreaWkt()); } catch (ParseException e) { throw new RuntimeException("Failed to unmarshal the restricted area wkt", e); } rasterFilter = Converters.convert(area, MultiPolygon.class); if (rasterFilter == null) { throw new RuntimeException( "Error applying security rules, cannot convert " + "the Geofence area restriction " + rule.getAreaWkt() + " to a multi-polygon"); } } return rasterFilter; }
} else if ((rule.getDefaultStyle() != null)) { try { StyleInfo si = catalog.getStyleByName(rule.getDefaultStyle()); if (si == null) { throw new ServiceException( "Could not find default style suggested " + "by Geofence: " + rule.getDefaultStyle()); throw new ServiceException( "Unable to load the style suggested by Geofence: " + rule.getDefaultStyle(), e);