protected void checkExistingRoleName(String roleName) throws IOException { checkRoleName(roleName); if (service.getRoleByName(roleName) == null) throw createSecurityException(NOT_FOUND, roleName); }
public SortedSet<GeoServerRole> getRolesForGroup(String groupname) throws IOException { checkValidGroupName(groupname); return service.getRolesForGroup(groupname); }
public SortedSet<GeoServerRole> getRolesForUser(String username) throws IOException { checkValidUserName(username); return service.getRolesForUser(username); }
protected void checkRoleName(String roleName) throws IOException { if (isNotEmpty(roleName) == false) throw createSecurityException(NAME_REQUIRED); }
protected IModel<String> canRemove(GeoServerRole role) { GeoServerRoleService gaService=null; try { gaService = GeoServerApplication.get().getSecurityManager().loadRoleService(roleServiceName); boolean isActive = GeoServerApplication.get().getSecurityManager(). getActiveRoleService().getName().equals(roleServiceName); RoleServiceValidationWrapper valService = new RoleServiceValidationWrapper(gaService,isActive); valService.checkRoleIsMapped(role); valService.checkRoleIsUsed(role); } catch (IOException e) { if (e.getCause() instanceof AbstractSecurityException) { return new Model(e.getCause().getMessage()); } else { throw new RuntimeException(e); } } return null; }
protected IModel<String> canRemove(GeoServerRole role) { GeoServerRoleService gaService=null; try { gaService = GeoServerApplication.get().getSecurityManager().loadRoleService(roleServiceName); boolean isActive = GeoServerApplication.get().getSecurityManager(). getActiveRoleService().getName().equals(roleServiceName); RoleServiceValidationWrapper valService = new RoleServiceValidationWrapper(gaService,isActive); valService.checkRoleIsUsed(role); } catch (IOException e) { if (e.getCause() instanceof AbstractSecurityException) { return new Model(e.getCause().getMessage()); } else { throw new RuntimeException(e); } } return null; }
/** * Prevents removal of a role used by access rules Only checks if {@link #checkAgainstRules} is * <code>true</code> * * @param role * @throws IOException */ public void checkRoleIsUsed(GeoServerRole role) throws IOException { if (checkAgainstRules == false) return; GeoServerSecurityManager secMgr = getSecurityManager(); List<String> keys = new ArrayList<String>(); for (ServiceAccessRule rule : secMgr.getServiceAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); for (DataAccessRule rule : secMgr.getDataAccessRuleDAO().getRulesAssociatedWithRole(role.getAuthority())) keys.add(rule.getKey()); if (keys.size() > 0) { String ruleString = StringUtils.collectionToCommaDelimitedString(keys); throw createSecurityException(ROLE_IN_USE_$2, role.getAuthority(), ruleString); } }
public SortedSet<String> getGroupNamesForRole(GeoServerRole role) throws IOException { checkExistingRoleName(role.getAuthority()); return service.getGroupNamesForRole(role); }
protected void checkReservedNames(String roleName) throws IOException { for (GeoServerRole systemRole : GeoServerRole.SystemRoles) { if (systemRole.getAuthority().equals(roleName)) throw createSecurityException(RESERVED_NAME, roleName); } }
public GeoServerRole createRoleObject(String role) throws IOException { checkRoleName(role); return service.createRoleObject(role); }
protected IModel<String> canRemove(GeoServerRole role) { GeoServerRoleService gaService = null; try { gaService = GeoServerApplication.get() .getSecurityManager() .loadRoleService(roleServiceName); boolean isActive = GeoServerApplication.get() .getSecurityManager() .getActiveRoleService() .getName() .equals(roleServiceName); RoleServiceValidationWrapper valService = new RoleServiceValidationWrapper(gaService, isActive); valService.checkRoleIsMapped(role); valService.checkRoleIsUsed(role); } catch (IOException e) { if (e.getCause() instanceof AbstractSecurityException) { return new Model(e.getCause().getMessage()); } else { throw new RuntimeException(e); } } return null; } }
/** * Checks if a group name is valid if this validator was constructed with {@link * GeoServerUserGroupService} objects, a cross check is done * * @param groupName * @throws RoleServiceException */ protected void checkValidGroupName(String groupName) throws IOException { if (isNotEmpty(groupName) == false) throw createSecurityException(GROUPNAME_REQUIRED); if (services.length == 0) return; for (GeoServerUserGroupService service : services) { if (service.getGroupByGroupname(groupName) != null) return; } throw createSecurityException(GROUPNAME_NOT_FOUND_$1, groupName); }
public GeoServerRole getParentRole(GeoServerRole role) throws IOException { checkExistingRoleName(role.getAuthority()); return service.getParentRole(role); }
/** * Checks if the roles is mapped to a system role, see * * <p>{@link SecurityRoleServiceConfig#getAdminRoleName()} {@link * SecurityRoleServiceConfig#getGroupAdminRoleName()} * * @param role * @throws IOException */ public void checkRoleIsMapped(GeoServerRole role) throws IOException { GeoServerRole mappedRole = service.getAdminRole(); if (mappedRole != null && mappedRole.equals(role)) throw createSecurityException(ADMIN_ROLE_NOT_REMOVABLE_$1, role.getAuthority()); mappedRole = service.getGroupAdminRole(); if (mappedRole != null && mappedRole.equals(role)) throw createSecurityException(GROUP_ADMIN_ROLE_NOT_REMOVABLE_$1, role.getAuthority()); }
protected void checkNotExistingRoleName(String roleName) throws IOException { checkRoleName(roleName); if (service.getRoleByName(roleName) != null) throw createSecurityException(ALREADY_EXISTS, roleName); }
/** * Checks if a user name is valid if this validator was constructed with {@link * GeoServerUserGroupService} objects, a cross check is done * * @param userName * @throws RoleServiceException */ protected void checkValidUserName(String userName) throws IOException { if (isNotEmpty(userName) == false) throw createSecurityException(USERNAME_REQUIRED); if (services.length == 0) return; for (GeoServerUserGroupService service : services) { if (service.getUserByUsername(userName) != null) return; } throw createSecurityException(USERNAME_NOT_FOUND_$1, userName); }
public SortedSet<String> getUserNamesForRole(GeoServerRole role) throws IOException { checkExistingRoleName(role.getAuthority()); return service.getUserNamesForRole(role); }
protected void checkNotExistingInOtherServices(String roleName) throws IOException { checkRoleName(roleName); for (String serviceName : service.getSecurityManager().listRoleServices()) { // dont check myself if (service.getName().equals(serviceName)) continue; GeoServerRole role = null; try { role = service.getSecurityManager() .loadRoleService(serviceName) .getRoleByName(roleName); } catch (IOException ex) { LOGGER.log(Level.WARNING, ex.getMessage(), ex); throw createSecurityException(CANNOT_CHECK_ROLE_IN_SERVICE, roleName, serviceName); } if (role != null) { throw createSecurityException(ALREADY_EXISTS_IN, roleName, serviceName); } } }