@Override public WorkspaceAccessLimits getAccessLimits(Authentication user, WorkspaceInfo workspace) { if (hideWorkspace(workspace)) { return new WorkspaceAccessLimits(CatalogMode.HIDE, false, false, false); } else { return super.getAccessLimits(user, workspace); } }
@Override public void addUser(GeoServerUser user) throws IOException, PasswordPolicyException { if (filterUser(user) != null) { delegateAsStore().addUser(user); } }
@Override public void addRole(GeoServerRole role) throws IOException { if (filterRole(role) != null) { delegateAsStore().addRole(role); } }
private DataAccessLimits hide(ResourceInfo info) { if (info instanceof FeatureTypeInfo) { return new VectorAccessLimits( CatalogMode.HIDE, null, Filter.EXCLUDE, null, Filter.EXCLUDE); } else if (info instanceof CoverageInfo) { return new CoverageAccessLimits(CatalogMode.HIDE, Filter.EXCLUDE, null, null); } else if (info instanceof WMSLayerInfo) { return new WMSAccessLimits(CatalogMode.HIDE, Filter.EXCLUDE, null, false); } else { // TODO: Log warning about unknown resource type return new DataAccessLimits(CatalogMode.HIDE, Filter.EXCLUDE); } }
protected WorkspaceAccessLimits intersection(WorkspaceAccessLimits a, WorkspaceAccessLimits b) { CatalogMode mode = intersection(a.getMode(), b.getMode()); return new WorkspaceAccessLimits( mode, a.isReadable() && b.isReadable(), a.isWritable() && b.isWritable(), a.isAdminable() && b.isAdminable()); }
@Override public void associateUserToGroup(GeoServerUser user, GeoServerUserGroup group) throws IOException { // TODO: should probably throw exception if trying to add to filtered group if (filterUser(user) != null && filterGroup(group) != null) { delegateAsStore().associateUserToGroup(user, group); } }
/** Accessor for regular (weak encryption) pbe password encoder. */ protected GeoServerPBEPasswordEncoder getPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, false); }
@Override public void disAssociateUserFromGroup(GeoServerUser user, GeoServerUserGroup group) throws IOException { // TODO: should probably throw exception if trying to add to filtered group if (filterUser(user) != null && filterGroup(group) != null) { delegateAsStore().disAssociateUserFromGroup(user, group); } }
@Override public void disAssociateRoleFromGroup(GeoServerRole role, String groupname) throws IOException { if (filterRole(role) != null && !filterGroup(groupname)) { delegateAsStore().disAssociateRoleFromGroup(role, groupname); } }
@Override public boolean removeRole(GeoServerRole role) throws IOException { if (filterRole(role) != null) { return delegateAsStore().removeRole(role); } return false; }
@Override public void setParentRole(GeoServerRole role, GeoServerRole parentRole) throws IOException { if (filterRole(role) != null && filterRole(parentRole) != null) { delegateAsStore().setParentRole(role, parentRole); } }
@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { return filterUser((GeoServerUser) delegate.loadUserByUsername(username)); }
@Override public LayerGroupAccessLimits getAccessLimits(Authentication user, LayerGroupInfo layerGroup) { if (hideLayerGroup(layerGroup)) { return new LayerGroupAccessLimits(CatalogMode.HIDE); } return super.getAccessLimits(user, layerGroup); }
public void postConfigure(GeoServerSecurityManager secMgr) { // TODO, Justin // Not sure if this is correct, if it is, you can add the constant chain // for the root user login for (GeoServerSecurityProvider p : secMgr.lookupSecurityProviders()) { p.configureFilterChain(this); } }
@Override public void updateUser(GeoServerUser user) throws IOException, PasswordPolicyException { checkUserNotInOtherGroup(user); super.updateUser(user); }
private boolean matchesQueryString(RequestUrlParts url) { if (queryStringMatcher != null) { return queryStringMatcher.matches(url.getQueryString()); } return true; }
private boolean hideLayer(LayerInfo layer) { for (CatalogFilter filter : getCatalogFilters()) { if (filter.hideLayer(layer)) { return true; } } return false; }
private boolean hideStyle(StyleInfo style) { for (CatalogFilter filter : getCatalogFilters()) { if (filter.hideStyle(style)) { return true; } } return false; }
/** Accessor for strong encryption pbe password encoder. */ protected GeoServerPBEPasswordEncoder getStrongPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, true); }
@Override public LayerGroupAccessLimits getAccessLimits( Authentication user, LayerGroupInfo layerGroup, List<LayerGroupInfo> containers) { if (hideLayerGroup(layerGroup)) { return new LayerGroupAccessLimits(CatalogMode.HIDE); } else { return super.getAccessLimits(user, layerGroup, containers); } }