Commit 373b7d55 authored by Andrea Aime's avatar Andrea Aime

[GEOS-8450] DescribeCoverage should not fail on secured datasets with catalog in challenge mode

parent 6028a3cc
......@@ -245,7 +245,7 @@ public class DescribeOECoverageSetTest extends WCSEOTestSupport {
Document dom =
getAsDOM(
"wcs?request=DescribeEOCoverageSet&version=2.0.1&service=WCS&eoid=sf__spatio-temporal_dss");
// print(dom);
print(dom);
// this one has 16 granules
assertEquals(
......
......@@ -56,7 +56,9 @@ public class SecuredCoverageInfo extends DecoratingCoverageInfo {
throws IOException {
Request request = Dispatcher.REQUEST.get();
if (policy.level == AccessLevel.METADATA
&& (request == null || !"GetCapabilities".equalsIgnoreCase(request.getRequest()))) {
&& (request == null
|| (!"GetCapabilities".equalsIgnoreCase(request.getRequest()))
&& !"DescribeCoverage".equalsIgnoreCase(request.getRequest()))) {
throw SecureCatalogImpl.unauthorizedAccess(this.getName());
}
GridCoverageReader reader = super.getGridCoverageReader(listener, hints);
......
......@@ -30,7 +30,6 @@ import org.geoserver.wcs2_0.util.EnvelopeAxesLabelsMapper;
import org.geotools.coverage.GridSampleDimension;
import org.geotools.coverage.TypeMap;
import org.geotools.coverage.grid.GridCoverage2D;
import org.geotools.coverage.grid.GridEnvelope2D;
import org.geotools.coverage.grid.GridGeometry2D;
import org.geotools.coverage.grid.io.GridCoverage2DReader;
import org.geotools.coverage.util.CoverageUtilities;
......@@ -217,7 +216,7 @@ class GMLTransformer extends TransformerBase {
handleRangeType(gc2d);
// handle coverage function
final GridEnvelope2D ge2D = gc2d.getGridGeometry().getGridRange2D();
final GridEnvelope ge2D = gc2d.getGridGeometry().getGridRange();
handleCoverageFunction(ge2D, axisSwap);
// handle range
......@@ -248,7 +247,7 @@ class GMLTransformer extends TransformerBase {
* @param gc2d
* @param axisSwap
*/
public void handleCoverageFunction(GridEnvelope2D gridRange, boolean axisSwap) {
public void handleCoverageFunction(GridEnvelope gridRange, boolean axisSwap) {
start("gml:coverageFunction");
start("gml:GridFunction");
......@@ -258,9 +257,10 @@ class GMLTransformer extends TransformerBase {
element("gml:sequenceRule", "Linear", gridAttrs); // minOccurs 0, default Linear
element(
"gml:startPoint",
gridRange.x
gridRange.getLow(0)
+ " "
+ gridRange.y); // we start at minx, miny (this is optional though)
+ gridRange.getLow(
1)); // we start at minx, miny (this is optional though)
end("gml:GridFunction");
end("gml:coverageFunction");
......
......@@ -11,11 +11,13 @@ import static org.geoserver.ows.util.ResponseUtils.buildSchemaURL;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import net.opengis.wcs20.DescribeCoverageType;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.CoverageDimensionInfo;
import org.geoserver.catalog.CoverageInfo;
import org.geoserver.catalog.DimensionInfo;
import org.geoserver.catalog.KeywordInfo;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.MetadataLinkInfo;
......@@ -197,16 +199,21 @@ public class WCS20DescribeCoverageTransformer extends GMLTransformer {
public void handleCoverageDescription(String encodedId, CoverageInfo ci) {
try {
// see if we have to handle time, elevation and additional dimensions
WCSDimensionsHelper dimensionsHelper =
WCSDimensionsHelper.getWCSDimensionsHelper(
encodedId, ci, RequestUtils.getCoverageReader(ci));
GridCoverage2DReader reader =
(GridCoverage2DReader) ci.getGridCoverageReader(null, null);
if (reader == null) {
throw new WCS20Exception("Unable to read sample coverage for " + ci.getName());
}
// see if we have to handle time, elevation and additional dimensions
Map<String, DimensionInfo> dimensionsMap =
WCSDimensionsHelper.getDimensionsFromMetadata(ci.getMetadata());
WCSDimensionsHelper dimensionsHelper = null;
if (dimensionsMap != null && !dimensionsMap.isEmpty()) {
dimensionsHelper =
WCSDimensionsHelper.getWCSDimensionsHelper(encodedId, ci, reader);
}
// get the crs and look for an EPSG code
final CoordinateReferenceSystem crs = reader.getCoordinateReferenceSystem();
List<String> axesNames =
......
/*
* GeoTools - The Open Source Java GIS Toolkit
* http://geotools.org
*
* (C) 2019, Open Source Geospatial Foundation (OSGeo)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation;
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
*/
package org.geoserver.wcs2_0;
import static org.custommonkey.xmlunit.XMLAssert.assertXpathEvaluatesTo;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import javax.xml.namespace.QName;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.CoverageInfo;
import org.geoserver.catalog.DimensionPresentation;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.data.test.MockData;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.CatalogMode;
import org.geoserver.security.CoverageAccessLimits;
import org.geoserver.security.TestResourceAccessManager;
import org.junit.Test;
import org.opengis.filter.Filter;
import org.w3c.dom.Document;
public class ResourceAccessManagerWCSTest extends WCSTestSupport {
protected static QName WATTEMP = new QName(MockData.SF_URI, "watertemp", MockData.SF_PREFIX);
protected static final String UNITS = "foot";
protected static final String UNIT_SYMBOL = "ft";
protected void setUpSpring(List<String> springContextLocations) {
super.setUpSpring(springContextLocations);
springContextLocations.add(
"classpath:/org/geoserver/wcs2_0/ResourceAccessManagerContext.xml");
}
/** Enable the Spring Security auth filters */
@Override
protected List<javax.servlet.Filter> getFilters() {
return Collections.singletonList(
(javax.servlet.Filter) GeoServerExtensions.bean("filterChainProxy"));
}
/** Add the users */
@Override
protected void setUpTestData(SystemTestData testData) throws Exception {
super.setUpTestData(testData);
File security = new File(testData.getDataDirectoryRoot(), "security");
security.mkdir();
File users = new File(security, "users.properties");
Properties props = new Properties();
props.put("admin", "geoserver,ROLE_ADMINISTRATOR");
props.put("cite", "cite,ROLE_DUMMY");
props.store(new FileOutputStream(users), "");
}
@Override
protected void onSetUp(SystemTestData testData) throws Exception {
super.onSetUp(testData);
// these users follow a full auth
addUser("cite", "cite", null, Collections.singletonList("ROLE_DUMMY"));
// a raster with dimensions
Catalog catalog = getCatalog();
testData.addRasterLayer(
WATTEMP, "watertemp.zip", null, null, SystemTestData.class, catalog);
setupRasterDimension(
WATTEMP,
ResourceInfo.ELEVATION,
DimensionPresentation.LIST,
null,
UNITS,
UNIT_SYMBOL);
setupRasterDimension(
WATTEMP, ResourceInfo.TIME, DimensionPresentation.LIST, null, null, null);
// populate the access manager
TestResourceAccessManager tam =
(TestResourceAccessManager) applicationContext.getBean("testResourceAccessManager");
CoverageInfo waterTemp = catalog.getCoverageByName(getLayerId(WATTEMP));
tam.putLimits(
"cite",
waterTemp,
new CoverageAccessLimits(CatalogMode.CHALLENGE, Filter.EXCLUDE, null, null));
}
/**
* DescribeCoverage requires a special exemption to run as it needs to access actual data to
* fill in the time and elevation
*
* @throws Exception
*/
@Test
public void testDescribeWithTimeElevation() throws Exception {
setRequestAuth("cite", "cite");
Document dom =
getAsDOM(
"wcs?request=DescribeCoverage&service=WCS&version=2.0.0&coverageId=sf__watertemp");
print(dom);
// print(dom);
checkValidationErrors(dom, getWcs20Schema());
// check that metadata contains a list of times
assertXpathEvaluatesTo(
"2",
"count(//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant)",
dom);
assertXpathEvaluatesTo(
"sf__watertemp_td_0",
"//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[1]/@gml:id",
dom);
assertXpathEvaluatesTo(
"2008-10-31T00:00:00.000Z",
"//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[1]/gml:timePosition",
dom);
assertXpathEvaluatesTo(
"sf__watertemp_td_1",
"//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[2]/@gml:id",
dom);
assertXpathEvaluatesTo(
"2008-11-01T00:00:00.000Z",
"//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[2]/gml:timePosition",
dom);
// and a list of elevations
assertXpathEvaluatesTo(
"2",
"count(//gmlcov:metadata/gmlcov:Extension/wcsgs:ElevationDomain/wcsgs:SingleValue)",
dom);
assertXpathEvaluatesTo(
"0.0", "//gmlcov:metadata/gmlcov:Extension/wcsgs:ElevationDomain/@default", dom);
assertXpathEvaluatesTo(
"ft", "//gmlcov:metadata/gmlcov:Extension/wcsgs:ElevationDomain/@uom", dom);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ GeoTools - The Open Source Java GIS Toolkit
~ http://geotools.org
~
~ (C) 2019, Open Source Geospatial Foundation (OSGeo)
~
~ This library is free software; you can redistribute it and/or
~ modify it under the terms of the GNU Lesser General Public
~ License as published by the Free Software Foundation;
~ version 2.1 of the License.
~
~ This library is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
~ Lesser General Public License for more details.
~
-->
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="testResourceAccessManager" class="org.geoserver.security.TestResourceAccessManager"/>
</beans>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment