Commit 52715c8c authored by Andrea Aime's avatar Andrea Aime
Browse files

[GEOS-7045] Layer Security - Catalog Mode

parent c369e43e
......@@ -250,6 +250,13 @@ public class DefaultResourceAccessManager implements ResourceAccessManager, Data
@Override
public Filter getSecurityFilter(Authentication user, Class<? extends CatalogInfo> clazz) {
if(getMode() == CatalogMode.CHALLENGE) {
// If we're in CHALLENGE mode, we cannot pre-filter
// for the other types we have no clue, use the in memory filtering
return InMemorySecurityFilter.buildUserAccessFilter(this, user);
}
if (WorkspaceInfo.class.isAssignableFrom(clazz)) {
// base access
boolean rootAccess = canAccess(user, root);
......
......@@ -38,8 +38,7 @@ public class LocalWorkspaceSecureCatalogTest extends AbstractAuthorizationTest {
}
CatalogFilterAccessManager setupAccessManager() throws Exception {
DataAccessManager def = buildLegacyAccessManager("wideOpen.properties");
ResourceAccessManager defAsResourceManager = new DataAccessManagerAdapter(def);
ResourceAccessManager defAsResourceManager = buildAccessManager("wideOpen.properties");
CatalogFilterAccessManager mgr = new CatalogFilterAccessManager();
mgr.setCatalogFilters(Collections.singletonList(new LocalWorkspaceCatalogFilter(catalog)));
mgr.setDelegate(defAsResourceManager);
......
......@@ -248,8 +248,7 @@ public abstract class AbstractAuthorizationTest extends SecureObjectsTest {
protected ResourceAccessManager buildManager(String propertyFile,
ResourceAccessManagerWrapper wrapper) throws Exception {
ResourceAccessManager manager = new DataAccessManagerAdapter(
buildLegacyAccessManager(propertyFile));
ResourceAccessManager manager = buildAccessManager(propertyFile);
if (wrapper != null) {
wrapper.setDelegate(manager);
......@@ -269,7 +268,7 @@ public abstract class AbstractAuthorizationTest extends SecureObjectsTest {
return manager;
}
protected DataAccessManager buildLegacyAccessManager(String propertyFile) throws Exception {
protected DefaultResourceAccessManager buildAccessManager(String propertyFile) throws Exception {
Properties props = new Properties();
props.load(getClass().getResourceAsStream(propertyFile));
return new DefaultResourceAccessManager(new MemoryDataAccessRuleDAO(catalog, props));
......
......@@ -18,13 +18,13 @@ public class DefaultDataAccessManagerAuthTest extends AbstractAuthorizationTest
@Test
public void testWideOpen() throws Exception {
DataAccessManager manager = buildLegacyAccessManager("wideOpen.properties");
DataAccessManager manager = buildAccessManager("wideOpen.properties");
checkUserAccessFlat(manager, anonymous, true, true);
}
@Test
public void testLockedDown() throws Exception {
DataAccessManager manager = buildLegacyAccessManager("lockedDown.properties");
DataAccessManager manager = buildAccessManager("lockedDown.properties");
checkUserAccessFlat(manager, anonymous, false, false);
checkUserAccessFlat(manager, roUser, false, false);
checkUserAccessFlat(manager, rwUser, true, true);
......@@ -33,7 +33,7 @@ public class DefaultDataAccessManagerAuthTest extends AbstractAuthorizationTest
@Test
public void testPublicRead() throws Exception {
DataAccessManager manager = buildLegacyAccessManager("publicRead.properties");
DataAccessManager manager = buildAccessManager("publicRead.properties");
checkUserAccessFlat(manager, anonymous, true, false);
checkUserAccessFlat(manager, roUser, true, false);
checkUserAccessFlat(manager, rwUser, true, true);
......@@ -55,7 +55,7 @@ public class DefaultDataAccessManagerAuthTest extends AbstractAuthorizationTest
@Test
public void testComplex() throws Exception {
DataAccessManager wo = buildLegacyAccessManager("complex.properties");
DataAccessManager wo = buildAccessManager("complex.properties");
// check non configured ws inherits root configuration, auth read, nobody write
assertFalse(wo.canAccess(anonymous, nurcWs, AccessMode.READ));
......@@ -115,31 +115,31 @@ public class DefaultDataAccessManagerAuthTest extends AbstractAuthorizationTest
@Test
public void testDefaultMode() throws Exception {
DataAccessManager wo = buildLegacyAccessManager("lockedDown.properties");
DataAccessManager wo = buildAccessManager("lockedDown.properties");
assertEquals(CatalogMode.HIDE, wo.getMode());
}
@Test
public void testHideMode() throws Exception {
DataAccessManager wo = buildLegacyAccessManager("lockedDownHide.properties");
DataAccessManager wo = buildAccessManager("lockedDownHide.properties");
assertEquals(CatalogMode.HIDE, wo.getMode());
}
@Test
public void testChallengeMode() throws Exception {
DataAccessManager wo = buildLegacyAccessManager("lockedDownChallenge.properties");
DataAccessManager wo = buildAccessManager("lockedDownChallenge.properties");
assertEquals(CatalogMode.CHALLENGE, wo.getMode());
}
@Test
public void testMixedMode() throws Exception {
DataAccessManager wo = buildLegacyAccessManager("lockedDownMixed.properties");
DataAccessManager wo = buildAccessManager("lockedDownMixed.properties");
assertEquals(CatalogMode.MIXED, wo.getMode());
}
@Test
public void testUnknownMode() throws Exception {
DataAccessManager wo = buildLegacyAccessManager("lockedDownUnknown.properties");
DataAccessManager wo = buildAccessManager("lockedDownUnknown.properties");
// should fall back on the default and complain in the logger
assertEquals(CatalogMode.HIDE, wo.getMode());
}
......
......@@ -620,7 +620,7 @@ public class SecureCatalogImplTest extends AbstractAuthorizationTest {
@Test
public void testSecurityFilterWideOpen() throws Exception {
// getting the resourceAccessManager
ResourceAccessManager resourceManager = getResourceAccessManager(buildLegacyAccessManager("wideOpen.properties"));
ResourceAccessManager resourceManager = getResourceAccessManager(buildAccessManager("wideOpen.properties"));
// Workspace test
Class<? extends CatalogInfo> clazz = WorkspaceInfo.class;
......@@ -676,7 +676,7 @@ public class SecureCatalogImplTest extends AbstractAuthorizationTest {
@Test
public void testSecurityFilterLockedDown() throws Exception {
// getting the resourceAccessManager
ResourceAccessManager resourceManager = getResourceAccessManager(buildLegacyAccessManager("lockedDown.properties"));
ResourceAccessManager resourceManager = getResourceAccessManager(buildAccessManager("lockedDown.properties"));
// Workspace test
Class<? extends CatalogInfo> clazz = WorkspaceInfo.class;
......@@ -752,7 +752,7 @@ public class SecureCatalogImplTest extends AbstractAuthorizationTest {
@Test
public void testSecurityFilterWsLock() throws Exception {
// getting the resourceAccessManager
ResourceAccessManager resourceManager = getResourceAccessManager(buildLegacyAccessManager("wsLock.properties"));
ResourceAccessManager resourceManager = getResourceAccessManager(buildAccessManager("wsLock.properties"));
// Workspace test
Class<? extends CatalogInfo> clazz = WorkspaceInfo.class;
......@@ -911,7 +911,7 @@ public class SecureCatalogImplTest extends AbstractAuthorizationTest {
@Test
public void testSecurityFilterLayerLock() throws Exception {
// getting the resourceAccessManager
ResourceAccessManager resourceManager = getResourceAccessManager(buildLegacyAccessManager("layerLock.properties"));
ResourceAccessManager resourceManager = getResourceAccessManager(buildAccessManager("layerLock.properties"));
// Workspace test
Class<? extends CatalogInfo> clazz = WorkspaceInfo.class;
......@@ -1023,7 +1023,7 @@ public class SecureCatalogImplTest extends AbstractAuthorizationTest {
@Test
public void testSecurityFilterComplex() throws Exception {
// getting the resourceAccessManager
ResourceAccessManager resourceManager = getResourceAccessManager(buildLegacyAccessManager("complex.properties"));
ResourceAccessManager resourceManager = getResourceAccessManager(buildAccessManager("complex.properties"));
// Workspace test
Class<? extends CatalogInfo> clazz = WorkspaceInfo.class;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment