Examples of org.geoserver.security.SecureCatalogImpl

• org.geoserver.security.SecureCatalogImpl
  @author Andrea Aime - TOPP TODO: - docs - uniform argument order in helpermethods - create wrappers around the returned values so that they can be used only within the limits of the current user power - move the layer group checks into this class out of DataAccessManager? - does administration goes thru this catalog, or directly accesses the insecured one? Option one, admin directly accesses. Option two, admin users get a special role that make them uber-powerful (root like) and everything goes thru the secured catalog

    }

    @Test
    public void testPublicRead() throws Exception {

        SecureCatalogImpl sc = buildTestObject("publicRead.properties", catalog);

        // try with read only user
        SecurityContextHolder.getContext().setAuthentication(roUser);
        assertSame(arcGrid, sc.getCoverageByName("nurc:arcgrid"));
        assertSame(arcGrid, sc.getResourceByName("nurc:arcgrid", CoverageInfo.class));
        assertEquals(toppWs, sc.getWorkspaceByName("topp"));
        assertSame(arcGridStore, sc.getCoverageStoreByName("arcGrid"));
        // .. the following should have been wrapped
        assertNotNull(sc.getFeatureTypeByName("topp:states"));
        assertTrue(sc.getFeatureTypeByName("topp:states") instanceof SecuredFeatureTypeInfo);
        assertTrue(sc.getResourceByName("topp:states", FeatureTypeInfo.class) instanceof SecuredFeatureTypeInfo);

        assertThatBoth(sc.getFeatureTypes(),
              sc.list(FeatureTypeInfo.class, Predicates.acceptAll()),
              allOf((Matcher)hasSize(featureTypes.size()),
                (Matcher)everyItem(Matchers.<FeatureTypeInfo>instanceOf(SecuredFeatureTypeInfo.class))));
        assertThatBoth(sc.getCoverages(),
              sc.list(CoverageInfo.class, Predicates.acceptAll()),
              equalTo(coverages));
        assertThatBoth(sc.getWorkspaces(),
              sc.list(WorkspaceInfo.class, Predicates.acceptAll()),
              equalTo(workspaces));

        assertNotNull(sc.getLayerByName("topp:states"));
        assertTrue(sc.getLayerByName("topp:states") instanceof SecuredLayerInfo);
        assertTrue(sc.getDataStoreByName("states") instanceof SecuredDataStoreInfo);
        assertTrue(sc.getDataStoreByName("roads") instanceof SecuredDataStoreInfo);

        // try with write enabled user (nothing has been wrapped)
        SecurityContextHolder.getContext().setAuthentication(rwUser);
        assertSame(states, sc.getFeatureTypeByName("topp:states"));
        assertSame(arcGrid, sc.getCoverageByName("nurc:arcgrid"));
        assertSame(states, sc.getResourceByName("topp:states", FeatureTypeInfo.class));
        assertSame(arcGrid, sc.getResourceByName("nurc:arcgrid", CoverageInfo.class));
        assertEquals(featureTypes, sc.getFeatureTypes());
        assertEquals(coverages, sc.getCoverages());
        assertEquals(workspaces, sc.getWorkspaces());
        assertEquals(toppWs, sc.getWorkspaceByName("topp"));
        assertSame(statesStore, sc.getDataStoreByName("states"));
        assertSame(roadsStore, sc.getDataStoreByName("roads"));
        assertSame(arcGridStore, sc.getCoverageStoreByName("arcGrid"));
    }

                return new CloseableIteratorAdapter<T>((Iterator<T>) layers.iterator());
            }
        };

        // and the secure catalog with the filter
        SecureCatalogImpl sc = this.buildTestObject("publicRead.properties", withLayers, filter);

        // base behavior sanity
        assertTrue(layers.size() > 1);
        assertTrue(sc.getLayers().size() > 1);

        // setup a catalog filter that will hide the layer
        // an example of this happening is when the LocalWorkspaceCatalogFilter
        // detects 'LocalLayer.get' contains the local layer
        // the result is it gets filtered out
        filter.setCatalogFilters(Collections.singletonList(new AbstractCatalogFilter() {

            @Override
            public boolean hideLayer(LayerInfo layer) {
                return layer != statesLayer;
            }

        }));

        assertEquals(1, sc.getLayers().size());
        assertEquals(statesLayer.getName(), sc.getLayers().get(0).getName());
    }

    }

    @Test
    public void testComplex() throws Exception {

        SecureCatalogImpl sc = buildTestObject("complex.properties", catalog);

        // try with anonymous user
        SecurityContextHolder.getContext().setAuthentication(anonymous);
        // ... roads follows generic ns rule, read only, nobody can write it
        assertTrue(sc.getFeatureTypeByName("topp:roads") instanceof SecuredFeatureTypeInfo);
        assertTrue(sc.getDataStoreByName("roads") instanceof SecuredDataStoreInfo);
        // ... states requires READER role
        assertNull(sc.getFeatureTypeByName("topp:states"));
        // ... but the datastore is visible since the namespace rules do apply instead
        assertTrue(sc.getDataStoreByName("states") instanceof SecuredDataStoreInfo);
        // ... landmarks requires WRITER role to be written
        assertTrue(sc.getFeatureTypeByName("topp:landmarks") instanceof SecuredFeatureTypeInfo);
        // ... bases requires one to be in the military
        assertNull(sc.getFeatureTypeByName("topp:bases"));

        // ok, let's try the same with read only user
        SecurityContextHolder.getContext().setAuthentication(roUser);
        assertTrue(sc.getFeatureTypeByName("topp:roads") instanceof SecuredFeatureTypeInfo);
        assertTrue(sc.getDataStoreByName("roads") instanceof SecuredDataStoreInfo);
        assertTrue(sc.getFeatureTypeByName("topp:states") instanceof SecuredFeatureTypeInfo);
        assertTrue(sc.getDataStoreByName("states") instanceof SecuredDataStoreInfo);
        assertTrue(sc.getFeatureTypeByName("topp:landmarks") instanceof SecuredFeatureTypeInfo);
        assertNull(sc.getFeatureTypeByName("topp:bases"));

        // now with the write enabled user
        SecurityContextHolder.getContext().setAuthentication(rwUser);
        assertTrue(sc.getFeatureTypeByName("topp:roads") instanceof SecuredFeatureTypeInfo);
        assertTrue(sc.getDataStoreByName("roads") instanceof SecuredDataStoreInfo);
        assertSame(states, sc.getFeatureTypeByName("topp:states"));
        assertTrue(sc.getDataStoreByName("states") instanceof SecuredDataStoreInfo);
        assertSame(landmarks, sc.getFeatureTypeByName("topp:landmarks"));
        assertNull(sc.getFeatureTypeByName("topp:bases"));

        // finally let's try the military type
        SecurityContextHolder.getContext().setAuthentication(milUser);
        assertTrue(sc.getFeatureTypeByName("topp:roads") instanceof SecuredFeatureTypeInfo);
        assertTrue(sc.getDataStoreByName("roads") instanceof SecuredDataStoreInfo);
        assertNull(sc.getFeatureTypeByName("topp:states"));
        assertTrue(sc.getDataStoreByName("states") instanceof SecuredDataStoreInfo);
        assertTrue(sc.getFeatureTypeByName("topp:landmarks") instanceof SecuredFeatureTypeInfo);
        // ... bases requires one to be in the military
        assertSame(bases, sc.getFeatureTypeByName("topp:bases"));
    }

        });

        replay(catalog, manager, mockFilter);

        @SuppressWarnings("serial")
        SecureCatalogImpl sc = new SecureCatalogImpl(catalog, manager) {
            // Calls static method we can't mock
            @Override
            protected boolean isAdmin(Authentication authentication) {
                return false;
            }

            // Not relevant to the test ad complicates things due to static calls
            @Override
            protected <T extends CatalogInfo> T checkAccess(
                    Authentication user, T info) {
                return info;
            }
        };

        // use no user at all
        SecurityContextHolder.getContext().setAuthentication(anonymous);

        List<FeatureTypeInfo> ftResult = collectAndClose(sc.list(FeatureTypeInfo.class, Predicates.acceptAll()));
        WorkspaceInfo foo = ftResult.get(0).getStore().getWorkspace();
        assertThat(
                ftResult,
                contains(
                        matchFT("foo", mockWSInfo),

        return new DataAccessManagerAdapter(buildLegacyAccessManager(propertyFile)) {

            @Override
            protected SecureCatalogImpl getSecurityWrapper() {
                try {
                    SecureCatalogImpl sc = securityWrapper.answer();
                    return sc;
                } catch(RuntimeException e) {
                    throw e;
                } catch(Error e) {
                    throw e;

    @SuppressWarnings("serial")
    SecureCatalogImpl buildTestObject(String propertyFile, Catalog catalog, ResourceAccessManagerWrapper wrapper) throws Exception{
        // hack to override the getSecurityWrapper method on the access manager to return the
        // securecatalog that itself requires the resourcemanager before being created.
        // Outside of testing, this is handled using GeoServerExtensions.bean
        SecureCatalogImpl sc;
        final SecureCatalogImpl[] scHolder =  new SecureCatalogImpl[1];
        ResourceAccessManager manager = buildManager(propertyFile, new IAnswer<SecureCatalogImpl>(){

            @Override
            public SecureCatalogImpl answer() throws Throwable {
                return scHolder[0];
            }

        });

        if(wrapper!=null) {
            wrapper.setDelegate(manager);
            manager=wrapper;
        }

        sc = new SecureCatalogImpl(catalog, manager) {

            @Override
            protected boolean isAdmin(Authentication authentication) {
                return false;
            }

        return sc;
    }

    @Test
    public void testWideOpen() throws Exception {
        SecureCatalogImpl sc = buildTestObject("wideOpen.properties", catalog);

        // use no user at all
        SecurityContextHolder.getContext().setAuthentication(anonymous);
        assertSame(states, sc.getFeatureTypeByName("topp:states"));
        assertSame(arcGrid, sc.getCoverageByName("nurc:arcgrid"));
        assertSame(states, sc.getResourceByName("topp:states", FeatureTypeInfo.class));
        assertSame(arcGrid, sc.getResourceByName("nurc:arcgrid", CoverageInfo.class));
        assertEquals(toppWs, sc.getWorkspaceByName("topp"));
        assertSame(statesStore, sc.getDataStoreByName("states"));
        assertSame(roadsStore, sc.getDataStoreByName("roads"));
        assertSame(arcGridStore, sc.getCoverageStoreByName("arcGrid"));

        assertThatBoth(
                sc.getFeatureTypes(),
                sc.list(FeatureTypeInfo.class, Predicates.acceptAll()),
                equalTo(featureTypes));
        assertThatBoth(
                sc.getCoverages(),
                sc.list(CoverageInfo.class, Predicates.acceptAll()),
                equalTo(coverages));
        assertThatBoth(
                sc.getWorkspaces(),
                sc.list(WorkspaceInfo.class, Predicates.acceptAll()),
                equalTo(workspaces));
    }

    }

    @Test
    public void testLockedLayerInGroupMustNotHideGroup() throws Exception {

        SecureCatalogImpl sc = buildTestObject("lockedLayerInLayerGroup.properties", catalog);


        SecurityContextHolder.getContext().setAuthentication(rwUser);
        assertSame(states, sc.getFeatureTypeByName("topp:states"));
        assertSame(roads, sc.getFeatureTypeByName("topp:roads"));
        LayerGroupInfo layerGroup = sc.getLayerGroupByName("topp", "layerGroupWithSomeLockedLayer");
        assertSame(layerGroupWithSomeLockedLayer, layerGroup);
        assertEquals(2, layerGroup.getLayers().size());

        // try with read-only user, not empty LayerGroup should be returned
        SecurityContextHolder.getContext().setAuthentication(roUser);
        assertNull(sc.getFeatureTypeByName("topp:states"));
        assertSame(roads, sc.getFeatureTypeByName("topp:roads"));
        layerGroup = sc.getLayerGroupByName("topp", "layerGroupWithSomeLockedLayer");
        assertNotNull(layerGroup);
        assertTrue(layerGroup instanceof SecuredLayerGroupInfo);
        assertEquals(1, layerGroup.getLayers().size());

        // try with anonymous user, empty LayerGroup should be returned
        SecurityContextHolder.getContext().setAuthentication(anonymous);
        assertNull(sc.getFeatureTypeByName("topp:states"));
        assertNull(sc.getFeatureTypeByName("topp:roads"));
        layerGroup = sc.getLayerGroupByName("topp", "layerGroupWithSomeLockedLayer");
        assertNotNull(layerGroup);
        assertTrue(layerGroup instanceof SecuredLayerGroupInfo);
        assertEquals(0, layerGroup.getLayers().size());
    }

        Catalog eoCatalog = createNiceMock(Catalog.class);
        expect(eoCatalog.getLayerGroupByName("topp", eoRoadsLayerGroup.getName())).andReturn(eoRoadsLayerGroup).anyTimes();
        expect(eoCatalog.getLayerGroupByName("topp", eoStatesLayerGroup.getName())).andReturn(eoStatesLayerGroup).anyTimes();
        replay(eoCatalog);

        SecureCatalogImpl sc = this.buildTestObject("lockedLayerInLayerGroup.properties", eoCatalog);
        SecurityContextHolder.getContext().setAuthentication(roUser);

        // if root layer is not hidden
        LayerGroupInfo layerGroup = sc.getLayerGroupByName("topp", "eoRoadsLayerGroup");
        assertNotNull(layerGroup);
        assertNotNull(layerGroup.getRootLayer());

        // if root layer is hidden
        layerGroup = sc.getLayerGroupByName("topp", "eoStatesLayerGroup");
        assertNull(layerGroup);
    }

    }
    @Test
    public void testAccessToLayer() throws Exception {
        CatalogFilterAccessManager mgr = setupAccessManager();

        SecureCatalogImpl sc = new SecureCatalogImpl(catalog, mgr) {};
        assertNotNull(sc.getLayerByName("topp:states"));

        WorkspaceInfo ws = sc.getWorkspaceByName("nurc");
        LocalWorkspace.set(ws);
        assertNull(sc.getWorkspaceByName("topp"));
        assertNull(sc.getResourceByName("topp:states", ResourceInfo.class));
        assertNull(sc.getLayerByName("topp:states"));
    }