SecurityProcessFilter.java

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

package org.geoserver.wps.security;

import java.util.logging.Logger;

import org.geoserver.platform.ExtensionPriority;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.wps.process.ProcessFilter;
import org.geotools.process.ProcessFactory;
import org.geotools.util.logging.Logging;
import org.opengis.feature.type.Name;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 * A process filter based on the security subsystem
 */
public class SecurityProcessFilter implements ProcessFilter, ExtensionPriority {

    protected static final Logger LOGGER = Logging.getLogger(SecurityProcessFilter.class);
    protected ProcessAccessManager manager;

    @Override
    public ProcessFactory filterFactory(ProcessFactory pf) {
        if(manager == null){
            manager = GeoServerExtensions.bean(ProcessAccessManager.class);
            if (manager == null) {
                manager = new DefaultProcessAccessManager(GeoServerExtensions.bean(WpsAccessRuleDAO.class));
            } 
        }
        return new SecurityProcessFactory(pf, this);
    }

    @Override
    public int getPriority() {
        // Be the last process filter in the list (the sorting is done low to high)
        // This is done to allow other filters to recognize the classes this extension would wrap
        return Integer.MAX_VALUE;
    }

    protected boolean allowProcess(Name processName) {
        Authentication user = SecurityContextHolder.getContext().getAuthentication();
        return manager.getAccessLimits(user, processName).isAllowed();
    }

}