InMemorySecurityFilter.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 - 2015 Open Source Geospatial Foundation - all rights reserved
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.CatalogInfo;
import org.geoserver.catalog.NamespaceInfo;
import org.geoserver.catalog.Predicates;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.SecureCatalogImpl.MixedModeBehavior;
import org.geotools.filter.expression.InternalVolatileFunction;
import org.opengis.filter.Filter;
import org.opengis.filter.FilterFactory;
import org.springframework.security.core.Authentication;

/**
 * Filter function that returns true if a certain object can or cannot be showed to the current user
 * 
 * @author Andrea Aime - GeoSolutions
 */
public class InMemorySecurityFilter extends InternalVolatileFunction {

    ResourceAccessManager resourceAccesssManager;

    Authentication user;

    /**
     * Returns a filter that will check if the object passed to it can be accessed by the user
     * 
     * @param resourceAccesssManager
     * @param user
     *
     */
    public static Filter buildUserAccessFilter(ResourceAccessManager resourceAccesssManager,
            Authentication user) {
        org.opengis.filter.expression.Function visible = new InMemorySecurityFilter(
                resourceAccesssManager, user);

        FilterFactory factory = Predicates.factory;

        // create a filter combined with the security credentials check
        Filter filter = factory.equals(factory.literal(Boolean.TRUE), visible);

        return filter;
    }

    public InMemorySecurityFilter(ResourceAccessManager resourceAccesssManager, Authentication user) {
        super();
        this.resourceAccesssManager = resourceAccesssManager;
        this.user = user;
    }

    private Catalog getCatalog() {
        return (Catalog) GeoServerExtensions.bean("catalog");
    }

    private SecureCatalogImpl getSecurityWrapper() {
        return GeoServerExtensions.bean(SecureCatalogImpl.class);
    }

    @Override
    public Boolean evaluate(Object object) {
        CatalogInfo info = (CatalogInfo) object;
        if (info instanceof NamespaceInfo) {
            info = getCatalog().getWorkspaceByName(((NamespaceInfo) info).getPrefix());
        }
        WrapperPolicy policy = getSecurityWrapper().buildWrapperPolicy(resourceAccesssManager,
                user, info, MixedModeBehavior.HIDE);
        AccessLevel accessLevel = policy.getAccessLevel();
        boolean visible = !AccessLevel.HIDDEN.equals(accessLevel);
        return Boolean.valueOf(visible);
    }

}