DataAccessManagerAdapter.java example

Explorer
geoserver_trunk-master
/* Copyright (c) 2001 - 2007 TOPP - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import java.util.logging.Level;
import java.util.logging.Logger;

import org.geoserver.catalog.CoverageInfo;
import org.geoserver.catalog.FeatureTypeInfo;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.WMSLayerInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geotools.util.logging.Logging;
import org.opengis.filter.Filter;
import org.springframework.security.core.Authentication;

/**
 * Adapts a {@link DataAccessManager} to the {@link ResourceAccessManager} interface
 * 
 * @author Andrea Aime - GeoSolutions
 * 
 */
public class DataAccessManagerAdapter implements ResourceAccessManager {
    static final Logger LOGGER = Logging.getLogger(DataAccessManagerAdapter.class);

    DataAccessManager delegate;

    /**
     * Builds a new adapter
     * 
     * @param delegate
     */
    public DataAccessManagerAdapter(DataAccessManager delegate) {
        this.delegate = delegate;
    }

    public DataAccessLimits getAccessLimits(Authentication user, LayerInfo layer) {
        boolean read = delegate.canAccess(user, layer, AccessMode.READ);
        boolean write = delegate.canAccess(user, layer, AccessMode.WRITE);
        Filter readFilter = read ? Filter.INCLUDE : Filter.EXCLUDE;
        Filter writeFilter = write ? Filter.INCLUDE : Filter.EXCLUDE;
        return buildLimits(layer.getResource(), readFilter, writeFilter);
    }

    public DataAccessLimits getAccessLimits(Authentication user, ResourceInfo resource) {
        boolean read = delegate.canAccess(user, resource, AccessMode.READ);
        boolean write = delegate.canAccess(user, resource, AccessMode.WRITE);
        Filter readFilter = read ? Filter.INCLUDE : Filter.EXCLUDE;
        Filter writeFilter = write ? Filter.INCLUDE : Filter.EXCLUDE;
        return buildLimits(resource, readFilter, writeFilter);
    }

    DataAccessLimits buildLimits(ResourceInfo resource, Filter readFilter, Filter writeFilter) {
        CatalogMode mode = delegate.getMode();

        // allow the secure catalog to avoid any kind of wrapping if there are no limits
        if ((readFilter == null || readFilter == Filter.INCLUDE)
                && (writeFilter == null || writeFilter == Filter.INCLUDE
                        || resource instanceof WMSLayerInfo || resource instanceof CoverageInfo)) {
            return null;
        }

        // build the appropriate limit class
        if (resource instanceof FeatureTypeInfo) {
            return new VectorAccessLimits(mode, null, readFilter, null, writeFilter);
        } else if (resource instanceof CoverageInfo) {
            return new CoverageAccessLimits(mode, readFilter, null, null);
        } else if (resource instanceof WMSLayerInfo) {
            return new WMSAccessLimits(mode, readFilter, null, true);
        } else {
            LOGGER.log(Level.INFO,
                    "Warning, adapting to generic access limits for unrecognized resource type "
                            + resource);
            return new DataAccessLimits(mode, readFilter);
        }
    }

    public WorkspaceAccessLimits getAccessLimits(Authentication user, WorkspaceInfo workspace) {
        boolean readable = delegate.canAccess(user, workspace, AccessMode.READ);
        boolean writable = delegate.canAccess(user, workspace, AccessMode.WRITE);
        CatalogMode mode = delegate.getMode();

        if (readable && writable) {
            return null;
        } else {
            return new WorkspaceAccessLimits(mode, readable, writable);
        }
    }

}