Examples of org.geoserver.security.impl.GeoServerRole

• org.geoserver.security.impl.GeoServerRole
  Extends {@link GrantedAuthority} and represents an anonymous role If a user name is set, the role is personalized Example: the role ROLE_EMPLOYEE could have a role parameter EPLOYEE_NUMBER @author christian

        Authentication auth = ctx.getAuthentication();
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));

        // check success for basic authentication
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();

        request.addHeader("Authorization",  "Basic " +
                new String(Base64.encodeBytes((testUserName+":"+testPassword).getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        ctx = (SecurityContext)request.getSession(true).getAttribute(
                HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        assertNotNull(ctx);
        auth = ctx.getAuthentication();
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));

    }

    protected void createServices() throws Exception{

        GeoServerRoleService rservice = createRoleService("rs1");
        GeoServerRoleStore rstore = rservice.createStore();
        GeoServerRole root, derived;
        rstore.addRole(root=rstore.createRoleObject(rootRole));
        rstore.addRole(derived=rstore.createRoleObject(derivedRole));
        rstore.setParentRole(derived, root);
        rstore.associateRoleToUser(derived, testUserName);
        rstore.associateRoleToUser(derived, "castest");

            fail("empty role name should throw exception");
        } catch (IOException ex) {
            assertSecurityException(ex, NAME_REQUIRED);
        }

        GeoServerRole role1 = store.getRoleByName("role1");

        try {
            store.addRole(role1);
            fail("already existing role name should throw exception");
        } catch (IOException ex) {

            @Override
            public GeoServerSecurityManager createSecurityManager( MockTestData testData) throws Exception {
                GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class);

                GeoServerRoleStore roleStore = createRoleStore("test", secMgr, "role1", "parent1");
                expect(roleStore.removeRole(new GeoServerRole("unused"))).andReturn(true);

                DataAccessRule dataAccessRule = createNiceMock(DataAccessRule.class);
                expect(dataAccessRule.compareTo(dataAccessRule)).andReturn(0).anyTimes();
                expect(dataAccessRule.getKey()).andReturn("foo").anyTimes();
                expect(dataAccessRule.getRoles()).andReturn(new TreeSet<String>(Arrays.asList("role1"))).anyTimes();
                replay(dataAccessRule);

                DataAccessRuleDAO dataAccessDAO = createNiceMock(DataAccessRuleDAO.class);
                expect(dataAccessDAO.getRulesAssociatedWithRole("role1")).andReturn(
                    new TreeSet<DataAccessRule>(Arrays.asList(dataAccessRule))).anyTimes();
                expect(dataAccessDAO.getRulesAssociatedWithRole("parent1")).andReturn(
                        new TreeSet<DataAccessRule>()).anyTimes();
                expect(secMgr.getDataAccessRuleDAO()).andReturn(dataAccessDAO).anyTimes();

                ServiceAccessRuleDAO serviceAccessDAO = createNiceMock(ServiceAccessRuleDAO.class);
                expect(serviceAccessDAO.getRulesAssociatedWithRole(
                    (String)anyObject())).andReturn(new TreeSet<ServiceAccessRule>()).anyTimes();
                expect(secMgr.getServiceAccessRuleDAO()).andReturn(serviceAccessDAO).anyTimes();

                replay(dataAccessDAO, serviceAccessDAO, roleStore, secMgr);
                return secMgr;
            }
        });

        RoleStoreValidationWrapper store = new RoleStoreValidationWrapper(
            (GeoServerRoleStore)getSecurityManager().loadRoleService("test"), true);
        GeoServerRole role = store.getRoleByName("role1");
        GeoServerRole parent = store.getRoleByName("parent1");

        store.removeRole(parent);
        try {
            store.removeRole(role);
            fail("used role should throw exception");

                GeoServerUserGroupStore ugStore2 = createUserGroupStore("test2", secMgr);
                addUsers(ugStore1, "user2", "abc");
                addGroups(ugStore1, "group2");

                GeoServerRoleStore roleStore = createRoleStore("test", secMgr, "role1");
                expect(roleStore.getGroupNamesForRole(new GeoServerRole("role1"))).andReturn(
                    new TreeSet<String>(Arrays.asList("group1", "group2"))).anyTimes();

                replay(ugStore1, ugStore2, roleStore, secMgr);
                return secMgr;
            }
        });

        GeoServerSecurityManager secMgr = getSecurityManager();
        GeoServerUserGroupStore ugStore1 = (GeoServerUserGroupStore) secMgr.loadUserGroupService("test1");
        GeoServerUserGroupStore ugStore2 = (GeoServerUserGroupStore) secMgr.loadUserGroupService("test2");

        RoleStoreValidationWrapper store = new RoleStoreValidationWrapper(
            (GeoServerRoleStore)secMgr.loadRoleService("test"), ugStore1, ugStore2);

        GeoServerRole role1 = store.getRoleByName("role1");
        try {
            store.associateRoleToGroup(role1, "group3");
            fail("unkown group should throw exception");
        } catch (IOException ex) {
            assertSecurityException(ex, GROUPNAME_NOT_FOUND_$1 , "group3");

                GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class);

                GeoServerRoleStore roleStore =
                    createRoleStore("test", secMgr, "admin", "groupAdmin", "role1");
                addRolesToCreate(roleStore, "admin", "groupAdmin");
                expect(roleStore.getAdminRole()).andReturn(new GeoServerRole("admin")).anyTimes();
                expect(roleStore.getGroupAdminRole()).andReturn(new GeoServerRole("groupAdmin")).anyTimes();

                replay(roleStore, secMgr);
                return secMgr;
            }
        });

        assertEquals(0, roleService.getRoles().size());
        assertEquals(0,roleService.getRoleCount());
    }
    public void insertValues(GeoServerRoleStore roleStore) throws IOException {

        GeoServerRole role_admin =
            roleStore.createRoleObject(GeoServerRole.ADMIN_ROLE.getAuthority());
        GeoServerRole role_auth =
            roleStore.createRoleObject("ROLE_AUTHENTICATED" );
        GeoServerRole role_wfs =
            roleStore.createRoleObject("ROLE_WFS");
        GeoServerRole role_wms =
            roleStore.createRoleObject("ROLE_WMS");

        role_auth.getProperties().put("employee","");
        role_auth.getProperties().put("bbox","lookupAtRuntime");

        roleStore.associateRoleToGroup(role_wms, "g_all");
        roleStore.associateRoleToGroup(role_wfs, "g_all");

    }
    public void removeValues(GeoServerRoleStore roleStore) throws IOException {
        GeoServerRole role_auth =
            roleStore.createRoleObject("ROLE_AUTHENTICATED" );
        GeoServerRole role_wfs = roleStore.getRoleByName("ROLE_WFS");
        roleStore.removeRole(role_wfs);
        roleStore.removeRole(role_auth);
    }

        roleStore.removeRole(role_wfs);
        roleStore.removeRole(role_auth);
    }
    public void modifyValues(GeoServerRoleStore roleStore) throws IOException {

        GeoServerRole role_auth = roleStore.getRoleByName("ROLE_AUTHENTICATED");
        GeoServerRole role_wfs = roleStore.getRoleByName("ROLE_WFS");
        GeoServerRole role_wms = roleStore.getRoleByName("ROLE_WMS");

        role_auth.getProperties().remove("bbox");
        role_auth.getProperties().setProperty("employee","4711");
        roleStore.updateRole(role_auth);

        role_wms.getProperties().setProperty("envelope", "10 10 20 20");
        roleStore.updateRole(role_wms);

        roleStore.disAssociateRoleFromGroup(role_wfs, "g_all");
        roleStore.disAssociateRoleFromUser(role_wfs, "user1");
        roleStore.setParentRole(role_wms, null);

        roleStore.disAssociateRoleFromUser(role_wfs, "user1");
        roleStore.setParentRole(role_wms, null);
        roleStore.setParentRole(role_wfs, role_wms);
    }
    protected void checkValuesRemoved(GeoServerRoleService roleService) throws IOException {
        GeoServerRole role_admin = roleService.getRoleByName(
                GeoServerRole.ADMIN_ROLE.getAuthority());
        GeoServerRole role_wms = roleService.getRoleByName("ROLE_WMS");

        assertEquals(2, roleService.getRoles().size());
        assertEquals(2, roleService.getRoleCount());
        assertTrue(roleService.getRoles().contains(role_admin));
        assertTrue(roleService.getRoles().contains(role_wms));