private void assertListStringAttribute(Metacard mc, String attrName, String[] expectedValues) {
    if (mc.getAttribute(attrName) != null) {
      List<?> values = (List<?>) mc.getAttribute(attrName).getValues();
      assertThat(values, not(nullValue()));
      assertThat(values.size(), equalTo(expectedValues.length));

      List<String> valuesList = new ArrayList<String>();
      valuesList.addAll((List<? extends String>) values);
      assertThat(valuesList, hasItems(expectedValues));
    }
  }
Exemple #2
0
 @Override
 public ResourceResponse processPostResource(ResourceResponse input, Metacard metacard)
     throws StopProcessingException {
   if (input.getRequest() == null || input.getRequest().getProperties() == null) {
     throw new StopProcessingException(
         "Unable to filter contents of current message, no user Subject available.");
   }
   KeyValueCollectionPermission securityPermission =
       new KeyValueCollectionPermission(CollectionPermission.READ_ACTION);
   Subject subject = getSubject(input);
   Attribute attr = metacard.getAttribute(Metacard.SECURITY);
   if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.READ_ACTION)) {
     for (FilterStrategy filterStrategy : filterStrategies.values()) {
       FilterResult filterResult = filterStrategy.process(input, metacard);
       if (filterResult.processed()) {
         if (filterResult.response() == null) {
           throw new StopProcessingException("Subject not permitted to receive resource");
         } else {
           input = (ResourceResponse) filterResult.response();
         }
         break;
         // returned metacards are ignored for resource requests
       }
     }
     if (filterStrategies.size() == 0) {
       throw new StopProcessingException("Subject not permitted to receive resource");
     }
   }
   return input;
 }
  @Test
  public void testGeoTaggedJpeg() throws Exception {
    InputStream stream =
        Thread.currentThread().getContextClassLoader().getResourceAsStream("testJPEG_GEO.jpg");

    /*
     * The dates in testJPED_GEO.jpg do not contain timezones. If no timezone is specified,
     * the Tika input transformer assumes the local time zone.  Set the system timezone to UTC
     * so we can do assertions.
     */
    TimeZone defaultTimeZone = TimeZone.getDefault();
    TimeZone.setDefault(TimeZone.getTimeZone("UTC"));

    Metacard metacard = transform(stream);
    assertNotNull(metacard);
    assertNotNull(metacard.getMetadata());
    assertThat(
        metacard.getMetadata(), containsString("<meta name=\"Model\" content=\"Canon EOS 40D\"/>"));
    assertThat(metacard.getContentTypeName(), is("image/jpeg"));
    assertThat(convertDate(metacard.getCreatedDate()), is("2009-08-11 09:09:45 UTC"));
    assertThat(convertDate(metacard.getModifiedDate()), is("2009-10-02 23:02:49 UTC"));
    assertThat(
        (String) metacard.getAttribute(Metacard.GEOGRAPHY).getValue(),
        is("POINT(-54.1234 12.54321)"));

    // Reset timezone back to local time zone.
    TimeZone.setDefault(defaultTimeZone);
  }
Exemple #4
0
 @Override
 public UpdateRequest processPreUpdate(UpdateRequest input, Map<String, Metacard> metacards)
     throws StopProcessingException {
   KeyValueCollectionPermission securityPermission =
       new KeyValueCollectionPermission(CollectionPermission.UPDATE_ACTION);
   List<Map.Entry<Serializable, Metacard>> updates = input.getUpdates();
   Subject subject = getSubject(input);
   Subject systemSubject = getSystemSubject();
   List<String> unknownIds = new ArrayList<>();
   List<String> notPermittedIds = new ArrayList<>();
   for (Map.Entry<Serializable, Metacard> entry : updates) {
     Metacard newMetacard = entry.getValue();
     Attribute attr = newMetacard.getAttribute(Metacard.SECURITY);
     String id = null;
     if (entry.getKey() != null && !entry.getKey().equals("null")) {
       id = (String) entry.getKey();
     } else if (newMetacard.getId() != null && !newMetacard.getId().equals("null")) {
       id = newMetacard.getId();
     }
     Metacard oldMetacard = metacards.get(id);
     if (oldMetacard == null) {
       unknownIds.add(id);
     } else {
       Attribute oldAttr = oldMetacard.getAttribute(Metacard.SECURITY);
       if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.UPDATE_ACTION)
           || !checkPermissions(
               oldAttr, securityPermission, subject, CollectionPermission.UPDATE_ACTION)
           || !checkPermissions(
               attr, securityPermission, systemSubject, CollectionPermission.UPDATE_ACTION)) {
         notPermittedIds.add(newMetacard.getId());
       }
     }
   }
   if (!unknownIds.isEmpty() || !notPermittedIds.isEmpty()) {
     throw new StopProcessingException(
         "Update operation not permitted with bad data. Unknown metacards: [ "
             + listToString(unknownIds)
             + " ]. Not Permitted metacards: [ "
             + listToString(notPermittedIds)
             + " ]");
   }
   return input;
 }
 private Map<String, Set<String>> buildSecurityMap(Metacard metacard) {
   Map<String, Set<String>> securityMap = new HashMap<>();
   if (metacard != null) {
     for (String metacardAttribute : metacardAttributes) {
       Attribute attribute = metacard.getAttribute(metacardAttribute);
       if (attribute != null) {
         securityMap.put(metacardAttribute, new HashSet<>(listAsStrings(attribute.getValues())));
       }
     }
   }
   return securityMap;
 }
Exemple #6
0
 private PolicyResponse getWritePolicy(Metacard input, Map<String, Serializable> properties) {
   HashMap<String, Set<String>> operationPolicy = new HashMap<>();
   if (Requests.isLocal(properties) && input.getTags().contains(RegistryConstants.REGISTRY_TAG)) {
     Attribute attribute = input.getAttribute(RegistryObjectMetacardType.REGISTRY_BASE_URL);
     if (isRegistryDisabled()
         || (attribute != null
             && attribute.getValue() instanceof String
             && ((String) attribute.getValue()).startsWith(SystemBaseUrl.getBaseUrl()))) {
       operationPolicy.putAll(bypassAccessPolicy);
     } else {
       operationPolicy.putAll(writeAccessPolicy);
     }
   }
   return new PolicyResponseImpl(operationPolicy, new HashMap<>());
 }
 private void assertMetacard(Metacard mc, Map<String, Object> expectedValues) {
   assertThat(mc.getId(), equalTo((String) expectedValues.get(Metacard.ID)));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_IDENTIFIER,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_IDENTIFIER));
   assertThat(mc.getTitle(), equalTo((String) expectedValues.get(Metacard.TITLE)));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_TITLE,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_TITLE));
   assertThat(mc.getModifiedDate(), equalTo((Date) expectedValues.get(Metacard.MODIFIED)));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_MODIFIED,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_MODIFIED));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_SUBJECT,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_SUBJECT));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_ABSTRACT,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_ABSTRACT));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_RIGHTS,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_RIGHTS));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_LANGUAGE,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_LANGUAGE));
   assertThat(
       (String) mc.getAttribute(CswRecordMetacardType.CSW_TYPE).getValue(),
       equalTo((String) expectedValues.get(CswRecordMetacardType.CSW_TYPE)));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.CSW_FORMAT,
       (String[]) expectedValues.get(CswRecordMetacardType.CSW_FORMAT));
   assertThat(mc.getLocation(), equalTo((String) expectedValues.get(Metacard.GEOGRAPHY)));
   assertListStringAttribute(
       mc,
       CswRecordMetacardType.OWS_BOUNDING_BOX,
       (String[]) expectedValues.get(CswRecordMetacardType.OWS_BOUNDING_BOX));
 }
Exemple #8
0
  @Override
  public QueryResponse processPostQuery(QueryResponse input) throws StopProcessingException {
    if (input.getRequest() == null || input.getRequest().getProperties() == null) {
      throw new StopProcessingException(
          "Unable to filter contents of current message, no user Subject available.");
    }
    Subject subject = getSubject(input);

    List<Result> results = input.getResults();
    List<Result> newResults = new ArrayList<>(results.size());
    Metacard metacard;
    KeyValueCollectionPermission securityPermission =
        new KeyValueCollectionPermission(CollectionPermission.READ_ACTION);
    int filteredMetacards = 0;
    for (Result result : results) {
      metacard = result.getMetacard();
      Attribute attr = metacard.getAttribute(Metacard.SECURITY);
      if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.READ_ACTION)) {
        for (FilterStrategy filterStrategy : filterStrategies.values()) {
          FilterResult filterResult = filterStrategy.process(input, metacard);
          if (filterResult.processed()) {
            if (filterResult.metacard() != null) {
              newResults.add(new ResultImpl(filterResult.metacard()));
            }
            break;
            // returned responses are ignored for queries
          }
        }
        filteredMetacards++;
      } else {
        newResults.add(result);
      }
    }

    LOGGER.info("Filtered {} metacards, returned {}", filteredMetacards, newResults.size());
    SecurityLogger.logInfo(
        "Filtered " + filteredMetacards + " metacards, returned " + newResults.size());

    input.getResults().clear();
    input.getResults().addAll(newResults);
    newResults.clear();
    return input;
  }
 @Override
 public boolean metacardMatch(Metacard metacard) {
   if (Metacard.SOURCE_ID.equals(attributeName)) {
     return metacard.getSourceId().equals(attributeValue);
   } else {
     Attribute attribute = metacard.getAttribute(attributeName);
     if (attribute != null) {
       if (attributeValueMatch(
           attribute, metacard.getMetacardType().getAttributeDescriptor(attributeName))) {
         LOGGER.debug(
             "Found match for Attribute: {} Value: {} URL: {}",
             attributeName,
             attributeValue,
             styleUrl);
         return true;
       }
     }
   }
   return false;
 }
Exemple #10
0
  @Override
  public CreateRequest processPreCreate(CreateRequest input) throws StopProcessingException {
    KeyValueCollectionPermission securityPermission =
        new KeyValueCollectionPermission(CollectionPermission.CREATE_ACTION);
    List<Metacard> metacards = input.getMetacards();
    Subject subject = getSubject(input);
    Subject systemSubject = getSystemSubject();
    List<String> notPermittedIds = new ArrayList<>();
    for (Metacard metacard : metacards) {
      Attribute attr = metacard.getAttribute(Metacard.SECURITY);
      if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.CREATE_ACTION)
          || !checkPermissions(
              attr, securityPermission, systemSubject, CollectionPermission.CREATE_ACTION)) {
        notPermittedIds.add(metacard.getId());
      }
    }
    if (!notPermittedIds.isEmpty()) {
      throw new StopProcessingException(
          "Metacard creation not permitted for: [ " + listToString(notPermittedIds) + " ]");
    }

    return input;
  }