Hi, I've been asked to look at an issue with CSW that apparently is ignoring the security filters and always returning all of the layers metadata to any user (including anonymous ones).
At first I thought the code was referring directly the internalCatalog bean, but no, it's a different variation of the same issue: instead of using the catalog, the code is extracting the CatalogFacade from it, and then queries the facade: https://github.com/geoserver/geoserver/blob/master/src/extension/csw/core/src/main/java/org/geoserver/csw/store/internal/CatalogStoreFeatureIterator.java#L86 This ends up dodging all the security, which is not wrapped around the facade. As far as I can tell the queries are hitting the facade because there is a need to sort over multiple sortby in CSW, and the methods to query are exposed as follows: Catalog.java: public <T extends CatalogInfo> CloseableIterator<T> list(final Class<T> of, final Filter filter, @Nullable Integer offset, @Nullable Integer count, @Nullable SortBy sortBy); CatalogFacade.java: /** * @return an iterator over the catalog objects of the requested type that match the given * filter */ public <T extends CatalogInfo> CloseableIterator<T> list(final Class<T> of, final Filter filter, @Nullable Integer offset, @Nullable Integer count, @Nullable SortBy... sortOrder); See the difference? To make sure CSW honors security, the Catalog interface would have to be modified to support multiple sortBy. To avoid breaking the interface I guess I could use java 8 default methods which use getFacade().list(...), and then just override that implementation in the SecuredCatalog, but I'm afraid that might have non obvious side effects in other implementations... better be explicit and break the interface instead? Btw, Jira already contains a report due to this issue, but it does not picture the entire problem (complete lack of security control in CSW): https://osgeo-org.atlassian.net/browse/GEOS-6200 I'm also wondering if by any chance dodging security was done on purpose, if that's the case, we might want to add a system setting to get the current behavior, in case the original sponsors of the current implementation actually need it. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -------------------------------------------------------
------------------------------------------------------------------------------
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
