Re: [Geoserver-devel] What source code controls layer access based on user roles?

Mon, 21 Dec 2020 13:33:59 -0800 

Hi, it appears the first one was correct. I’m not super familiar with java so 
this might not be the fastest or most elegant code but it seems to work for the 
test I wanted to try (require a user have all roles on a layer).

// Original - 
for (GrantedAuthority authority : user.getAuthorities()) {
        final String userRole = authority.getAuthority();
        if (roles.contains(userRole) || ROOT_ROLE.equals(userRole)) return true;
}

// Change -
ArrayList<String> userRoles = new ArrayList<String>();
for (GrantedAuthority authority : user.getAuthorities()) {
        userRoles.add(authority.getAuthority());
}
if (userRoles.containsAll(roles) || userRoles.contains(ROOT_ROLE)) return true;

Thanks!
-Andy

On Dec 18, 2020, at 12:02 PM, Andy Arismendi <[email protected]> wrote:

Hi! In my testing it appears that a user need only be in one for the roles 
assigned to a layer in order to be granted access to the layer. This appears to 
be nominal behavior based on the current documentation: 
https://docs.geoserver.org/stable/en/user/security/layer.html : "If a user 
belongs to multiple roles, the least restrictive permission they inherit will 
apply.”

I would like to try a test and change the code to require the user to have all 
of the roles on the layer instead of just one of them. I would very much 
appreciate it if someone can help me identify the code that is responsible for 
this. I’m not familiar with the code base so I was just looking through and 
found a couple things that look promising but I’m not sure if these control 
layer access or not.

Things I came across and suspect are relevant (but not sure): 
- SecureTreeNode.java : public boolean canAccess(Authentication user, 
AccessMode mode)
- SecuredLookupServiceImpl.java : private boolean canAccess(Secured sec)

Any help would be very much appreciated! I just need to identify the relevant 
code for this functionality.

Note - I’m using the 2.18.1 version released on source forge 23NOV2020.

Thanks!
-Andy




_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to