gCubeSystem
/
geoportal-data-viewer-app
15
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added access policy filtering on reading layers for project ID

This commit is contained in:
Francesco Mangiacrapa 2023-01-11 17:12:19 +01:00
parent acc6be29d8
commit 047db1e848
6 changed files with 181 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.classpath
View File

@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" output="target/geoportal-data-viewer-app-3.0.1-SNAPSHOT/WEB-INF/classes" path="src/main/java">
<classpathentry kind="src" output="target/geoportal-data-viewer-app-3.1.0-SNAPSHOT/WEB-INF/classes" path="src/main/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/geoportal-data-viewer-app-3.0.1-SNAPSHOT/WEB-INF/classes" path="src/main/resources">
<classpathentry excluding="**" kind="src" output="target/geoportal-data-viewer-app-3.1.0-SNAPSHOT/WEB-INF/classes" path="src/main/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
@ -35,5 +35,5 @@
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/geoportal-data-viewer-app-3.0.1-SNAPSHOT/WEB-INF/classes"/>
<classpathentry kind="output" path="target/geoportal-data-viewer-app-3.1.0-SNAPSHOT/WEB-INF/classes"/>
</classpath>

2
.settings/com.gwtplugins.gdt.eclipse.core.prefs
View File

@ -1,4 +1,4 @@
eclipse.preferences.version=1
lastWarOutDir=/home/francescomangiacrapa/git/geoportal-data-viewer-app/target/geoportal-data-viewer-app-3.0.1-SNAPSHOT
lastWarOutDir=/home/francescomangiacrapa/git/geoportal-data-viewer-app/target/geoportal-data-viewer-app-3.1.0-SNAPSHOT
warSrcDir=src/main/webapp
warSrcDirIsOutput=false

15
.settings/org.eclipse.wst.common.component
View File

@ -38,7 +38,9 @@
<wb-module deploy-name="geoportal-data-viewer-app-3.0.1-SNAPSHOT">
<wb-module deploy-name="geoportal-data-viewer-app-3.1.0-SNAPSHOT">
@ -97,6 +99,7 @@
@ -137,6 +140,7 @@
@ -177,6 +181,7 @@
@ -217,6 +222,7 @@
@ -239,8 +245,11 @@
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
<dependent-module archiveName="geoportal-data-common-2.0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/geoportal-data-common/geoportal-data-common">
<dependency-type>uses</dependency-type>
</dependent-module>
@ -260,6 +269,7 @@
@ -300,6 +310,7 @@
@ -340,6 +351,7 @@
@ -381,6 +393,7 @@

41
src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/GeoportalDataViewerServiceImpl.java
View File

@ -35,6 +35,8 @@ import org.gcube.application.geoportalcommon.ProjectDVBuilder;
import org.gcube.application.geoportalcommon.geoportal.GeoportalClientCaller;
import org.gcube.application.geoportalcommon.geoportal.ProjectsCaller;
import org.gcube.application.geoportalcommon.geoportal.UseCaseDescriptorCaller;
import org.gcube.application.geoportalcommon.geoportal.access.GeportalCheckAccessPolicy;
import org.gcube.application.geoportalcommon.geoportal.access.GeportalCheckAccessPolicy.ACCESS_POLICY;
import org.gcube.application.geoportalcommon.shared.GNADataViewerConfigProfile;
import org.gcube.application.geoportalcommon.shared.GeoportalItemReferences;
import org.gcube.application.geoportalcommon.shared.SearchingFilter;
@ -662,7 +664,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
LOG.info("Total Docs read from config: " + totalProjectForProfile);
// FIRST QUERY TO RETRIEVE IDs
// LIMIT IS NULL AND START = 0 MEANS THAT IT IS EQUAL TO NUMBER TOTAL OF DOCUMENTS
// LIMIT IS NULL AND START = 0 MEANS THAT IT IS EQUAL TO NUMBER TOTAL OF
// DOCUMENTS
final Iterator<Project> projectsIDs = client.queryOnMongo(theProfileID, totalProjectForProfile, 0, null,
filter);
@ -680,8 +683,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
// SETTING ORIGINAL PROJECTION FROM CLIENT
filter.setProjection(originalProjection);
// LIMIT IS FROM CLIENT
Iterator<Project> projects = client.queryOnMongo(theProfileID, totalItems, start, limit,
filter);
Iterator<Project> projects = client.queryOnMongo(theProfileID, totalItems, start, limit, filter);
searchedDataIDs.setClientStartIndex(start);
searchedDataIDs.setLimit(limit);
@ -749,24 +751,38 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try {
SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
String username = null;
try {
SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
username = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
} catch (Exception e) {
LOG.info("User not found in session, the userName for checking policy will be null");
LOG.info("User not found in session, the userName for checking the policy will be null");
}
LOG.info("Trying to get project for id " + profileID);
LOG.trace("Trying to get project for id " + projectID);
new GeoportalServiceIdentityProxy(this.getThreadLocalRequest());
Project theProject = GeoportalClientCaller.projects().getProjectByID(profileID, projectID);
String jsonDocument = theProject.getTheDocument().toJson();
LOG.trace("JSON Project is: " + jsonDocument);
String materializationParentJSONPath = String.format("%s..%s", Geoportal_JSON_Mapper.JSON_$_POINTER,
Geoportal_JSON_Mapper.FILESET);
LOG.debug("Checking access policy for the layer...");
ACCESS_POLICY accessPolicy = GeportalCheckAccessPolicy.accessPolicyFromSessionLogin(username);
LOG.info("Access policy for discovering the layers is: " + accessPolicy);
listLayers = Geoportal_JSON_Mapper.readGcubeSDILayersForFileset(materializationParentJSONPath,
jsonDocument);
String filesetParentJSONPath = null;
//(see ticket #24390)
if (accessPolicy.equals(ACCESS_POLICY.OPEN)) {
// Filtering for ACCESS_POLICY.OPEN from the fileset when the username is not in session. IAM
// identity is running, no logged in user.
filesetParentJSONPath = String.format("%s..%s[?(@._access._policy=='%s')]",
Geoportal_JSON_Mapper.JSON_$_POINTER, Geoportal_JSON_Mapper.FILESET, accessPolicy);
} else {
// Accessing to all fileset (with any ACCESS_POLICY) when the user is logged in.
filesetParentJSONPath = String.format("%s..%s", Geoportal_JSON_Mapper.JSON_$_POINTER,
Geoportal_JSON_Mapper.FILESET);
}
listLayers = Geoportal_JSON_Mapper.readGcubeSDILayersForFileset(filesetParentJSONPath, jsonDocument);
LOG.info("For projectID " + projectID + ", returning " + listLayers.size() + " layer/s");
return listLayers;
@ -975,7 +991,8 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
LOG.info("getDataResult called");
for (LayerObject layerObject : layerObjects) {
LOG.info("ProfileID: "+layerObject.getProfileID() + ", ProjectID: " +layerObject.getProjectID() + ", TYPE: "+layerObject.getType());
LOG.info("ProfileID: " + layerObject.getProfileID() + ", ProjectID: " + layerObject.getProjectID()
+ ", TYPE: " + layerObject.getType());
}
if (LOG.isDebugEnabled()) {

44
src/main/java/org/gcube/portlets/user/geoportaldataviewer/server/Geoportal_JSON_Mapper.java
View File

@ -55,6 +55,8 @@ public class Geoportal_JSON_Mapper {
public static final String _MATERIALIZATIONS = "_materializations";
public static final String _TYPE_GCUBE_SDI_LAYER = "gcube-sdi-layer";
private static final Logger LOG = LoggerFactory.getLogger(Geoportal_JSON_Mapper.class);
public static final String FILESET = "fileset";
@ -113,7 +115,8 @@ public class Geoportal_JSON_Mapper {
com.jayway.jsonpath.Configuration configuration = com.jayway.jsonpath.Configuration.builder()
.jsonProvider(new JsonOrgJsonProvider()).build();
//LinkedHashMap<Integer, MetaDataProfileBeanExt> mapOfProfilesBeanExt = new LinkedHashMap<Integer, MetaDataProfileBeanExt>();
// LinkedHashMap<Integer, MetaDataProfileBeanExt> mapOfProfilesBeanExt = new
// LinkedHashMap<Integer, MetaDataProfileBeanExt>();
ArrayList<MetaDataProfileBeanExt> listOfProfilesBeanExt = new ArrayList<MetaDataProfileBeanExt>();
@ -179,7 +182,6 @@ public class Geoportal_JSON_Mapper {
List<MetaDataProfileBean> theProfileBeans = gcubeProfileMetaForUCD.getListMetadataProfileBean();
MetaDataProfileBean theProfileBean = theProfileBeans.get(0);
// For each bson.Document filling the MetaDataProfileBean and its file
for (int i = 0; i < listBSONDocument.size(); i++) {
@ -199,9 +201,9 @@ public class Geoportal_JSON_Mapper {
// }
// }
Document fromSectionDoc = listBSONDocument.get(i);
LOG.debug("\n\nNew section DOC for index " + i + " is: " + new JSONObject(fromSectionDoc.toJson()).toString(2));
LOG.debug("\n\nNew section DOC for index " + i + " is: "
+ new JSONObject(fromSectionDoc.toJson()).toString(2));
// Creating the corresponding MetaDataProfileBeanExt for each section
// Reading policy and license statically
@ -221,7 +223,8 @@ public class Geoportal_JSON_Mapper {
e.printStackTrace();
}
//List<MetadataFieldWrapper> copyOfMetadataFields = new ArrayList<MetadataFieldWrapper>(theProfileBean.getMetadataFields());
// List<MetadataFieldWrapper> copyOfMetadataFields = new
// ArrayList<MetadataFieldWrapper>(theProfileBean.getMetadataFields());
// int forIndex = 0;
List<MetadataFieldWrapper> cloneListOfMFW = cloneList(theProfileBean.getMetadataFields());
@ -272,7 +275,8 @@ public class Geoportal_JSON_Mapper {
}
// Reading Fileset _materializations
//listLayers = readGcubeSDILayersForFileset(filesetJSONPath, fromSectionDocJSON);
// listLayers = readGcubeSDILayersForFileset(filesetJSONPath,
// fromSectionDocJSON);
// theProfileBeanExt.set
}
@ -647,22 +651,29 @@ public class Geoportal_JSON_Mapper {
LOG.info("readGcubeSDILayersForFileset called");
List<GCubeSDIViewerLayerDV> listSDILayers = new ArrayList<GCubeSDIViewerLayerDV>();
String _materializationsJSONPath = String.format("%s.%s", materializationParentJSONPath, _MATERIALIZATIONS);
// _materializations AT THE MOMENT ARE ONLY OF TYPE gcube-sdi-layer. I'm adding
// the filtering "_type": "gcube-sdi-layer" to be sure of reading SDI layer
String _materializationsJSONPath = String.format("%s.%s[?(@._type=='%s')]", materializationParentJSONPath,
_MATERIALIZATIONS, _TYPE_GCUBE_SDI_LAYER);
// [?(@._access._policy=='%s')]
try {
com.jayway.jsonpath.Configuration configurationJSONSmart = com.jayway.jsonpath.Configuration.builder()
.jsonProvider(new JsonOrgJsonProvider()).build();
LOG.debug("Reading sectionPath {} into section document {}", _materializationsJSONPath, sectionJSONDocument);
JsonPath theSectionPolycJsonPath = JsonPath.compile(_materializationsJSONPath);
Object _materializations = theSectionPolycJsonPath.read(sectionJSONDocument, configurationJSONSmart);
LOG.debug("GcubeSDILayers Reading sectionPath {} into section document {}", _materializationsJSONPath,
sectionJSONDocument);
JsonPath theSectionMaterializationJsonPath = JsonPath.compile(_materializationsJSONPath);
Object _materializations = theSectionMaterializationJsonPath.read(sectionJSONDocument,
configurationJSONSmart);
LOG.trace("_materializations.class(): " + _materializations.getClass());
listSDILayers = recursiveFetchingLayers(configurationJSONSmart, _materializations, listSDILayers);
} catch (Exception e) {
LOG.warn("Error on reading the JSON Path " + _materializationsJSONPath + " in the doc "
LOG.debug("Error on reading the JSON Path " + _materializationsJSONPath + " in the doc "
+ sectionJSONDocument, e);
}
LOG.info("returning list of layers {}", listSDILayers);
@ -686,14 +697,14 @@ public class Geoportal_JSON_Mapper {
if (objectJSON instanceof JSONArray) {
JSONArray theJsonArray = (JSONArray) objectJSON;
LOG.trace("jsonArray: " + theJsonArray.toString(3));
LOG.debug("jsonArray: " + theJsonArray.toString(3));
for (int i = 0; i < theJsonArray.length(); i++) {
recursiveFetchingLayers(config, theJsonArray.get(i), listSDILayers);
}
} else if (objectJSON instanceof JSONObject) {
JSONObject theJsonObject = (JSONObject) objectJSON;
LOG.trace("theJSONObject: " + theJsonObject.toString(3));
LOG.debug("theJSONObject: " + theJsonObject.toString(3));
GCubeSDIViewerLayerDV gsdiLayer = converLayer(config, theJsonObject);
listSDILayers.add(gsdiLayer);
}
@ -806,7 +817,7 @@ public class Geoportal_JSON_Mapper {
* @param myLogin the my login
* @return true, if is accessible section according to policy
*/
private static boolean isAccessibleSectionAccordingToPolicy(Document section, String sectionJSONPath,
public static boolean isAccessibleSectionAccordingToPolicy(Document section, String sectionJSONPath,
String myLogin) {
LOG.debug("isAccessibleSectionAccordingToPolicy called");
boolean isAccessible = true;
@ -853,7 +864,8 @@ public class Geoportal_JSON_Mapper {
// If policy does not exist into fileset, reading from the parent section
if (_policy == null) {
accessPolicyPath = JSON_$_POINTER + "._access._policy";
LOG.debug("Reading access policy at {} into section document {}", accessPolicyPath, sectionDocumentJSON);
LOG.debug("Reading access policy at {} into section document {}", accessPolicyPath,
sectionDocumentJSON);
try {
JsonPath theSectionPolycJsonPath = JsonPath.compile(accessPolicyPath);
_policy = theSectionPolycJsonPath.read(sectionDocumentJSON, configuration).toString();
@ -871,7 +883,7 @@ public class Geoportal_JSON_Mapper {
} catch (Exception e) {
LOG.error(accessPolicyPath + " not found. Check OK");
}
LOG.info("Is the section {} accessible? {}", sectionDocumentJSON, isAccessible);
LOG.info("It is {} accessible the section {} accessible? {}", isAccessible, sectionDocumentJSON);
return isAccessible;
}

30
src/test/java/org/gcube/portlets/user/geoportaldataviewer/GeoportalViewer_Tests.java
View File

@ -22,6 +22,8 @@ import org.gcube.application.geoportalcommon.ProjectDVBuilder;
import org.gcube.application.geoportalcommon.geoportal.GeoportalClientCaller;
import org.gcube.application.geoportalcommon.geoportal.ProjectsCaller;
import org.gcube.application.geoportalcommon.geoportal.UseCaseDescriptorCaller;
import org.gcube.application.geoportalcommon.geoportal.access.GeportalCheckAccessPolicy;
import org.gcube.application.geoportalcommon.geoportal.access.GeportalCheckAccessPolicy.ACCESS_POLICY;
import org.gcube.application.geoportalcommon.geoportal.util.GisUtil;
import org.gcube.application.geoportalcommon.shared.SearchingFilter;
import org.gcube.application.geoportalcommon.shared.SearchingFilter.LOGICAL_OP;
@ -40,6 +42,7 @@ import org.gcube.portlets.user.geoportaldataviewer.server.Geoportal_JSON_Mapper;
import org.gcube.portlets.user.geoportaldataviewer.shared.ProjectEdit;
import org.json.JSONObject;
import org.junit.Before;
import org.junit.Test;
/**
* The Class GeoportalViewer_Tests.
@ -54,14 +57,15 @@ public class GeoportalViewer_Tests {
private ProjectsCaller clientProjects;
private static String CONTEXT = "/pred4s/preprod/preVRE";
private static String TOKEN = ""; //preVRE
//private static String CONTEXT = "/pred4s/preprod/preVRE";
private static String CONTEXT = "/d4science.research-infrastructures.eu/D4OS/GNA";
private static String TOKEN = ""; //GNA
//private static String CONTEXT = "/gcube/devsec/devVRE";
//private static String TOKEN = ""; // devVRE
private static String PROFILE_ID = "profiledConcessioni";
private static String PROJECT_ID = "637ceb4d21dd0d6fb9f24706";
private static String PROJECT_ID = "6388ea6ca1e60e66b7b584e0";
private static String USERNAME = "francesco.mangiacrapa";
@ -113,9 +117,25 @@ public class GeoportalViewer_Tests {
String jsonDocument = project.getTheDocument().toJson();
System.out.println("JSON Project is: " + jsonDocument);
String materializationParentJSONPath = String.format("%s..%s", Geoportal_JSON_Mapper.JSON_$_POINTER,
Geoportal_JSON_Mapper.FILESET);
ACCESS_POLICY accessPolicy = GeportalCheckAccessPolicy.accessPolicyFromSessionLogin(null);
String materializationParentJSONPath = null;
if(accessPolicy.equals(ACCESS_POLICY.OPEN)) {
//Filtering for ACCESS_POLICY.OPEN when the username is not in session. IAM identity is running, no logged in user.
materializationParentJSONPath = String.format("%s..%s[?(@._access._policy=='%s')]", Geoportal_JSON_Mapper.JSON_$_POINTER,
Geoportal_JSON_Mapper.FILESET, accessPolicy);
}else {
//Accessing to all fileset (with any ACCESS_POLICY) when the user is logged in.
materializationParentJSONPath = String.format("%s..%s", Geoportal_JSON_Mapper.JSON_$_POINTER,
Geoportal_JSON_Mapper.FILESET);
}
System.out.println("jsonPathQuery is: "+materializationParentJSONPath);
// String materializationParentJSONPath = String.format("%s..%s", Geoportal_JSON_Mapper.JSON_$_POINTER,
// Geoportal_JSON_Mapper.FILESET);
//
listLayers = Geoportal_JSON_Mapper.readGcubeSDILayersForFileset(materializationParentJSONPath,
jsonDocument);