[GEOS-8450] DescribeCoverage should not fail on secured datasets with…

… catalog in challenge mode
geoserver · Apr 29, 2019 · b8227ea · b8227ea
1 parent 301f3ca
commit b8227ea
Show file tree

Hide file tree

Showing 6 changed files with 199 additions and 12 deletions.
diff --git a/...nsion/wcs2_0-eo/core/src/test/java/org/geoserver/wcs2_0/eo/DescribeOECoverageSetTest.java b/...nsion/wcs2_0-eo/core/src/test/java/org/geoserver/wcs2_0/eo/DescribeOECoverageSetTest.java
@@ -245,7 +245,7 @@ public void testSpatioTemporalDataset() throws Exception {
         Document dom =
                 getAsDOM(
                         "wcs?request=DescribeEOCoverageSet&version=2.0.1&service=WCS&eoid=sf__spatio-temporal_dss");
-        // print(dom);
+        print(dom);
 
         // this one has 16 granules
         assertEquals(

diff --git a/src/main/src/main/java/org/geoserver/security/decorators/SecuredCoverageInfo.java b/src/main/src/main/java/org/geoserver/security/decorators/SecuredCoverageInfo.java
@@ -56,7 +56,9 @@ public GridCoverageReader getGridCoverageReader(ProgressListener listener, Hints
             throws IOException {
         Request request = Dispatcher.REQUEST.get();
         if (policy.level == AccessLevel.METADATA
-                && (request == null || !"GetCapabilities".equalsIgnoreCase(request.getRequest()))) {
+                && (request == null
+                        || (!"GetCapabilities".equalsIgnoreCase(request.getRequest()))
+                                && !"DescribeCoverage".equalsIgnoreCase(request.getRequest()))) {
             throw SecureCatalogImpl.unauthorizedAccess(this.getName());
         }
         GridCoverageReader reader = super.getGridCoverageReader(listener, hints);

diff --git a/src/wcs2_0/src/main/java/org/geoserver/wcs2_0/response/GMLTransformer.java b/src/wcs2_0/src/main/java/org/geoserver/wcs2_0/response/GMLTransformer.java
@@ -30,7 +30,6 @@
 import org.geotools.coverage.GridSampleDimension;
 import org.geotools.coverage.TypeMap;
 import org.geotools.coverage.grid.GridCoverage2D;
-import org.geotools.coverage.grid.GridEnvelope2D;
 import org.geotools.coverage.grid.GridGeometry2D;
 import org.geotools.coverage.grid.io.GridCoverage2DReader;
 import org.geotools.coverage.util.CoverageUtilities;
@@ -217,7 +216,7 @@ public void encode(Object o) throws IllegalArgumentException {
             handleRangeType(gc2d);
 
             // handle coverage function
-            final GridEnvelope2D ge2D = gc2d.getGridGeometry().getGridRange2D();
+            final GridEnvelope ge2D = gc2d.getGridGeometry().getGridRange();
             handleCoverageFunction(ge2D, axisSwap);
 
             // handle range
@@ -248,7 +247,7 @@ public void encode(Object o) throws IllegalArgumentException {
          * @param gc2d
          * @param axisSwap
          */
-        public void handleCoverageFunction(GridEnvelope2D gridRange, boolean axisSwap) {
+        public void handleCoverageFunction(GridEnvelope gridRange, boolean axisSwap) {
             start("gml:coverageFunction");
             start("gml:GridFunction");
 
@@ -258,9 +257,10 @@ public void handleCoverageFunction(GridEnvelope2D gridRange, boolean axisSwap) {
             element("gml:sequenceRule", "Linear", gridAttrs); // minOccurs 0, default Linear
             element(
                     "gml:startPoint",
-                    gridRange.x
+                    gridRange.getLow(0)
                             + " "
-                            + gridRange.y); // we start at minx, miny (this is optional though)
+                            + gridRange.getLow(
+                                    1)); // we start at minx, miny (this is optional though)
 
             end("gml:GridFunction");
             end("gml:coverageFunction");

diff --git a/src/wcs2_0/src/main/java/org/geoserver/wcs2_0/response/WCS20DescribeCoverageTransformer.java b/src/wcs2_0/src/main/java/org/geoserver/wcs2_0/response/WCS20DescribeCoverageTransformer.java
@@ -11,11 +11,13 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 import java.util.logging.Logger;
 import net.opengis.wcs20.DescribeCoverageType;
 import org.geoserver.catalog.Catalog;
 import org.geoserver.catalog.CoverageDimensionInfo;
 import org.geoserver.catalog.CoverageInfo;
+import org.geoserver.catalog.DimensionInfo;
 import org.geoserver.catalog.KeywordInfo;
 import org.geoserver.catalog.LayerInfo;
 import org.geoserver.catalog.MetadataLinkInfo;
@@ -197,16 +199,21 @@ String buildSchemaLocation(String schemaBaseURL, String... locations) {
         public void handleCoverageDescription(String encodedId, CoverageInfo ci) {
 
             try {
-                // see if we have to handle time, elevation and additional dimensions
-                WCSDimensionsHelper dimensionsHelper =
-                        WCSDimensionsHelper.getWCSDimensionsHelper(
-                                encodedId, ci, RequestUtils.getCoverageReader(ci));
-
                 GridCoverage2DReader reader =
                         (GridCoverage2DReader) ci.getGridCoverageReader(null, null);
                 if (reader == null) {
                     throw new WCS20Exception("Unable to read sample coverage for " + ci.getName());
                 }
+
+                // see if we have to handle time, elevation and additional dimensions
+                Map<String, DimensionInfo> dimensionsMap =
+                        WCSDimensionsHelper.getDimensionsFromMetadata(ci.getMetadata());
+                WCSDimensionsHelper dimensionsHelper = null;
+                if (dimensionsMap != null && !dimensionsMap.isEmpty()) {
+                    dimensionsHelper =
+                            WCSDimensionsHelper.getWCSDimensionsHelper(encodedId, ci, reader);
+                }
+
                 // get the crs and look for an EPSG code
                 final CoordinateReferenceSystem crs = reader.getCoordinateReferenceSystem();
                 List<String> axesNames =

diff --git a/src/wcs2_0/src/test/java/org/geoserver/wcs2_0/ResourceAccessManagerWCSTest.java b/src/wcs2_0/src/test/java/org/geoserver/wcs2_0/ResourceAccessManagerWCSTest.java
@@ -0,0 +1,154 @@
+/*
+ *    GeoTools - The Open Source Java GIS Toolkit
+ *    http://geotools.org
+ *
+ *    (C) 2019, Open Source Geospatial Foundation (OSGeo)
+ *
+ *    This library is free software; you can redistribute it and/or
+ *    modify it under the terms of the GNU Lesser General Public
+ *    License as published by the Free Software Foundation;
+ *    version 2.1 of the License.
+ *
+ *    This library is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *    Lesser General Public License for more details.
+ *
+ */
+package org.geoserver.wcs2_0;
+
+import static org.custommonkey.xmlunit.XMLAssert.assertXpathEvaluatesTo;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.util.Collections;
+import java.util.List;
+import java.util.Properties;
+import javax.xml.namespace.QName;
+import org.geoserver.catalog.Catalog;
+import org.geoserver.catalog.CoverageInfo;
+import org.geoserver.catalog.DimensionPresentation;
+import org.geoserver.catalog.ResourceInfo;
+import org.geoserver.data.test.MockData;
+import org.geoserver.data.test.SystemTestData;
+import org.geoserver.platform.GeoServerExtensions;
+import org.geoserver.security.CatalogMode;
+import org.geoserver.security.CoverageAccessLimits;
+import org.geoserver.security.TestResourceAccessManager;
+import org.junit.Test;
+import org.opengis.filter.Filter;
+import org.w3c.dom.Document;
+
+public class ResourceAccessManagerWCSTest extends WCSTestSupport {
+
+    protected static QName WATTEMP = new QName(MockData.SF_URI, "watertemp", MockData.SF_PREFIX);
+    protected static final String UNITS = "foot";
+    protected static final String UNIT_SYMBOL = "ft";
+
+    protected void setUpSpring(List<String> springContextLocations) {
+        super.setUpSpring(springContextLocations);
+        springContextLocations.add(
+                "classpath:/org/geoserver/wcs2_0/ResourceAccessManagerContext.xml");
+    }
+
+    /** Enable the Spring Security auth filters */
+    @Override
+    protected List<javax.servlet.Filter> getFilters() {
+        return Collections.singletonList(
+                (javax.servlet.Filter) GeoServerExtensions.bean("filterChainProxy"));
+    }
+
+    /** Add the users */
+    @Override
+    protected void setUpTestData(SystemTestData testData) throws Exception {
+        super.setUpTestData(testData);
+        File security = new File(testData.getDataDirectoryRoot(), "security");
+        security.mkdir();
+
+        File users = new File(security, "users.properties");
+        Properties props = new Properties();
+        props.put("admin", "geoserver,ROLE_ADMINISTRATOR");
+        props.put("cite", "cite,ROLE_DUMMY");
+        props.store(new FileOutputStream(users), "");
+    }
+
+    @Override
+    protected void onSetUp(SystemTestData testData) throws Exception {
+        super.onSetUp(testData);
+
+        // these users follow a full auth
+        addUser("cite", "cite", null, Collections.singletonList("ROLE_DUMMY"));
+
+        // a raster with dimensions
+        Catalog catalog = getCatalog();
+        testData.addRasterLayer(
+                WATTEMP, "watertemp.zip", null, null, SystemTestData.class, catalog);
+        setupRasterDimension(
+                WATTEMP,
+                ResourceInfo.ELEVATION,
+                DimensionPresentation.LIST,
+                null,
+                UNITS,
+                UNIT_SYMBOL);
+        setupRasterDimension(
+                WATTEMP, ResourceInfo.TIME, DimensionPresentation.LIST, null, null, null);
+
+        // populate the access manager
+        TestResourceAccessManager tam =
+                (TestResourceAccessManager) applicationContext.getBean("testResourceAccessManager");
+        CoverageInfo waterTemp = catalog.getCoverageByName(getLayerId(WATTEMP));
+        tam.putLimits(
+                "cite",
+                waterTemp,
+                new CoverageAccessLimits(CatalogMode.CHALLENGE, Filter.EXCLUDE, null, null));
+    }
+
+    /**
+     * DescribeCoverage requires a special exemption to run as it needs to access actual data to
+     * fill in the time and elevation
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testDescribeWithTimeElevation() throws Exception {
+        setRequestAuth("cite", "cite");
+        Document dom =
+                getAsDOM(
+                        "wcs?request=DescribeCoverage&service=WCS&version=2.0.0&coverageId=sf__watertemp");
+        print(dom);
+
+        // print(dom);
+        checkValidationErrors(dom, getWcs20Schema());
+
+        // check that metadata contains a list of times
+        assertXpathEvaluatesTo(
+                "2",
+                "count(//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant)",
+                dom);
+        assertXpathEvaluatesTo(
+                "sf__watertemp_td_0",
+                "//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[1]/@gml:id",
+                dom);
+        assertXpathEvaluatesTo(
+                "2008-10-31T00:00:00.000Z",
+                "//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[1]/gml:timePosition",
+                dom);
+        assertXpathEvaluatesTo(
+                "sf__watertemp_td_1",
+                "//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[2]/@gml:id",
+                dom);
+        assertXpathEvaluatesTo(
+                "2008-11-01T00:00:00.000Z",
+                "//gmlcov:metadata/gmlcov:Extension/wcsgs:TimeDomain/gml:TimeInstant[2]/gml:timePosition",
+                dom);
+        // and a list of elevations
+        assertXpathEvaluatesTo(
+                "2",
+                "count(//gmlcov:metadata/gmlcov:Extension/wcsgs:ElevationDomain/wcsgs:SingleValue)",
+                dom);
+        assertXpathEvaluatesTo(
+                "0.0", "//gmlcov:metadata/gmlcov:Extension/wcsgs:ElevationDomain/@default", dom);
+        assertXpathEvaluatesTo(
+                "ft", "//gmlcov:metadata/gmlcov:Extension/wcsgs:ElevationDomain/@uom", dom);
+    }
+}
diff --git a/src/wcs2_0/src/test/resources/org/geoserver/wcs2_0/ResourceAccessManagerContext.xml b/src/wcs2_0/src/test/resources/org/geoserver/wcs2_0/ResourceAccessManagerContext.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~    GeoTools - The Open Source Java GIS Toolkit
+  ~    http://geotools.org
+  ~
+  ~    (C) 2019, Open Source Geospatial Foundation (OSGeo)
+  ~
+  ~    This library is free software; you can redistribute it and/or
+  ~    modify it under the terms of the GNU Lesser General Public
+  ~    License as published by the Free Software Foundation;
+  ~    version 2.1 of the License.
+  ~
+  ~    This library is distributed in the hope that it will be useful,
+  ~    but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  ~    Lesser General Public License for more details.
+  ~
+  -->
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+  <bean id="testResourceAccessManager" class="org.geoserver.security.TestResourceAccessManager"/>
+</beans>