use of ddf.catalog.security.FilterResult in project ddf by codice.
the class FilterPlugin method processPostQuery.
@Override
public QueryResponse processPostQuery(QueryResponse input) throws StopProcessingException {
if (input.getRequest() == null || input.getRequest().getProperties() == null) {
throw new StopProcessingException(UNABLE_TO_FILTER_MSG);
}
Subject subject = getSubject(input);
List<Result> results = input.getResults();
List<Result> newResults = new ArrayList<>(results.size());
Metacard metacard;
KeyValueCollectionPermission securityPermission = permissions.buildKeyValueCollectionPermission(CollectionPermission.READ_ACTION);
int filteredMetacards = 0;
for (Result result : results) {
metacard = result.getMetacard();
Attribute attr = metacard.getAttribute(Metacard.SECURITY);
if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.READ_ACTION)) {
for (FilterStrategy filterStrategy : filterStrategies.values()) {
FilterResult filterResult = filterStrategy.process(input, metacard);
if (filterResult.processed()) {
if (filterResult.metacard() != null) {
newResults.add(new ResultImpl(filterResult.metacard()));
}
break;
// returned responses are ignored for queries
}
}
filteredMetacards++;
} else {
newResults.add(result);
}
}
if (filteredMetacards > 0) {
securityLogger.audit("Filtered " + filteredMetacards + " metacards, returned " + newResults.size(), subject);
}
input.getResults().clear();
input.getResults().addAll(newResults);
newResults.clear();
return input;
}
use of ddf.catalog.security.FilterResult in project ddf by codice.
the class FilterPlugin method processPostDelete.
@Override
public DeleteResponse processPostDelete(DeleteResponse input) throws StopProcessingException {
if (input.getRequest() == null || input.getRequest().getProperties() == null) {
throw new StopProcessingException(UNABLE_TO_FILTER_MSG);
}
Subject subject = getSubject(input);
List<Metacard> results = input.getDeletedMetacards();
List<Metacard> newResults = new ArrayList<>(results.size());
KeyValueCollectionPermission securityPermission = permissions.buildKeyValueCollectionPermission(CollectionPermission.READ_ACTION);
int filteredMetacards = 0;
for (Metacard metacard : results) {
Attribute attr = metacard.getAttribute(Metacard.SECURITY);
if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.READ_ACTION)) {
for (FilterStrategy filterStrategy : filterStrategies.values()) {
FilterResult filterResult = filterStrategy.process(input, metacard);
if (filterResult.processed()) {
if (filterResult.metacard() != null) {
newResults.add(filterResult.metacard());
}
break;
// returned responses are ignored for deletes
}
}
filteredMetacards++;
} else {
newResults.add(metacard);
}
}
if (filteredMetacards > 0) {
securityLogger.audit("Filtered " + filteredMetacards + " metacards, returned " + newResults.size(), subject);
}
input.getDeletedMetacards().clear();
input.getDeletedMetacards().addAll(newResults);
newResults.clear();
return input;
}
use of ddf.catalog.security.FilterResult in project ddf by codice.
the class FilterPlugin method processPostResource.
@Override
public ResourceResponse processPostResource(ResourceResponse input, Metacard metacard) throws StopProcessingException {
if (input.getRequest() == null || input.getRequest().getProperties() == null) {
throw new StopProcessingException(UNABLE_TO_FILTER_MSG);
}
KeyValueCollectionPermission securityPermission = permissions.buildKeyValueCollectionPermission(CollectionPermission.READ_ACTION);
Subject subject = getSubject(input);
Attribute attr = metacard.getAttribute(Metacard.SECURITY);
if (!checkPermissions(attr, securityPermission, subject, CollectionPermission.READ_ACTION)) {
for (FilterStrategy filterStrategy : filterStrategies.values()) {
FilterResult filterResult = filterStrategy.process(input, metacard);
if (filterResult.processed()) {
if (filterResult.response() == null) {
throw new StopProcessingException("Subject not permitted to receive resource");
} else {
input = (ResourceResponse) filterResult.response();
}
break;
// returned metacards are ignored for resource requests
}
}
if (filterStrategies.isEmpty()) {
throw new StopProcessingException("Subject not permitted to receive resource");
}
}
return input;
}
Aggregations