Geomajas Community Documentation
The security is applied throughout Geomajas. A list of places (which is not necessarily complete) and some additional ideas for application follow.
Back-end services:
CommandDispatcher
verifies the existence of a
SecurityContext
and creates one if needed.
CommandDispatcher
verifies whether the command
is allowed to be used.
VectorLayerService:
Check layer access.
Handle the "filter" for the layer (if any).
Filter on visible area as this can increase query speed.
Post-process features filtering unreadable attributes, set update flags, remove features which are not allowed.
Commands:
configuration.Get and configuration.GetMap: layers which are invisible should be removed, tools which are not authorized should be removed, "editable" and "deletable" statusses on layers, features, attributes need to be set.
configuration.UserMaximumExtent: max extent should only consider visible features.
feature.PersistTransaction: making changes to attributes which are not editable should cause a security exception.
feature.SearchByLocation: only return visible features and readable attributes.
feature.SearchFeature: only return visible features and readable attributes.
geometry.Get: only return the geometry for visible features.
geometry.MergePolygon: no security implications.
geometry.SplitPolygon: no security implications.
render.GetRasterTiles: should only return data for visible layers, ideally post-processing the image to ensure only visible area is included (making the rest transparent).
render.GetVectorTile: should only return data for visible layers, only display visible features, only return visible features, only render visible features. When attributes need to be included, only readable attributes should be included and the "editable" flag needs to be set.
Rendering:
The individual rendering steps (especially the layer/feature
model) can use the SecurityContext
to filter the data
they produce.
Images can have areas masked which are not allowed to be seen.
The rendering pipeline can include steps which check the security. This can make life easier on the layer model which are not guaranteed (or forced) to handle all security aspects. These are active by default but can be removed for speed (when you are sure this is double work).
Cache:
The caching needs to consider the access rights when storing and retrieving data.
Face:
The face is responsible for assuring a authentication token is included in all access to the back-end.
The "get configuration" commands filter the data to assure invisible layer and attributes and tools which are not allowed are not displayed. No action needed.
Specific tests on editability of individual features and attributes would be useful to assure the user does try to enter or modify data which cannot be saved.
The face should ask for credentials again when the token was
not available or is no longer valid. Specifically when a
GeomajasSecurityException
is received which code
ExceptionCode.CREDENTIALS_MISSING_OR_INVALID
.