Security Module
Security Proxy Facade
- class registry.proxy.wms_proxy.WebMapServiceProxy(**kwargs)
Security proxy facade to secure registered services spatial by there operations and for sets of users.
- Attr service
registry.models.service.Service
the requested service which was found by the pk.- Attr remote_service
registry.ows_client.request_builder.WebService
the request builder to get preparedrequests.models.Request
objects with the correct uri and query params.- Attr access_denied_img
if sub elements are not accessible for the user, this PIL.Image object represents an overlay with information about the resources, which can not be accessed
- Attr bbox
django.contrib.gis.geos.polygon.Polygon
the parsed bbox from query params.
- get_and_post(request, *args, **kwargs)
Http get/post method with security case decisioning.
- Principle constraints:
service is found by the given primary key. If not return
404 - Service not found.
service is active. If not return
423 - Service is disabled.
request query parameter is provided. If not return
400 - Request param is missing
- Service is not secured condition:
service.is_secured == False
OR
service.is_spatial_secured == False and service.is_user_principle_entitled == True
OR
request query parameter not in [‘GetMap’, ‘GetFeatureType’, ‘GetFeature’]
If one condition matches, return the response from the remote service.
- Service is secured condition:
service.is_spatial_secured ==True and service.is_user_principle_entitled == True
If the condition matches, return the result from
get_secured_response()
- Default behavior:
return
403 (Forbidden) - User has no permissions to request this service.
Note
all error messages will be send as an owsExceptionReport. See
return_http_response()
for details.- Returns
the computed response based on some principle decisions.
- Return type
dict or
requests.models.Request
- handle_get_feature_info_with_multithreading()
We use multithreading to send two requests at the same time to speed up the response time.
- handle_secured_get_feature_info()
Return the GetFeatureInfo response if the bbox is covered by any allowed area or the response features are contained in any allowed area.
IF not we response with a owsExceptionReport in xml format.
Note
excerpt from ogc specs ogc wms 1.3.0: The server shall return a response according to the requested INFO_FORMAT if the request is valid, or issue a service exception otherwise. The nature of the response is at the discretion of the service provider, but it shall pertain to the feature(s) nearest to (I,J). (see section 7.4.4)
- Returns
the GetFeatureInfo response
- Return type
request.models.Response
or dict if the request is not allowed.
- handle_secured_get_map()
Compute the secured get map response if the requested bbox intersects any allowed area.
- Example 1: bbox covers allowed area
- Example 2: bbox intersects allowed area
-
- return
The cropped map image with status code 200 or an error message with status code 403 (Forbidden) if the bbox doesn’t intersects any allowed area.
- rtype
dict
- secure_request()
Handler to decide which subroutine for the given request param shall run. :return: the correct handler function for the given request param. :rtype: function
- service_cls
- class registry.proxy.wfs_proxy.WebFeatureServiceProxy(**kwargs)
Security proxy facade to secure registered services spatial by there operations and for sets of users.
- Attr service
registry.models.service.Service
the requested service which was found by the pk.- Attr remote_service
registry.ows_client.request_builder.WebService
the request builder to get preparedrequests.models.Request
objects with the correct uri and query params.- Attr access_denied_img
if sub elements are not accessible for the user, this PIL.Image object represents an overlay with information about the resources, which can not be accessed
- Attr bbox
django.contrib.gis.geos.polygon.Polygon
the parsed bbox from query params.
- secure_request()
Handler to decide which subroutine for the given request param shall run. :return: the correct handler function for the given request param. :rtype: function
- service_cls