Andrea,
I have been through the app-schema implementation and I am pretty sure we are doing the right thing. I'm testing a patch for SecuredFeatureSource.
In SecuredFeatureSource.getFeatures(Query) you assume that a data store is "bad" if it returns a collection with a schema that is larger than the requested number of attributes. I do not think that this is a justified assumption:
(1) As far as I know, data stores are under no obligation to provide a different schema when the security subsystem is limiting output attributes. What would be the point for app-schema, when the schemas are published elsewhere? But we do support attribute restrictions (honoured for optional properties): you can see the unfiltered schema, but that does not mean that you can see these properties populated in each feature. Just because simple features behave this was does not mean it is the required behaviour.
(2) Application schemas are all about interoperability. Servers delivering types conforming to application schemas cannot just go rewriting their schemas according to service owner preference. To conform to an application schema, encoded features must include all mandatory properties specified in the type definition, regardless of the security subsystem. This is different to the simple features world-view, in which schemas are made up on the fly and all properties are optional. For this reason, app-schema populates all mandatory properties for which it has mappings, even when the security subsystem says not to. Service owners can map the appropriate nil representation to a mandatory property that they do not wish to deliver. Another possible solution might be for app-schema to automatically encode a "withheld" OGC URI for a complex property that is mandatory but not included in the security allowed-attribute list.
I'll attach the patch to:
http://jira.codehaus.org/browse/GEOS-4674
Kind regards,
Ben.
On 07/07/11 04:18, Andrea Aime wrote:
Hi,
I see the build is failing in the app-schema extension in a security
related test, and that the cause is the fix for:
http://jira.codehaus.org/browse/GEOS-4674
We have a number of tests in simple feature land that work properly,
and I'm pretty sure the previous behavior was buggy.
However along with the test I also hardened the security code against
store that might not respect property selection, something which
I could do for simple features, but not for complex ones, since
it's security if I see there are more attributes than allowed in the
schema, and nobody cared to develop a retyping feature collection
for complex features I just throw an exception.
That might be the cause for the failure, not sure, don't have the
code handy right now, but if the issue is what I think it is,
I'm wondering if it's acceptable that
complex features store can return more attributes than allowed
by the security subsytem (rethoric question, it's not unless I'm
missing something obvious)
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
-------------------------------------------------------
--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineering Team Leader
CSIRO Earth Science and Resource Engineering
Australian Resources Research Centre