From 805cac4973c1723ddbfe6f6a064dd70f0f594467 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Thu, 25 Aug 2022 12:04:56 +0200
Subject: [PATCH 1/4] Tests restruct

---
 .../services/RuleReaderServiceImplTest.java   | 455 -----------------
 .../RuleReaderServiceImpl_GeomTest.java       | 456 ++++++++++++++++++
 2 files changed, 456 insertions(+), 455 deletions(-)
 create mode 100644 src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java

diff --git a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
index fc976187..f4da6c23 100644
--- a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
+++ b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
@@ -6,12 +6,7 @@
 package org.geoserver.geofence.services;
 
 import org.geoserver.geofence.core.model.*;
-import org.locationtech.jts.geom.Geometry;
-import org.geoserver.geofence.core.model.enums.CatalogMode;
 import org.geoserver.geofence.core.model.enums.*;
-import org.locationtech.jts.geom.MultiPolygon;
-import org.locationtech.jts.io.ParseException;
-import org.locationtech.jts.io.WKTReader;
 import org.geoserver.geofence.services.dto.AccessInfo;
 import org.geoserver.geofence.services.dto.RuleFilter;
 import org.geoserver.geofence.services.dto.RuleFilter.SpecialFilterType;
@@ -391,17 +386,6 @@ public void testGroupOrder02() {
         assertEquals(GrantType.DENY, ruleReaderService.getAccessInfo(filterU2).getGrant());
     }
 
-    protected MultiPolygon buildMultiPolygon(String multip) {
-        try {
-            WKTReader reader = new WKTReader();
-            MultiPolygon mp = (MultiPolygon) reader.read(multip);
-            mp.setSRID(4326);
-            return mp;
-        } catch (ParseException ex) {
-            throw new RuntimeException("Unexpected exception: " + ex.getMessage(), ex);
-        }
-    }
-
     @Test
     public void testAttrib() throws NotFoundServiceEx {
         assertEquals(0, ruleAdminService.getCountAll());
@@ -735,443 +719,4 @@ public void testAdminRules() {
         assertTrue(accessInfo.getAdminRights());
     }
 
-    @Test
-    public void testRuleLimitsAllowedAreaSRIDIsPreserved() throws NotFoundServiceEx, ParseException {
-        // test that the original SRID is present in the allowedArea wkt representation,
-        // when retrieving it from the AccessInfo object
-        Long id =null;
-        Long id2=null;
-        try {
-            {
-                Rule r1 = new Rule(10, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
-                ruleAdminService.insert(r1);
-                id = r1.getId();
-            }
-
-            {
-                Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
-                id2 = ruleAdminService.insert(r2);
-            }
-
-            // save limits and check it has been saved
-            {
-                RuleLimits limits = new RuleLimits();
-                String wkt = "MULTIPOLYGON(((0.0016139656066815888 -0.0006386457758059581,0.0019599705696027314 -0.0006386457758059581,0.0019599705696027314 -0.0008854090051601674,0.0016139656066815888 -0.0008854090051601674,0.0016139656066815888 -0.0006386457758059581)))";
-                Geometry allowedArea = new WKTReader().read(wkt);
-                allowedArea.setSRID(3857);
-                limits.setAllowedArea((MultiPolygon) allowedArea);
-                ruleAdminService.setLimits(id, limits);
-            }
-
-            {
-                RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-                filter.setWorkspace("w1");
-                filter.setService("s1");
-                filter.setRequest("r1");
-                filter.setLayer("l1");
-                AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-                String[] wktAr = accessInfo.getAreaWkt().split(";");
-                assertEquals("SRID=3857", wktAr[0]);
-
-            }
-        } finally {
-
-            if(id!=null)
-                ruleAdminService.delete(id);
-            if (id2!=null)
-                ruleAdminService.delete(id2);
-
-        }
-    }
-
-
-    @Test
-    public void testRuleLimitsAllowedAreaReprojectionWithDifferentSrid() throws NotFoundServiceEx, ParseException {
-        // test that the original SRID is present in the allowedArea wkt representation,
-        // when retrieving it from the AccessInfo object
-        Long id = null;
-        Long id2 = null;
-        Long id3 = null;
-        try {
-            {
-                Rule r1 = new Rule(999, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
-                ruleAdminService.insert(r1);
-                id = r1.getId();
-            }
-
-            {
-                Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
-                id2 = ruleAdminService.insert(r2);
-            }
-
-            // save limits and check it has been saved
-            {
-                RuleLimits limits = new RuleLimits();
-                String wkt = "MultiPolygon (((1680529.71478682174347341 4849746.00902365241199732, 1682436.7076464940328151 4849731.7422441728413105, 1682446.21883281995542347 4849208.62699576932936907, 1680524.95919364970177412 4849279.96089325752109289, 1680529.71478682174347341 4849746.00902365241199732)))";
-                Geometry allowedArea = new WKTReader().read(wkt);
-                allowedArea.setSRID(3003);
-                limits.setAllowedArea((MultiPolygon) allowedArea);
-                ruleAdminService.setLimits(id2, limits);
-            }
-
-            {
-                Rule r3 = new Rule(12, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
-                id3 = ruleAdminService.insert(r3);
-            }
-
-            // save limits and check it has been saved
-            {
-                RuleLimits limits = new RuleLimits();
-                String wkt = "MultiPolygon (((680588.67850254673976451 4850060.34823693986982107, 681482.71827003755606711 4850469.32878803834319115, 682633.56349697941914201 4849499.20374245755374432, 680588.67850254673976451 4850060.34823693986982107)))";
-                Geometry allowedArea = new WKTReader().read(wkt);
-                allowedArea.setSRID(23032);
-                limits.setAllowedArea((MultiPolygon) allowedArea);
-                ruleAdminService.setLimits(id3, limits);
-            }
-
-            {
-                RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-                filter.setWorkspace("w1");
-                filter.setService("s1");
-                filter.setRequest("r1");
-                filter.setLayer("l1");
-                AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-                String[] wktAr = accessInfo.getAreaWkt().split(";");
-                assertEquals("SRID=3003", wktAr[0]);
-
-            }
-        } finally {
-
-            if (id != null)
-                ruleAdminService.delete(id);
-            if (id2 != null)
-                ruleAdminService.delete(id2);
-            if (id3 != null)
-                ruleAdminService.delete(id3);
-
-        }
-    }
-    
-    public void testRuleSpatialFilterTypeClipSameGroup() throws ParseException {
-
-        // test that when we have two rules referring to the same group
-        // one having a filter type Intersects and the other one having filter type Clip
-        // the result is a clip area obtained by the intersection of the two.
-
-        UserGroup g1 = createRole("group11");
-        UserGroup g2 = createRole("group12");
-        GSUser user = createUser("auth11",g1,g2);
-
-        ruleAdminService.insert(new Rule(9999, null, null, null, null,     "s11", "r11", "w11", "l11", GrantType.ALLOW));
-        long id=ruleAdminService.insert(new Rule(10, user.getName(), "group11", null, null,     "s11", "r11", "w11", "l11", GrantType.LIMIT));
-        RuleLimits limits = new RuleLimits();
-        limits.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
-        MultiPolygon area=(MultiPolygon)new WKTReader().read(areaWKT);
-        limits.setAllowedArea(area);
-        ruleAdminService.setLimits(id, limits);
-
-
-        long id2=ruleAdminService.insert(new Rule(11, user.getName(), "group12", null, null,     "s11", "r11", "w11", "l11", GrantType.LIMIT));
-        RuleLimits limits2 = new RuleLimits();
-        limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits2.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT2="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
-        MultiPolygon area2=(MultiPolygon)new WKTReader().read(areaWKT2);
-        limits2.setAllowedArea(area2);
-        ruleAdminService.setLimits(id2, limits2);
-        RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-        filter.setWorkspace("w11");
-        filter.setLayer("l11");
-
-        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
-        assertFalse(accessInfo.getAdminRights());
-
-        // area in same group, the result should an itersection of the
-        // two allowed area as a clip geometry.
-
-        Geometry testArea=area.intersection(area2);
-        testArea.normalize();
-        assertNull(accessInfo.getAreaWkt());
-        assertNotNull(accessInfo.getClipAreaWkt());
-
-        Geometry resultArea= (new WKTReader().read(accessInfo.getClipAreaWkt()));
-        resultArea.normalize();
-        assertTrue(testArea.equalsExact(resultArea,10.0E-15));
-    }
-
-
-    @Test
-    public void testRuleSpatialFilterTypeIntersectsSameGroup() throws ParseException {
-
-        // test that when we have two rules referring to the same group
-        // both having a filter type Intersects
-        // the result is an intersect area obtained by the intersection of the two.
-
-        UserGroup g1 = createRole("group13");
-        UserGroup g2 = createRole("group14");
-        GSUser user = createUser("auth12",g1,g2);
-
-        ruleAdminService.insert(new Rule(9999, null, null, null, null,     "s11", "r11", "w11", "l11", GrantType.ALLOW));
-        long id=ruleAdminService.insert(new Rule(13, user.getName(), "group13", null, null,     "s11", "r11", "w11", "l11", GrantType.LIMIT));
-        RuleLimits limits = new RuleLimits();
-        limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
-        MultiPolygon area=(MultiPolygon)new WKTReader().read(areaWKT);
-        limits.setAllowedArea(area);
-        ruleAdminService.setLimits(id, limits);
-
-
-        long id2=ruleAdminService.insert(new Rule(14, user.getName(), "group14", null, null,     "s11", "r11", "w11", "l11", GrantType.LIMIT));
-        RuleLimits limits2 = new RuleLimits();
-        limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits2.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT2="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
-        MultiPolygon area2=(MultiPolygon)new WKTReader().read(areaWKT2);
-        limits2.setAllowedArea(area2);
-        ruleAdminService.setLimits(id2, limits2);
-        RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-        filter.setWorkspace("w11");
-        filter.setLayer("l11");
-
-        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
-        assertFalse(accessInfo.getAdminRights());
-
-        // area in same group, the result should an itersection of the
-        // two allowed area as an intersects geometry.
-
-        Geometry testArea=area.intersection(area2);
-        testArea.normalize();
-        assertNull(accessInfo.getClipAreaWkt());
-        assertNotNull(accessInfo.getAreaWkt());
-
-        Geometry resultArea= (new WKTReader().read(accessInfo.getAreaWkt()));
-        resultArea.normalize();
-        assertTrue(testArea.equalsExact(resultArea,10.0E-15));
-    }
-
-
-    @Test
-    public void testRuleSpatialFilterTypeEnlargeAccess() throws ParseException {
-        // test the access enalargement behaviour with the SpatialFilterType.
-        // the user belongs to two groups. One with an allowedArea of type intersects,
-        // the other one with an allowed area of type clip. They should be returned
-        // separately in the final rule.
-
-        UserGroup g1 = createRole("group22");
-        UserGroup g2 = createRole("group23");
-        GSUser user = createUser("auth22", g1,g2);
-
-        ruleAdminService.insert(new Rule(999, null, null, null, null,     "s22", "r22", "w22", "l22", GrantType.ALLOW));
-
-        long id=ruleAdminService.insert(new Rule(15, null, "group22", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits = new RuleLimits();
-        limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
-        MultiPolygon area=(MultiPolygon)new WKTReader().read(areaWKT);
-        limits.setAllowedArea(area);
-        ruleAdminService.setLimits(id, limits);
-
-
-        long id2=ruleAdminService.insert(new Rule(16,null, "group23", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits2 = new RuleLimits();
-        limits2.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits2.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT2="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
-        MultiPolygon area2=(MultiPolygon)new WKTReader().read(areaWKT2);
-        limits2.setAllowedArea(area2);
-        ruleAdminService.setLimits(id2, limits2);
-        RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-        filter.setWorkspace("w22");
-        filter.setLayer("l22");
-        filter.setUser(user.getName());
-        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
-        assertFalse(accessInfo.getAdminRights());
-
-        // we got a user in two groups one with an intersect spatialFilterType
-        // and the other with a clip spatialFilterType. The two area should haven
-        // been kept separated
-        assertNotNull(accessInfo.getAreaWkt());
-        assertNotNull(accessInfo.getClipAreaWkt());
-
-        // the intersects should be equal to the originally defined
-        // allowed area
-        Geometry intersects= new WKTReader().read(accessInfo.getAreaWkt());
-        intersects.normalize();
-        assertTrue(intersects.equalsExact(area, 10.0E-15));
-
-        Geometry clip=new WKTReader().read(accessInfo.getClipAreaWkt());
-        clip.normalize();
-        area2.normalize();
-        assertTrue(clip.equalsExact(area2,10.0E-15));
-    }
-
-
-    @Test
-    public void testRuleSpatialFilterTypeFourRules() throws ParseException {
-        // the user belongs to two groups and there are two rules for each group:
-        // INTERSECTS and CLIP for the first, and CLIP CLIP for the second.
-        // The expected result is only one allowedArea of type clip
-        // obtained by the intersection of the firs two, united with the intersection of the second two.
-        // the first INTERSECTS is resolve as CLIP because during constraint resolution the more restrictive
-        // type is chosen.
-
-        UserGroup g1 = createRole("group31");
-        UserGroup g2 = createRole("group32");
-        GSUser user = createUser("auth33", g1,g2);
-
-        WKTReader reader = new WKTReader();
-
-        ruleAdminService.insert(new Rule(999, null, null, null, null,     "s22", "r22", "w22", "l22", GrantType.ALLOW));
-
-        long id=ruleAdminService.insert(new Rule(17, null, "group31", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits = new RuleLimits();
-        limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
-        MultiPolygon area=(MultiPolygon)reader.read(areaWKT);
-        limits.setAllowedArea(area);
-        ruleAdminService.setLimits(id, limits);
-
-        long id2=ruleAdminService.insert(new Rule(18,null, "group31", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits2 = new RuleLimits();
-        limits2.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits2.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT2="MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
-        MultiPolygon area2=(MultiPolygon)reader.read(areaWKT2);
-        limits2.setAllowedArea(area2);
-        ruleAdminService.setLimits(id2, limits2);
-
-        long id3=ruleAdminService.insert(new Rule(19,null, "group32", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits3 = new RuleLimits();
-        limits3.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits3.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT3="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
-        MultiPolygon area3=(MultiPolygon)reader.read(areaWKT3);
-        limits3.setAllowedArea(area3);
-        ruleAdminService.setLimits(id3, limits3);
-
-
-        long id4=ruleAdminService.insert(new Rule(20,null, "group32", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits4 = new RuleLimits();
-        limits4.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits4.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT4="MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
-        MultiPolygon area4=(MultiPolygon)reader.read(areaWKT4);
-        limits4.setAllowedArea(area4);
-        ruleAdminService.setLimits(id4, limits4);
-
-
-        RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-        filter.setWorkspace("w22");
-        filter.setLayer("l22");
-        filter.setUser(user.getName());
-        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
-        assertFalse(accessInfo.getAdminRights());
-        // we should have only the clip geometry
-        assertNull(accessInfo.getAreaWkt());
-        assertNotNull(accessInfo.getClipAreaWkt());
-
-        // the intersects should be equal to the originally defined
-        // allowed area
-
-        Geometry expectedResult=area.intersection(area2).union(area3.intersection(area4));
-        expectedResult.normalize();
-        Geometry clip=reader.read(accessInfo.getClipAreaWkt());
-        clip.normalize();
-        assertTrue(clip.equalsExact(expectedResult,10.0E-15));
-    }
-
-
-    @Test
-    public void testRuleSpatialFilterTypeFourRules2() throws ParseException {
-        // the user belongs to two groups and there are two rules for each group:
-        // CLIP and CLIP for the first, and INTERSECTS INTERSECTS for the second.
-        // The expected result are two allowedArea the first of type clip and second of type intersects.
-
-        UserGroup g1 = createRole("group41");
-        UserGroup g2 = createRole("group42");
-        GSUser user = createUser("auth44", g1,g2);
-
-        WKTReader reader = new WKTReader();
-
-        ruleAdminService.insert(new Rule(999, null, null, null, null,     "s22", "r22", "w22", "l22", GrantType.ALLOW));
-
-        long id=ruleAdminService.insert(new Rule(21, null, "group41", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits = new RuleLimits();
-        limits.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
-        MultiPolygon area=(MultiPolygon)reader.read(areaWKT);
-        limits.setAllowedArea(area);
-        ruleAdminService.setLimits(id, limits);
-
-        long id2=ruleAdminService.insert(new Rule(22,null, "group41", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits2 = new RuleLimits();
-        limits2.setSpatialFilterType(SpatialFilterType.CLIP);
-        limits2.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT2="MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
-        MultiPolygon area2=(MultiPolygon)reader.read(areaWKT2);
-        limits2.setAllowedArea(area2);
-        ruleAdminService.setLimits(id2, limits2);
-
-        long id3=ruleAdminService.insert(new Rule(23,null, "group42", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits3 = new RuleLimits();
-        limits3.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits3.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT3="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
-        MultiPolygon area3=(MultiPolygon)reader.read(areaWKT3);
-        limits3.setAllowedArea(area3);
-        ruleAdminService.setLimits(id3, limits3);
-
-
-        long id4=ruleAdminService.insert(new Rule(24,null, "group42", null, null,     "s22", "r22", "w22", "l22", GrantType.LIMIT));
-        RuleLimits limits4 = new RuleLimits();
-        limits4.setSpatialFilterType(SpatialFilterType.INTERSECT);
-        limits4.setCatalogMode(CatalogMode.HIDE);
-        String areaWKT4="MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
-        MultiPolygon area4=(MultiPolygon)reader.read(areaWKT4);
-        limits4.setAllowedArea(area4);
-        ruleAdminService.setLimits(id4, limits4);
-
-
-        RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
-        filter.setWorkspace("w22");
-        filter.setLayer("l22");
-        filter.setUser(user.getName());
-        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
-        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
-        assertFalse(accessInfo.getAdminRights());
-
-        // we should have both
-        assertNotNull(accessInfo.getAreaWkt());
-        assertNotNull(accessInfo.getClipAreaWkt());
-
-        // the intersects should be equal to the originally defined
-        // allowed area
-
-        Geometry expectedIntersects=area3.intersection(area4);
-        expectedIntersects.normalize();
-        Geometry intersects=reader.read(accessInfo.getAreaWkt());
-        intersects.normalize();
-        System.out.println(intersects.toString());
-        System.out.println(expectedIntersects.toString());
-        assertTrue(expectedIntersects.equalsExact(intersects,10.0E-15));
-
-        Geometry clip=reader.read(accessInfo.getClipAreaWkt());
-        clip.normalize();
-        Geometry expectedClip=area2.intersection(area);
-        expectedClip.normalize();
-        assertTrue(expectedClip.equalsExact(clip,10.0E-15));
-
-    }
-
-
 }
diff --git a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java
new file mode 100644
index 00000000..580f0a33
--- /dev/null
+++ b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java
@@ -0,0 +1,456 @@
+package org.geoserver.geofence.services;
+
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertFalse;
+import static junit.framework.TestCase.assertNotNull;
+import static junit.framework.TestCase.assertNull;
+import static junit.framework.TestCase.assertTrue;
+import org.geoserver.geofence.core.model.GSUser;
+import org.geoserver.geofence.core.model.Rule;
+import org.geoserver.geofence.core.model.RuleLimits;
+import org.geoserver.geofence.core.model.UserGroup;
+import org.geoserver.geofence.core.model.enums.CatalogMode;
+import org.geoserver.geofence.core.model.enums.GrantType;
+import org.geoserver.geofence.core.model.enums.SpatialFilterType;
+import static org.geoserver.geofence.services.ServiceTestBase.ruleAdminService;
+import static org.geoserver.geofence.services.ServiceTestBase.ruleReaderService;
+import org.geoserver.geofence.services.dto.AccessInfo;
+import org.geoserver.geofence.services.dto.RuleFilter;
+import org.geoserver.geofence.services.exception.NotFoundServiceEx;
+import org.junit.Test;
+import org.locationtech.jts.geom.Geometry;
+import org.locationtech.jts.geom.MultiPolygon;
+import org.locationtech.jts.io.ParseException;
+import org.locationtech.jts.io.WKTReader;
+
+/**
+ *
+ */
+public class RuleReaderServiceImpl_GeomTest extends ServiceTestBase {
+
+    @Test
+    public void testRuleLimitsAllowedAreaSRIDIsPreserved() throws NotFoundServiceEx, ParseException {
+        // test that the original SRID is present in the allowedArea wkt representation,
+        // when retrieving it from the AccessInfo object
+        Long id = null;
+        Long id2 = null;
+        try {
+            {
+                Rule r1 = new Rule(10, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
+                ruleAdminService.insert(r1);
+                id = r1.getId();
+            }
+
+            {
+                Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
+                id2 = ruleAdminService.insert(r2);
+            }
+
+            // save limits and check it has been saved
+            {
+                RuleLimits limits = new RuleLimits();
+                String wkt = "MULTIPOLYGON(((0.0016139656066815888 -0.0006386457758059581,0.0019599705696027314 -0.0006386457758059581,0.0019599705696027314 -0.0008854090051601674,0.0016139656066815888 -0.0008854090051601674,0.0016139656066815888 -0.0006386457758059581)))";
+                Geometry allowedArea = new WKTReader().read(wkt);
+                allowedArea.setSRID(3857);
+                limits.setAllowedArea((MultiPolygon) allowedArea);
+                ruleAdminService.setLimits(id, limits);
+            }
+
+            {
+                RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+                filter.setWorkspace("w1");
+                filter.setService("s1");
+                filter.setRequest("r1");
+                filter.setLayer("l1");
+                AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+                String[] wktAr = accessInfo.getAreaWkt().split(";");
+                assertEquals("SRID=3857", wktAr[0]);
+
+            }
+        } finally {
+
+            if (id != null) {
+                ruleAdminService.delete(id);
+            }
+            if (id2 != null) {
+                ruleAdminService.delete(id2);
+            }
+
+        }
+    }
+
+    @Test
+    public void testRuleLimitsAllowedAreaReprojectionWithDifferentSrid() throws NotFoundServiceEx, ParseException {
+        // test that the original SRID is present in the allowedArea wkt representation,
+        // when retrieving it from the AccessInfo object
+        Long id = null;
+        Long id2 = null;
+        Long id3 = null;
+        try {
+            {
+                Rule r1 = new Rule(999, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
+                ruleAdminService.insert(r1);
+                id = r1.getId();
+            }
+
+            {
+                Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
+                id2 = ruleAdminService.insert(r2);
+            }
+
+            // save limits and check it has been saved
+            {
+                RuleLimits limits = new RuleLimits();
+                String wkt = "MultiPolygon (((1680529.71478682174347341 4849746.00902365241199732, 1682436.7076464940328151 4849731.7422441728413105, 1682446.21883281995542347 4849208.62699576932936907, 1680524.95919364970177412 4849279.96089325752109289, 1680529.71478682174347341 4849746.00902365241199732)))";
+                Geometry allowedArea = new WKTReader().read(wkt);
+                allowedArea.setSRID(3003);
+                limits.setAllowedArea((MultiPolygon) allowedArea);
+                ruleAdminService.setLimits(id2, limits);
+            }
+
+            {
+                Rule r3 = new Rule(12, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
+                id3 = ruleAdminService.insert(r3);
+            }
+
+            // save limits and check it has been saved
+            {
+                RuleLimits limits = new RuleLimits();
+                String wkt = "MultiPolygon (((680588.67850254673976451 4850060.34823693986982107, 681482.71827003755606711 4850469.32878803834319115, 682633.56349697941914201 4849499.20374245755374432, 680588.67850254673976451 4850060.34823693986982107)))";
+                Geometry allowedArea = new WKTReader().read(wkt);
+                allowedArea.setSRID(23032);
+                limits.setAllowedArea((MultiPolygon) allowedArea);
+                ruleAdminService.setLimits(id3, limits);
+            }
+
+            {
+                RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+                filter.setWorkspace("w1");
+                filter.setService("s1");
+                filter.setRequest("r1");
+                filter.setLayer("l1");
+                AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+                String[] wktAr = accessInfo.getAreaWkt().split(";");
+                assertEquals("SRID=3003", wktAr[0]);
+
+            }
+        } finally {
+
+            if (id != null) {
+                ruleAdminService.delete(id);
+            }
+            if (id2 != null) {
+                ruleAdminService.delete(id2);
+            }
+            if (id3 != null) {
+                ruleAdminService.delete(id3);
+            }
+
+        }
+    }
+
+    public void testRuleSpatialFilterTypeClipSameGroup() throws ParseException {
+
+        // test that when we have two rules referring to the same group
+        // one having a filter type Intersects and the other one having filter type Clip
+        // the result is a clip area obtained by the intersection of the two.
+        UserGroup g1 = createRole("group11");
+        UserGroup g2 = createRole("group12");
+        GSUser user = createUser("auth11", g1, g2);
+
+        ruleAdminService.insert(new Rule(9999, null, null, null, null, "s11", "r11", "w11", "l11", GrantType.ALLOW));
+        long id = ruleAdminService.insert(new Rule(10, user.getName(), "group11", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+        RuleLimits limits = new RuleLimits();
+        limits.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+        MultiPolygon area = (MultiPolygon) new WKTReader().read(areaWKT);
+        limits.setAllowedArea(area);
+        ruleAdminService.setLimits(id, limits);
+
+        long id2 = ruleAdminService.insert(new Rule(11, user.getName(), "group12", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+        RuleLimits limits2 = new RuleLimits();
+        limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits2.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT2 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+        MultiPolygon area2 = (MultiPolygon) new WKTReader().read(areaWKT2);
+        limits2.setAllowedArea(area2);
+        ruleAdminService.setLimits(id2, limits2);
+        RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+        filter.setWorkspace("w11");
+        filter.setLayer("l11");
+
+        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+        assertFalse(accessInfo.getAdminRights());
+
+        // area in same group, the result should an itersection of the
+        // two allowed area as a clip geometry.
+        Geometry testArea = area.intersection(area2);
+        testArea.normalize();
+        assertNull(accessInfo.getAreaWkt());
+        assertNotNull(accessInfo.getClipAreaWkt());
+
+        Geometry resultArea = (new WKTReader().read(accessInfo.getClipAreaWkt()));
+        resultArea.normalize();
+        assertTrue(testArea.equalsExact(resultArea, 10.0E-15));
+    }
+
+    @Test
+    public void testRuleSpatialFilterTypeIntersectsSameGroup() throws ParseException {
+
+        // test that when we have two rules referring to the same group
+        // both having a filter type Intersects
+        // the result is an intersect area obtained by the intersection of the two.
+        UserGroup g1 = createRole("group13");
+        UserGroup g2 = createRole("group14");
+        GSUser user = createUser("auth12", g1, g2);
+
+        ruleAdminService.insert(new Rule(9999, null, null, null, null, "s11", "r11", "w11", "l11", GrantType.ALLOW));
+        long id = ruleAdminService.insert(new Rule(13, user.getName(), "group13", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+        RuleLimits limits = new RuleLimits();
+        limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+        MultiPolygon area = (MultiPolygon) new WKTReader().read(areaWKT);
+        limits.setAllowedArea(area);
+        ruleAdminService.setLimits(id, limits);
+
+        long id2 = ruleAdminService.insert(new Rule(14, user.getName(), "group14", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+        RuleLimits limits2 = new RuleLimits();
+        limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits2.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT2 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+        MultiPolygon area2 = (MultiPolygon) new WKTReader().read(areaWKT2);
+        limits2.setAllowedArea(area2);
+        ruleAdminService.setLimits(id2, limits2);
+        RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+        filter.setWorkspace("w11");
+        filter.setLayer("l11");
+
+        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+        assertFalse(accessInfo.getAdminRights());
+
+        // area in same group, the result should an itersection of the
+        // two allowed area as an intersects geometry.
+        Geometry testArea = area.intersection(area2);
+        testArea.normalize();
+        assertNull(accessInfo.getClipAreaWkt());
+        assertNotNull(accessInfo.getAreaWkt());
+
+        Geometry resultArea = (new WKTReader().read(accessInfo.getAreaWkt()));
+        resultArea.normalize();
+        assertTrue(testArea.equalsExact(resultArea, 10.0E-15));
+    }
+
+    @Test
+    public void testRuleSpatialFilterTypeEnlargeAccess() throws ParseException {
+        // test the access enalargement behaviour with the SpatialFilterType.
+        // the user belongs to two groups. One with an allowedArea of type intersects,
+        // the other one with an allowed area of type clip. They should be returned
+        // separately in the final rule.
+
+        UserGroup g1 = createRole("group22");
+        UserGroup g2 = createRole("group23");
+        GSUser user = createUser("auth22", g1, g2);
+
+        ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
+
+        long id = ruleAdminService.insert(new Rule(15, null, "group22", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits = new RuleLimits();
+        limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+        MultiPolygon area = (MultiPolygon) new WKTReader().read(areaWKT);
+        limits.setAllowedArea(area);
+        ruleAdminService.setLimits(id, limits);
+
+        long id2 = ruleAdminService.insert(new Rule(16, null, "group23", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits2 = new RuleLimits();
+        limits2.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits2.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT2 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+        MultiPolygon area2 = (MultiPolygon) new WKTReader().read(areaWKT2);
+        limits2.setAllowedArea(area2);
+        ruleAdminService.setLimits(id2, limits2);
+        RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+        filter.setWorkspace("w22");
+        filter.setLayer("l22");
+        filter.setUser(user.getName());
+        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+        assertFalse(accessInfo.getAdminRights());
+
+        // we got a user in two groups one with an intersect spatialFilterType
+        // and the other with a clip spatialFilterType. The two area should haven
+        // been kept separated
+        assertNotNull(accessInfo.getAreaWkt());
+        assertNotNull(accessInfo.getClipAreaWkt());
+
+        // the intersects should be equal to the originally defined
+        // allowed area
+        Geometry intersects = new WKTReader().read(accessInfo.getAreaWkt());
+        intersects.normalize();
+        assertTrue(intersects.equalsExact(area, 10.0E-15));
+
+        Geometry clip = new WKTReader().read(accessInfo.getClipAreaWkt());
+        clip.normalize();
+        area2.normalize();
+        assertTrue(clip.equalsExact(area2, 10.0E-15));
+    }
+
+    @Test
+    public void testRuleSpatialFilterTypeFourRules() throws ParseException {
+        // the user belongs to two groups and there are two rules for each group:
+        // INTERSECTS and CLIP for the first, and CLIP CLIP for the second.
+        // The expected result is only one allowedArea of type clip
+        // obtained by the intersection of the firs two, united with the intersection of the second two.
+        // the first INTERSECTS is resolve as CLIP because during constraint resolution the more restrictive
+        // type is chosen.
+
+        UserGroup g1 = createRole("group31");
+        UserGroup g2 = createRole("group32");
+        GSUser user = createUser("auth33", g1, g2);
+
+        WKTReader reader = new WKTReader();
+
+        ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
+
+        long id = ruleAdminService.insert(new Rule(17, null, "group31", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits = new RuleLimits();
+        limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+        MultiPolygon area = (MultiPolygon) reader.read(areaWKT);
+        limits.setAllowedArea(area);
+        ruleAdminService.setLimits(id, limits);
+
+        long id2 = ruleAdminService.insert(new Rule(18, null, "group31", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits2 = new RuleLimits();
+        limits2.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits2.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT2 = "MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
+        MultiPolygon area2 = (MultiPolygon) reader.read(areaWKT2);
+        limits2.setAllowedArea(area2);
+        ruleAdminService.setLimits(id2, limits2);
+
+        long id3 = ruleAdminService.insert(new Rule(19, null, "group32", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits3 = new RuleLimits();
+        limits3.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits3.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT3 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+        MultiPolygon area3 = (MultiPolygon) reader.read(areaWKT3);
+        limits3.setAllowedArea(area3);
+        ruleAdminService.setLimits(id3, limits3);
+
+        long id4 = ruleAdminService.insert(new Rule(20, null, "group32", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits4 = new RuleLimits();
+        limits4.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits4.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT4 = "MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
+        MultiPolygon area4 = (MultiPolygon) reader.read(areaWKT4);
+        limits4.setAllowedArea(area4);
+        ruleAdminService.setLimits(id4, limits4);
+
+        RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+        filter.setWorkspace("w22");
+        filter.setLayer("l22");
+        filter.setUser(user.getName());
+        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+        assertFalse(accessInfo.getAdminRights());
+        // we should have only the clip geometry
+        assertNull(accessInfo.getAreaWkt());
+        assertNotNull(accessInfo.getClipAreaWkt());
+
+        // the intersects should be equal to the originally defined
+        // allowed area
+        Geometry expectedResult = area.intersection(area2).union(area3.intersection(area4));
+        expectedResult.normalize();
+        Geometry clip = reader.read(accessInfo.getClipAreaWkt());
+        clip.normalize();
+        assertTrue(clip.equalsExact(expectedResult, 10.0E-15));
+    }
+
+    @Test
+    public void testRuleSpatialFilterTypeFourRules2() throws ParseException {
+        // the user belongs to two groups and there are two rules for each group:
+        // CLIP and CLIP for the first, and INTERSECTS INTERSECTS for the second.
+        // The expected result are two allowedArea the first of type clip and second of type intersects.
+
+        UserGroup g1 = createRole("group41");
+        UserGroup g2 = createRole("group42");
+        GSUser user = createUser("auth44", g1, g2);
+
+        WKTReader reader = new WKTReader();
+
+        ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
+
+        long id = ruleAdminService.insert(new Rule(21, null, "group41", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits = new RuleLimits();
+        limits.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+        MultiPolygon area = (MultiPolygon) reader.read(areaWKT);
+        limits.setAllowedArea(area);
+        ruleAdminService.setLimits(id, limits);
+
+        long id2 = ruleAdminService.insert(new Rule(22, null, "group41", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits2 = new RuleLimits();
+        limits2.setSpatialFilterType(SpatialFilterType.CLIP);
+        limits2.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT2 = "MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
+        MultiPolygon area2 = (MultiPolygon) reader.read(areaWKT2);
+        limits2.setAllowedArea(area2);
+        ruleAdminService.setLimits(id2, limits2);
+
+        long id3 = ruleAdminService.insert(new Rule(23, null, "group42", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits3 = new RuleLimits();
+        limits3.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits3.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT3 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+        MultiPolygon area3 = (MultiPolygon) reader.read(areaWKT3);
+        limits3.setAllowedArea(area3);
+        ruleAdminService.setLimits(id3, limits3);
+
+        long id4 = ruleAdminService.insert(new Rule(24, null, "group42", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+        RuleLimits limits4 = new RuleLimits();
+        limits4.setSpatialFilterType(SpatialFilterType.INTERSECT);
+        limits4.setCatalogMode(CatalogMode.HIDE);
+        String areaWKT4 = "MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
+        MultiPolygon area4 = (MultiPolygon) reader.read(areaWKT4);
+        limits4.setAllowedArea(area4);
+        ruleAdminService.setLimits(id4, limits4);
+
+        RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+        filter.setWorkspace("w22");
+        filter.setLayer("l22");
+        filter.setUser(user.getName());
+        AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+        assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+        assertFalse(accessInfo.getAdminRights());
+
+        // we should have both
+        assertNotNull(accessInfo.getAreaWkt());
+        assertNotNull(accessInfo.getClipAreaWkt());
+
+        // the intersects should be equal to the originally defined
+        // allowed area
+        Geometry expectedIntersects = area3.intersection(area4);
+        expectedIntersects.normalize();
+        Geometry intersects = reader.read(accessInfo.getAreaWkt());
+        intersects.normalize();
+        System.out.println(intersects.toString());
+        System.out.println(expectedIntersects.toString());
+        assertTrue(expectedIntersects.equalsExact(intersects, 10.0E-15));
+
+        Geometry clip = reader.read(accessInfo.getClipAreaWkt());
+        clip.normalize();
+        Geometry expectedClip = area2.intersection(area);
+        expectedClip.normalize();
+        assertTrue(expectedClip.equalsExact(clip, 10.0E-15));
+
+    }
+
+}

From 56af68376235121db92b9e51e0e013284e7ee0d6 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Fri, 26 Aug 2022 11:43:22 +0200
Subject: [PATCH 2/4] #222 Improve filtering by role #202 Remove
 SecurityContextHolder stuff

---
 .../geofence/services/dto/RuleFilter.java     |  18 ++-
 .../services/util/RuleFilterTest.java         |  30 +++++
 .../services/RuleReaderServiceImpl.java       |  98 +++++++---------
 .../services/RuleReaderServiceImplTest.java   | 111 ++++++++++++++++++
 4 files changed, 198 insertions(+), 59 deletions(-)
 create mode 100644 src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java

diff --git a/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java b/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java
index dbdaa738..ac46dccd 100644
--- a/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java
+++ b/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java
@@ -8,6 +8,10 @@
 import org.geoserver.geofence.core.model.Rule;
 
 import java.io.Serializable;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 
 /**
@@ -25,7 +29,7 @@
  */
 public class RuleFilter implements Serializable, Cloneable {
 
-    private static final long serialVersionUID = 5629211135629700042L;
+    private static final long serialVersionUID = 5629211135629700043L;
 
     public enum FilterType {
 
@@ -159,6 +163,7 @@ public RuleFilter setUser(SpecialFilterType type) {
     public RuleFilter setRole(String name) {
         if(name == null)
             throw new NullPointerException();
+        name = sortNames(name); // force ordering to preserve hashing
         role.setText(name);
         return this;
     }
@@ -276,6 +281,17 @@ public TextFilter getWorkspace() {
 //        return this;
 //    }
 
+    
+    private String sortNames(String s) {
+        if(s.contains(",")) {
+            s = Arrays.asList(s.split(",")).stream()
+                    .map(n -> n.trim())
+                    .sorted()
+                    .collect(Collectors.joining(","));
+        }
+        return s;
+    }
+    
     @Override
     public boolean equals(Object obj) {
         if (obj == null) {
diff --git a/src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java b/src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java
new file mode 100644
index 00000000..d8249120
--- /dev/null
+++ b/src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java
@@ -0,0 +1,30 @@
+package org.geoserver.geofence.services.util;
+
+import org.geoserver.geofence.services.dto.RuleFilter;
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class RuleFilterTest {
+    @Test
+    public void testRole() {
+        RuleFilter f = new RuleFilter();
+        f.setRole("pippo");        
+        assertEquals("pippo", f.getRole().getText());
+        
+        f.setRole("a,b");        
+        assertEquals("a,b", f.getRole().getText());
+
+        f.setRole("b,a");        
+        assertEquals("a,b", f.getRole().getText());
+
+        f.setRole("a, b");        
+        assertEquals("a,b", f.getRole().getText());
+
+        f.setRole("  b , a   ");        
+        assertEquals("a,b", f.getRole().getText());        
+    }
+
+}
diff --git a/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java b/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java
index 8c5c4571..f5ac39af 100644
--- a/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java
+++ b/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java
@@ -21,7 +21,6 @@
 import org.geoserver.geofence.services.dto.AccessInfo;
 import org.geoserver.geofence.services.dto.AuthUser;
 import org.geoserver.geofence.services.dto.RuleFilter;
-import org.geoserver.geofence.services.dto.RuleFilter.FilterType;
 import org.geoserver.geofence.services.dto.RuleFilter.IdNameFilter;
 import org.geoserver.geofence.services.dto.RuleFilter.SpecialFilterType;
 import org.geoserver.geofence.services.dto.RuleFilter.TextFilter;
@@ -33,9 +32,6 @@
 import org.opengis.referencing.crs.CoordinateReferenceSystem;
 import org.opengis.referencing.operation.MathTransform;
 import org.opengis.referencing.operation.TransformException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.util.*;
 import java.util.Map.Entry;
@@ -364,14 +360,19 @@ private String validateUsername(TextFilter filter) {
         }
     }
 
-    private String validateRolename(TextFilter filter) {
+    private List<String> validateRolenames(TextFilter filter) {
 
         switch(filter.getType()) {
             case NAMEVALUE:
-                String name = filter.getText();
-                if(StringUtils.isBlank(name) )
-                    throw new BadRequestServiceEx("Blank role name");
-                return name.trim();
+                String names = filter.getText();
+                List<String> roles = new ArrayList<>();
+                for(String name : names.split(",")) {
+                    if(StringUtils.isBlank(name) )
+                        throw new BadRequestServiceEx("Blank role name");
+                    roles.add(name.trim());
+                }
+                return roles;
+
             case DEFAULT:
             case ANY:
                 return null;
@@ -533,7 +534,7 @@ protected static CatalogMode getLarger(CatalogMode m1, CatalogMode m2) {
      *   username assigned and rolename:ANY      -> should consider all the roles the user belongs to
      *   username:ANY      and rolename assigned -> should consider all the users belonging to the given role
      *
-     *
+     * @param filter a RuleFilter for rule selection. <B>side effect</B> May be changed by the method
      * @return a Map having role names as keys, and the list of matching Rules as values. The NULL key holds the rules for the DEFAULT group.
      */
     protected Map<String, List<Rule>> getRules(RuleFilter filter) throws BadRequestServiceEx {
@@ -547,7 +548,8 @@ protected Map<String, List<Rule>> getRules(RuleFilter filter) throws BadRequestS
         Map<String, List<Rule>> ret = new HashMap<>();
 
         if(finalRoleFilter.isEmpty()) {
-            List<Rule> found = getRuleAux(filter, filter.getRole());
+            TextFilter roleFilter = new TextFilter(filter.getRole().getType(), filter.getRole().isIncludeDefault());
+            List<Rule> found = getRuleAux(filter, roleFilter);
             ret.put(null, found);
         } else {
             for (String role : finalRoleFilter) {
@@ -593,65 +595,45 @@ protected Set<String> validateUserRoles(RuleFilter filter) throws BadRequestServ
         String username = validateUsername(filter.getUser());
 
         // rolename can be null if the group filter asks for ANY or DEFAULT
-        String rolename = validateRolename(filter.getRole());
+        List<String> requestedRoles = validateRolenames(filter.getRole());  // CSV rolenames
 
-        // filtering by both user and role is pointless
-        if(username != null && rolename != null) {
-            throw new BadRequestServiceEx("You can filter either by user or role");
-        }
-
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        Collection<? extends GrantedAuthority> authorities;
-        if (authentication == null) {
-            authorities = new HashSet<>();
-        } else {
-            authorities = authentication.getAuthorities();
-        }
         Set<String> finalRoleFilter = new HashSet<>();
         // If both user and group are defined in filter
-        //   if user doensn't belong to group, no rule is returned
+        //   if user doesn't belong to group, no rule is returned
         //   otherwise assigned or default rules are searched for
-        if(username != null) {
-            Set<String> assignedRoles = userResolver.getRoles(username);
-            if (authorities != null) {
-                for (GrantedAuthority authority : authorities) {
-                    assignedRoles.add(authority.getAuthority());
-                }
-            }
-            if(rolename != null) {
-                if( assignedRoles.contains(rolename)) {
-                    finalRoleFilter = Collections.singleton(rolename);
+
+        switch(filter.getRole().getType()) {
+            case NAMEVALUE:
+                if(username != null) {
+                    Set<String> resolvedRoles = userResolver.getRoles(username);
+                    for(String role: requestedRoles) {
+                        if(resolvedRoles.contains(role)) {
+                            finalRoleFilter.add(role);
+                        } else {
+                            LOGGER.warn("User does not belong to role [User:"+filter.getUser()+"] [Role:"+role+"] [ResolvedRoles:"+resolvedRoles+"]");
+                        }
+                    }
                 } else {
-                    LOGGER.warn("User does not belong to role [User:"+filter.getUser()+"] [Role:"+filter.getRole()+"] [Roles:"+assignedRoles+"]");
-                    return null;
+                    finalRoleFilter.addAll(requestedRoles);
                 }
-            } else {
-                // User set and found, role (ANY, DEFAULT or notfound):
+                break;
 
-                if(filter.getRole().getType() == FilterType.ANY) {
-                    if( ! assignedRoles.isEmpty()) {
-                        finalRoleFilter = assignedRoles;
+            case ANY:
+                if(username != null) {
+                    Set<String> resolvedRoles = userResolver.getRoles(username);
+                    if( ! resolvedRoles.isEmpty()) {
+                        finalRoleFilter = resolvedRoles;
                     } else {
                         filter.setRole(SpecialFilterType.DEFAULT);
                     }
                 } else {
-                    // role is DEFAULT or not found:
-                    // if role filter request DEFAULT -> ok, apply the filter
-                    // if role does not exists, just apply the filter, even if probably no rule will match
+                    // no changes, use requested filtering
                 }
-            }
-        } else {
-            // user is null: then either:
-            //  1) no filter on user was requested (ANY or DEFAULT)
-            //  2) user has not been found
-            if(rolename != null) {
-                finalRoleFilter.add(rolename);
-            } else if(filter.getUser().getType() != FilterType.ANY) {
-                filter.setRole(SpecialFilterType.DEFAULT);
-            } else {
-                // group is ANY, DEFAULT or not found:
-                // no grouping, use requested filtering
-            }
+                break;
+
+            case DEFAULT:
+                // no changes
+                break;
         }
 
         return finalRoleFilter;
diff --git a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
index f4da6c23..8713acbb 100644
--- a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
+++ b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
@@ -17,6 +17,8 @@
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
@@ -719,4 +721,113 @@ public void testAdminRules() {
         assertTrue(accessInfo.getAdminRights());
     }
 
+    @Test
+    public void testMultiRoles() {
+
+        RuleFilter filter;
+
+        filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY);
+        assertEquals(0, ruleAdminService.count(filter));
+
+        UserGroup p1 = createRole("p1");
+        UserGroup p2 = createRole("p2");
+        UserGroup p3 = createRole("p3");
+
+        String u1  = "TestUser1";
+        String u2  = "TestUser2";
+        String u3 = "TestUser3";
+
+        GSUser user1 = new GSUser();
+        user1.setName(u1);
+        user1.getGroups().add(p1);
+
+        GSUser user2 = new GSUser();
+        user2.setName(u2);
+        user2.getGroups().add(p2);
+
+        GSUser user12 = new GSUser();
+        user12.setName(u3);
+        user12.getGroups().add(p1);
+        user12.getGroups().add(p2);
+
+        userAdminService.insert(user1);
+        userAdminService.insert(user2);
+        userAdminService.insert(user12);
+
+        ruleAdminService.insert(new Rule(10, u1,  "p1",  null, null,     "s1", "r1", "w1", "l1", GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(20, u2,  "p2",  null, null,     "s1", "r2", "w2", "l2", GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(30, u1,  null,  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(40, u2,  null,  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(50, u3, null,  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(51, u3, "p1",  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(52, u3, "p2",  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(60, null,"p1",  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(70, null,"p2",  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(80, null,"p3",  null, null,     null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(901, u1,  "p2",  null, null,    null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(902, u2,  "p1",  null, null,    null, null, null, null, GrantType.ALLOW));
+        ruleAdminService.insert(new Rule(999, null, null, null, null,    null, null, null, null, GrantType.ALLOW));
+
+        
+        assertRules(createFilter("*",  "*"), new Integer[]{10,20,30,40,50,51,52,60,70,80,901,902,999});
+        assertRules(createFilter("*", null), new Integer[]{30,40,50,999});
+        assertRules(createFilter("*", "NO"), new Integer[]{30,40,50,999});
+        assertRules(createFilter("*", "p1"),    new Integer[]{10,30,40,50,51,60,902,999});
+        assertRules(createFilter("*", "p1,NO"), new Integer[]{10,30,40,50,51,60,902,999});
+        assertRules(createFilter("*", "p1,p2"),    new Integer[]{10,20,30,40,50,51,52,60,70,901,902,999});
+        assertRules(createFilter("*", "p1,p2,NO"), new Integer[]{10,20,30,40,50,51,52,60,70,901,902,999});
+        
+        assertRules(createFilter(null,  "*"), new Integer[]{60,70,80,999});
+        assertRules(createFilter(null, null), new Integer[]{999});
+        assertRules(createFilter(null, "NO"), new Integer[]{999});
+        assertRules(createFilter(null, "p1"),    new Integer[]{60,999});
+        assertRules(createFilter(null, "p1,NO"), new Integer[]{60,999});        
+        assertRules(createFilter(null, "p1,p2"),    new Integer[]{60,70,999});        
+        assertRules(createFilter(null, "p1,p2,NO"), new Integer[]{60,70,999});        
+        
+        assertRules(createFilter("NO",  "*"), new Integer[]{999});
+        assertRules(createFilter("NO", null), new Integer[]{999});
+        assertRules(createFilter("NO", "NO"), new Integer[]{999});
+        assertRules(createFilter("NO","p1"),    new Integer[]{999});        
+        assertRules(createFilter("NO","p1,NO"), new Integer[]{999});                
+        assertRules(createFilter("NO","p1,p2"),    new Integer[]{999});                
+        assertRules(createFilter("NO","p1,p2,NO"), new Integer[]{999});                
+        
+        assertRules(createFilter(u1,  "*"), new Integer[]{10,30,60,999});
+        assertRules(createFilter(u1, null), new Integer[]{30,999});
+        assertRules(createFilter(u1, "NO"), new Integer[]{30,999});        
+        assertRules(createFilter(u1, "p1"),       new Integer[]{10,30,60,999});
+        assertRules(createFilter(u1, "p1,NO"),    new Integer[]{10,30,60,999});
+        assertRules(createFilter(u1, "p1,p2"),    new Integer[]{10,30,60,999});
+        assertRules(createFilter(u1, "p1,p2,NO"), new Integer[]{10,30,60,999});
+        
+        assertRules(createFilter(u3,  "*"), new Integer[]{50,51,52,60,70,999});
+        assertRules(createFilter(u3, null), new Integer[]{50,999});
+        assertRules(createFilter(u3, "NO"), new Integer[]{50,999});        
+        assertRules(createFilter(u3, "p1"),       new Integer[]{50,51,60,999});
+        assertRules(createFilter(u3, "p2"),       new Integer[]{50,52,70,999});
+        assertRules(createFilter(u3, "p1,NO"),    new Integer[]{50,51,60,999});
+        assertRules(createFilter(u3, "p1,p2"),    new Integer[]{50,51,52,60,70,999});
+        assertRules(createFilter(u3, "p1,p2,p3"), new Integer[]{50,51,52,60,70,999});
+        assertRules(createFilter(u3, "p1,p2,NO"), new Integer[]{50,51,52,60,70,999});
+    }
+
+    
+    private RuleFilter createFilter(String userName, String groupName) {
+        return new RuleFilter(userName, groupName, "*", "*", "*", "*", "*", "*");
+    }
+    
+    private void assertRules(RuleFilter filter, Integer[] expectedPriorities) {
+        RuleFilter origFilter = filter.clone();
+        List<ShortRule> rules = ruleReaderService.getMatchingRules(filter);
+        
+        Set<Long> pri = rules.stream()
+                .map(r -> r.getPriority())
+                .collect(Collectors.toSet());
+        Set<Long> exp = Arrays.asList(expectedPriorities).stream()
+                .map(i -> i.longValue())
+                .collect(Collectors.toSet());
+        assertEquals("Bad rule set selected for filter " + origFilter, exp, pri);        
+    }
+    
 }

From 2cd6b824b12b5d03ae3e9da0537f8d9d5cab1618 Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Fri, 26 Aug 2022 11:56:46 +0200
Subject: [PATCH 3/4] Some updates in pom files

---
 src/gui/pom.xml                          | 6 +++---
 src/pom.xml                              | 3 +--
 src/services/core/webtest/pom.xml        | 4 ++--
 src/services/modules/generic-api/pom.xml | 4 ++--
 src/services/modules/ldap/pom.xml        | 4 ++--
 src/services/modules/login/api/pom.xml   | 4 ++--
 src/services/modules/login/impl/pom.xml  | 4 ++--
 src/services/modules/rest/api/pom.xml    | 4 ++--
 src/services/modules/rest/impl/pom.xml   | 8 ++++----
 src/services/modules/rest/test/pom.xml   | 4 ++--
 src/services/pom.xml                     | 2 +-
 11 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/src/gui/pom.xml b/src/gui/pom.xml
index 4df1cfc8..5a0dcc60 100644
--- a/src/gui/pom.xml
+++ b/src/gui/pom.xml
@@ -59,16 +59,16 @@
         <repository>
             <id>geosolutions</id>
             <name>GeoSolutions Repository</name>
-            <url>http://maven.geo-solutions.it</url>
+            <url>https://maven.geo-solutions.it</url>
         </repository>
         <repository>
             <id>gwt-maven</id>
-            <url>http://gwt-maven.googlecode.com/svn/trunk/mavenrepo</url>
+            <url>https://gwt-maven.googlecode.com/svn/trunk/mavenrepo</url>
         </repository>        
         <repository>
             <id>maven-restlet</id>
             <name>Restlet Maven Repository</name>
-            <url>http://maven.restlet.org</url>
+            <url>https://maven.restlet.org</url>
             <snapshots>
                 <enabled>false</enabled>
             </snapshots>
diff --git a/src/pom.xml b/src/pom.xml
index 19cbf4cb..79c5e5b4 100644
--- a/src/pom.xml
+++ b/src/pom.xml
@@ -50,7 +50,6 @@
          <name>Alessio Fabiani</name>
          <organization>GeoSolutions</organization>
          <roles>
-            <role>architect</role>
             <role>developer</role>
          </roles>
          <timezone>+2</timezone>
@@ -101,7 +100,7 @@
        <repository>
            <id>geosolutions</id>
            <name>GeoSolutions Repository</name>
-           <url>http://maven.geo-solutions.it/</url>
+           <url>https://maven.geo-solutions.it/</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
diff --git a/src/services/core/webtest/pom.xml b/src/services/core/webtest/pom.xml
index 2dbe3323..4a004363 100644
--- a/src/services/core/webtest/pom.xml
+++ b/src/services/core/webtest/pom.xml
@@ -247,8 +247,8 @@
                  <artifactId>maven-compiler-plugin</artifactId>
                  <configuration>
                     <encoding>utf8</encoding>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                  </configuration>
               </plugin>
 
diff --git a/src/services/modules/generic-api/pom.xml b/src/services/modules/generic-api/pom.xml
index e0ebcf17..18f0dee9 100644
--- a/src/services/modules/generic-api/pom.xml
+++ b/src/services/modules/generic-api/pom.xml
@@ -55,8 +55,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 
diff --git a/src/services/modules/ldap/pom.xml b/src/services/modules/ldap/pom.xml
index e688f759..0d3a6b79 100644
--- a/src/services/modules/ldap/pom.xml
+++ b/src/services/modules/ldap/pom.xml
@@ -147,8 +147,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.7</source>
-                    <target>1.7</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 
diff --git a/src/services/modules/login/api/pom.xml b/src/services/modules/login/api/pom.xml
index d5ca263f..20cae5d5 100644
--- a/src/services/modules/login/api/pom.xml
+++ b/src/services/modules/login/api/pom.xml
@@ -59,8 +59,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 
diff --git a/src/services/modules/login/impl/pom.xml b/src/services/modules/login/impl/pom.xml
index 88c30379..b55c2757 100644
--- a/src/services/modules/login/impl/pom.xml
+++ b/src/services/modules/login/impl/pom.xml
@@ -95,8 +95,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
         </plugins>
diff --git a/src/services/modules/rest/api/pom.xml b/src/services/modules/rest/api/pom.xml
index ee2b9a29..4c23f86f 100644
--- a/src/services/modules/rest/api/pom.xml
+++ b/src/services/modules/rest/api/pom.xml
@@ -75,8 +75,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 
diff --git a/src/services/modules/rest/impl/pom.xml b/src/services/modules/rest/impl/pom.xml
index 286ea511..06538aa5 100644
--- a/src/services/modules/rest/impl/pom.xml
+++ b/src/services/modules/rest/impl/pom.xml
@@ -153,8 +153,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 
@@ -199,12 +199,12 @@
         </plugins>
     </reporting>
 
-    <repositories>
+<!--    <repositories>
         <repository>
             <url>http://repo1.maven.org/maven2/</url>
             <id>junit_4</id>
             <layout>default</layout>
             <name>Repository for library Library[junit_4]</name>
         </repository>
-    </repositories>
+    </repositories>-->
 </project>
diff --git a/src/services/modules/rest/test/pom.xml b/src/services/modules/rest/test/pom.xml
index 0483bf64..20de32d8 100644
--- a/src/services/modules/rest/test/pom.xml
+++ b/src/services/modules/rest/test/pom.xml
@@ -279,8 +279,8 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<configuration>
 					<encoding>utf8</encoding>
-					<source>1.6</source>
-					<target>1.6</target>
+					<source>1.8</source>
+					<target>1.8</target>
 				</configuration>
 			</plugin>
 
diff --git a/src/services/pom.xml b/src/services/pom.xml
index adb1c861..c6f736df 100644
--- a/src/services/pom.xml
+++ b/src/services/pom.xml
@@ -29,7 +29,7 @@
     <properties>
         <main-prefix>geofence</main-prefix>
 
-        <gt-version>25-SNAPSHOT</gt-version>
+        <gt-version>28-SNAPSHOT</gt-version>
 
         <cxf-version>3.1.5</cxf-version>
         <activemq-version>5.3.0.4-fuse</activemq-version>

From 8f64d11b51d4669d1a10deb44cf5f03a1520ba1f Mon Sep 17 00:00:00 2001
From: etj <etj@geo-solutions.it>
Date: Fri, 26 Aug 2022 11:59:17 +0200
Subject: [PATCH 4/4] Release 3.5.1

---
 src/gui/core/plugin/mapsui/pom.xml            | 2 +-
 src/gui/core/plugin/pom.xml                   | 2 +-
 src/gui/core/plugin/userui/pom.xml            | 2 +-
 src/gui/core/pom.xml                          | 2 +-
 src/gui/core/resources/pom.xml                | 2 +-
 src/gui/pom.xml                               | 6 +++---
 src/gui/web/pom.xml                           | 2 +-
 src/pom.xml                                   | 4 ++--
 src/samples/csv2geofence/pom.xml              | 2 +-
 src/services/core/model-external/pom.xml      | 2 +-
 src/services/core/model/pom.xml               | 2 +-
 src/services/core/persistence-pg-test/pom.xml | 2 +-
 src/services/core/persistence/pom.xml         | 2 +-
 src/services/core/pom.xml                     | 2 +-
 src/services/core/services-api/pom.xml        | 2 +-
 src/services/core/services-impl/pom.xml       | 2 +-
 src/services/core/webtest/pom.xml             | 2 +-
 src/services/modules/generic-api/pom.xml      | 2 +-
 src/services/modules/ldap/pom.xml             | 2 +-
 src/services/modules/login/api/pom.xml        | 2 +-
 src/services/modules/login/impl/pom.xml       | 2 +-
 src/services/modules/login/pom.xml            | 2 +-
 src/services/modules/pom.xml                  | 2 +-
 src/services/modules/rest/api/pom.xml         | 2 +-
 src/services/modules/rest/client/pom.xml      | 2 +-
 src/services/modules/rest/impl/pom.xml        | 2 +-
 src/services/modules/rest/pom.xml             | 2 +-
 src/services/modules/rest/test/pom.xml        | 2 +-
 src/services/pom.xml                          | 4 ++--
 29 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/src/gui/core/plugin/mapsui/pom.xml b/src/gui/core/plugin/mapsui/pom.xml
index 25da350d..89556826 100644
--- a/src/gui/core/plugin/mapsui/pom.xml
+++ b/src/gui/core/plugin/mapsui/pom.xml
@@ -11,7 +11,7 @@
 	<parent>
 		<groupId>org.geoserver.geofence</groupId>
 		<artifactId>geofence-gui-plugin</artifactId>
-		<version>3.5-SNAPSHOT</version>
+		<version>3.5.1</version>
 	</parent>
 
 	<groupId>org.geoserver.geofence</groupId>
diff --git a/src/gui/core/plugin/pom.xml b/src/gui/core/plugin/pom.xml
index d90f77af..39def81e 100644
--- a/src/gui/core/plugin/pom.xml
+++ b/src/gui/core/plugin/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.geoserver.geofence</groupId>
 		<artifactId>geofence-gui-core</artifactId>
-		<version>3.5-SNAPSHOT</version>
+		<version>3.5.1</version>
 	</parent>
 
 	<groupId>org.geoserver.geofence</groupId>
diff --git a/src/gui/core/plugin/userui/pom.xml b/src/gui/core/plugin/userui/pom.xml
index c9d14ed5..f4fd79bd 100644
--- a/src/gui/core/plugin/userui/pom.xml
+++ b/src/gui/core/plugin/userui/pom.xml
@@ -11,7 +11,7 @@
 	<parent>
 		<groupId>org.geoserver.geofence</groupId>
 		<artifactId>geofence-gui-plugin</artifactId>
-		<version>3.5-SNAPSHOT</version>
+		<version>3.5.1</version>
 	</parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/gui/core/pom.xml b/src/gui/core/pom.xml
index aed90667..bcd57fb3 100644
--- a/src/gui/core/pom.xml
+++ b/src/gui/core/pom.xml
@@ -13,7 +13,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-gui-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/gui/core/resources/pom.xml b/src/gui/core/resources/pom.xml
index 34d6bb3d..d8fa54f1 100644
--- a/src/gui/core/resources/pom.xml
+++ b/src/gui/core/resources/pom.xml
@@ -13,7 +13,7 @@
 	<parent>
 		<groupId>org.geoserver.geofence</groupId>
 		<artifactId>geofence-gui-core</artifactId>
-		<version>3.5-SNAPSHOT</version>
+		<version>3.5.1</version>
 	</parent>
 
 	<groupId>org.geoserver.geofence</groupId>
diff --git a/src/gui/pom.xml b/src/gui/pom.xml
index 5a0dcc60..b35f3a33 100644
--- a/src/gui/pom.xml
+++ b/src/gui/pom.xml
@@ -11,19 +11,19 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
     
     <groupId>org.geoserver.geofence</groupId>
     <artifactId>geofence-gui-root</artifactId>
-    <version>3.5-SNAPSHOT</version>
+    <version>3.5.1</version>
     <packaging>pom</packaging>
 
     <name>GeoFence - GUI</name>
 
     <properties>
         <module.name>geofence-gui</module.name>
-        <geofence-version>3.5-SNAPSHOT</geofence-version>
+        <geofence-version>3.5.1</geofence-version>
         <gt-version>21.4</gt-version>
         <geogwt-version>0.4-SNAPSHOT</geogwt-version>
 
diff --git a/src/gui/web/pom.xml b/src/gui/web/pom.xml
index 7915df72..7d92a092 100644
--- a/src/gui/web/pom.xml
+++ b/src/gui/web/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-gui-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/pom.xml b/src/pom.xml
index 79c5e5b4..cf893ccc 100644
--- a/src/pom.xml
+++ b/src/pom.xml
@@ -10,11 +10,11 @@
 
    <groupId>org.geoserver.geofence</groupId>
    <artifactId>geofence</artifactId>
-   <version>3.5-SNAPSHOT</version>
+   <version>3.5.1</version>
    <packaging>pom</packaging>
 
    <properties>
-     <geofence-version>3.5-SNAPSHOT</geofence-version>
+     <geofence-version>3.5.1</geofence-version>
      <hibernate-version>3.6.9.Final</hibernate-version>
      <hibernate-generic-dao-version>1.1.0</hibernate-generic-dao-version>
      <hibernate-spatial-version>1.1.3.2</hibernate-spatial-version>
diff --git a/src/samples/csv2geofence/pom.xml b/src/samples/csv2geofence/pom.xml
index da6eac9c..d200a16f 100644
--- a/src/samples/csv2geofence/pom.xml
+++ b/src/samples/csv2geofence/pom.xml
@@ -12,7 +12,7 @@
 
     <groupId>org.geoserver.geofence.sample</groupId>
     <artifactId>csv2geofence</artifactId>
-    <version>3.5-SNAPSHOT</version>
+    <version>3.5.1</version>
     <packaging>jar</packaging>
 
     <name>csv2geofence</name>
diff --git a/src/services/core/model-external/pom.xml b/src/services/core/model-external/pom.xml
index 75af74d4..7810fff4 100644
--- a/src/services/core/model-external/pom.xml
+++ b/src/services/core/model-external/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-core</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
   
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/model/pom.xml b/src/services/core/model/pom.xml
index e92dbfc3..e396b504 100644
--- a/src/services/core/model/pom.xml
+++ b/src/services/core/model/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-core</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
   
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/persistence-pg-test/pom.xml b/src/services/core/persistence-pg-test/pom.xml
index de3f423d..1c6bc2c5 100644
--- a/src/services/core/persistence-pg-test/pom.xml
+++ b/src/services/core/persistence-pg-test/pom.xml
@@ -12,7 +12,7 @@
    <parent>
       <groupId>org.geoserver.geofence</groupId>
       <artifactId>geofence-core</artifactId>
-      <version>3.5-SNAPSHOT</version>
+      <version>3.5.1</version>
    </parent>
 
    <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/persistence/pom.xml b/src/services/core/persistence/pom.xml
index ef4642db..bcef67e3 100644
--- a/src/services/core/persistence/pom.xml
+++ b/src/services/core/persistence/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-core</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/pom.xml b/src/services/core/pom.xml
index 6e099f52..8be0011f 100644
--- a/src/services/core/pom.xml
+++ b/src/services/core/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
   
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/services-api/pom.xml b/src/services/core/services-api/pom.xml
index 5f169682..37147e89 100644
--- a/src/services/core/services-api/pom.xml
+++ b/src/services/core/services-api/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-core</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/services-impl/pom.xml b/src/services/core/services-impl/pom.xml
index c5244f83..0c04001a 100644
--- a/src/services/core/services-impl/pom.xml
+++ b/src/services/core/services-impl/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-core</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/core/webtest/pom.xml b/src/services/core/webtest/pom.xml
index 4a004363..9f7e573b 100644
--- a/src/services/core/webtest/pom.xml
+++ b/src/services/core/webtest/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-core</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/generic-api/pom.xml b/src/services/modules/generic-api/pom.xml
index 18f0dee9..a3d9c55f 100644
--- a/src/services/modules/generic-api/pom.xml
+++ b/src/services/modules/generic-api/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-modules</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/ldap/pom.xml b/src/services/modules/ldap/pom.xml
index 0d3a6b79..ae6661df 100644
--- a/src/services/modules/ldap/pom.xml
+++ b/src/services/modules/ldap/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-modules</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/login/api/pom.xml b/src/services/modules/login/api/pom.xml
index 20cae5d5..97cf2169 100644
--- a/src/services/modules/login/api/pom.xml
+++ b/src/services/modules/login/api/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-login-parent</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/login/impl/pom.xml b/src/services/modules/login/impl/pom.xml
index b55c2757..95207156 100644
--- a/src/services/modules/login/impl/pom.xml
+++ b/src/services/modules/login/impl/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-login-parent</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/login/pom.xml b/src/services/modules/login/pom.xml
index c6579227..0c49dccb 100644
--- a/src/services/modules/login/pom.xml
+++ b/src/services/modules/login/pom.xml
@@ -14,7 +14,7 @@
     <parent>
       <groupId>org.geoserver.geofence</groupId>
       <artifactId>geofence-modules</artifactId>
-	  <version>3.5-SNAPSHOT</version>
+	  <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/pom.xml b/src/services/modules/pom.xml
index 3eec5536..54d94c08 100644
--- a/src/services/modules/pom.xml
+++ b/src/services/modules/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/rest/api/pom.xml b/src/services/modules/rest/api/pom.xml
index 4c23f86f..979c9699 100644
--- a/src/services/modules/rest/api/pom.xml
+++ b/src/services/modules/rest/api/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-rest-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/rest/client/pom.xml b/src/services/modules/rest/client/pom.xml
index 9af45603..48abfd04 100644
--- a/src/services/modules/rest/client/pom.xml
+++ b/src/services/modules/rest/client/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-rest-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/rest/impl/pom.xml b/src/services/modules/rest/impl/pom.xml
index 06538aa5..6680de5f 100644
--- a/src/services/modules/rest/impl/pom.xml
+++ b/src/services/modules/rest/impl/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-rest-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/rest/pom.xml b/src/services/modules/rest/pom.xml
index 480fff20..805105e8 100644
--- a/src/services/modules/rest/pom.xml
+++ b/src/services/modules/rest/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-modules</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/modules/rest/test/pom.xml b/src/services/modules/rest/test/pom.xml
index 20de32d8..f9e8163d 100644
--- a/src/services/modules/rest/test/pom.xml
+++ b/src/services/modules/rest/test/pom.xml
@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence-rest-root</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
diff --git a/src/services/pom.xml b/src/services/pom.xml
index c6f736df..0563d432 100644
--- a/src/services/pom.xml
+++ b/src/services/pom.xml
@@ -11,12 +11,12 @@
     <parent>
         <groupId>org.geoserver.geofence</groupId>
         <artifactId>geofence</artifactId>
-        <version>3.5-SNAPSHOT</version>
+        <version>3.5.1</version>
     </parent>
 
     <groupId>org.geoserver.geofence</groupId>
     <artifactId>geofence-root</artifactId>
-    <version>3.5-SNAPSHOT</version>
+    <version>3.5.1</version>
     <packaging>pom</packaging>
 
     <name>GeoFence - 0 Services </name>