001 //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/tags/2.1/src/org/deegree/security/drm/model/Right.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2006 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Prof. Dr. Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: greve@giub.uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043 package org.deegree.security.drm.model;
044
045 import org.deegree.model.feature.Feature;
046 import org.deegree.model.filterencoding.ComplexFilter;
047 import org.deegree.model.filterencoding.Filter;
048 import org.deegree.model.filterencoding.FilterEvaluationException;
049 import org.deegree.model.filterencoding.OperationDefines;
050 import org.deegree.security.GeneralSecurityException;
051
052 /**
053 * A <code>Right</code> instance encapsulates a <code>SecurableObject</code>,
054 * a <code>RightType</code> and optional constraints which restrict it's
055 * applicability.
056 * <p>
057 * For example, one instance of a <code>RightSet</code> may be the
058 * 'access'-Right to a geographic dataset restricted to a certain area and
059 * weekdays. The situation (requested area and current time) is coded as a
060 * <code>Feature</code> object.
061 *
062 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
063 * @version $Revision: 7007 $
064 */
065
066 public class Right {
067
068 private SecurableObject object;
069 private RightType type;
070 private Filter constraints;
071
072
073 /**
074 * Creates a new <code>Right</code> -instance (with no constraints).
075 *
076 * @param object
077 * @param type
078 */
079 public Right(SecurableObject object, RightType type) {
080 this.object = object;
081 this.type = type;
082 }
083
084 /**
085 * Creates a new <code>Right</code> -instance.
086 *
087 * @param object
088 * @param type
089 * @param constraints
090 * null means that no constraints are defined
091 */
092 public Right(SecurableObject object, RightType type, Filter constraints) {
093 this(object, type);
094 this.constraints = constraints;
095 }
096
097 /**
098 * Returns the associated <code>SecurableObject</code>.
099 */
100 public SecurableObject getSecurableObject() {
101 return object;
102 }
103
104 /**
105 * Returns the associated <code>RightType</code>.
106 *
107 */
108 public RightType getType() {
109 return type;
110 }
111
112 /**
113 * Returns the restrictions (the parameters) of this <code>Right</code>.
114 *
115 * @return null, if no constraints are defined
116 *
117 */
118 public Filter getConstraints() {
119 return constraints;
120 }
121
122 /**
123 * Generates the disjunctive combination of the instance and the submitted
124 * <code>Right</code>, so that the new <code>Right</code> has the
125 * permissions of both instances.
126 *
127 * @param that
128 */
129 public Right merge(Right that) throws GeneralSecurityException {
130 Right combinedRight = null;
131
132 if (!this.object.equals(that.object)) {
133 throw new GeneralSecurityException( "Trying to merge right on securable object '"
134 + this.object.id + "' and on object '" + that.object.id
135 + "', but only rights on the same object may be merged.");
136 }
137 if (this.type.getID() != that.type.getID()) {
138 throw new GeneralSecurityException("Trying to merge right of type '"
139 + this.type.getName() + "' and right of type '"
140 + that.type.getName() + "', but only rights of the same type may be merged.");
141 }
142
143 // check if any of the rights has no constraints
144 if (this.constraints == null && that.constraints == null) {
145 combinedRight = new Right(object, type, null);
146 } else if (this.constraints == null && that.constraints != null) {
147 combinedRight = new Right(object, type, that.constraints);
148 } else if (this.constraints != null && that.constraints == null) {
149 combinedRight = new Right(object, type, this.constraints);
150 } else if (that.constraints == null) {
151 combinedRight = that;
152 } else {
153 Filter combinedConstraints = new ComplexFilter(
154 (ComplexFilter) this.constraints,
155 (ComplexFilter) that.constraints, OperationDefines.OR);
156 combinedRight = new Right(object, type, combinedConstraints);
157
158 }
159 return combinedRight;
160 }
161
162 /**
163 * Checks if the <code>Right</code> applies on the given
164 * <code>SecurableObject</code> and in a concrete situation (the situation
165 * is represented by the given <code>Feature</code>).
166 *
167 * @param object
168 * @param situation
169 * @throws GeneralSecurityException
170 */
171 public boolean applies(SecurableObject object, Feature situation)
172 throws GeneralSecurityException {
173 boolean applies = false;
174 if (object.equals(this.object)) {
175 try {
176 if ( constraints != null ) {
177 applies = constraints.evaluate(situation);
178 } else {
179 applies = true;
180 }
181 } catch (FilterEvaluationException e) {
182 e.printStackTrace ();
183 throw new GeneralSecurityException("Error evaluating parameters (filter expression): "
184 + e.getMessage());
185 }
186 }
187 return applies;
188 }
189
190 /**
191 * Checks if the <code>Right</code> applies on the given
192 * <code>SecurableObject</code> and in unrestricted manner (w/o
193 * constraints).
194 *
195 * @param object
196 * @throws GeneralSecurityException
197 */
198 public boolean applies(SecurableObject object) {
199 boolean applies = false;
200 if (object.equals(this.object)) {
201 if (constraints == null) {
202 applies = true;
203 }
204 }
205 return applies;
206 }
207
208 /**
209 * Returns a <code>String</code> representation of this object.
210 */
211 public String toString() {
212 StringBuffer sb = new StringBuffer("Id: ").append(type.getID()).append(
213 ", Name: ").append(type.getName()).append(", ");
214 if (constraints != null) {
215 sb.append("Constraints: " + constraints.toXML());
216 } else {
217 sb.append("Constraints: none");
218 }
219 return sb.toString();
220 }
221 }/* ********************************************************************
222 Changes to this class. What the people have been up to:
223 $Log$
224 Revision 1.7 2006/07/12 14:46:14 poth
225 comment footer added
226
227 ********************************************************************** */