001 //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/branches/2.2_testing/src/org/deegree/security/drm/SecurityAccessManager.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2008 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Prof. Dr. Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: greve@giub.uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043 package org.deegree.security.drm;
044
045 import java.util.Properties;
046
047 import org.deegree.framework.log.ILogger;
048 import org.deegree.framework.log.LoggerFactory;
049 import org.deegree.security.GeneralSecurityException;
050 import org.deegree.security.UnauthorizedException;
051 import org.deegree.security.drm.model.Role;
052 import org.deegree.security.drm.model.User;
053
054 /**
055 * This singleton manages access to the data stored in an associated <code>SecurityRegistry</code> -instance.
056 * <p>
057 * In order to use methods that read from the registry, a <code>SecurityAccess</code> instance has to be acquired
058 * first:
059 * <p>
060 * <b>Example Code: </b>
061 *
062 * <pre>
063 * SecurityAccess access = SecurityAccessManager.getInstance();
064 *
065 * ReadToken accessToken = access.acquireReadToken();
066 *
067 * Role role = access.getRoleById( accessToken, 1 );
068 * </pre>
069 *
070 * <p>
071 * If write access is needed as well, one has to acquire the exclusive <code>SecurityTransaction</code>. This is only
072 * possible if the <code>User</code> has the "write"-privilege.
073 * <p>
074 * <b>Example Code: </b>
075 *
076 * <pre>
077 * SecurityAccess access = SecurityAccess.getInstance ();
078 * SecurityTransaction lock = access.acquireSecurityTransaction (user);
079 * access.registerUser (lock, "TESTUSER");
080 * ...
081 * access.commitTransaction (lock);
082 * // after committing changes are made persistent
083 * </pre>
084 *
085 * @author <a href="mschneider@lat-lon.de">Markus Schneider </a>
086 * @author last edited by: $Author:wanhoff$
087 *
088 * @version $Revision: 9346 $, $Date:26.03.2007$
089 *
090 * @stereotype singleton
091 */
092 public class SecurityAccessManager {
093
094 private static final ILogger LOG = LoggerFactory.getLogger( SecurityAccessManager.class );
095
096 private static SecurityAccessManager instance = null;
097
098 private SecurityRegistry registry = null;
099
100 // the currently valid (exclusive) transaction
101 private SecurityTransaction currentTransaction;
102
103 // maximal duration that a transaction lasts (milliseconds)
104 private long timeout;
105
106 // admin user (predefined)
107 private User adminUser;
108
109 // admin group (predefined)
110 // private Group adminGroup;
111
112 // admin role (predefined)
113 private Role adminRole;
114
115 /**
116 * Initializes the <code>SecurityAccessManager</code> -singleton with the given <code>Registry</code> -instance.
117 *
118 * @param registryClassName
119 * @param registryProperties
120 * @param timeout
121 * @throws GeneralSecurityException
122 */
123 public static synchronized void initialize( String registryClassName, Properties registryProperties, long timeout )
124 throws GeneralSecurityException {
125 if ( SecurityAccessManager.instance != null ) {
126 throw new GeneralSecurityException( "SecurityAccessManager may only be initialized once." );
127 }
128 SecurityRegistry registry;
129 try {
130 registry = (SecurityRegistry) Class.forName( registryClassName ).newInstance();
131 } catch ( Exception e ) {
132 throw new GeneralSecurityException( "Unable to instantiate RegistryClass for class name '"
133 + registryClassName + "': " + e.getMessage() );
134 }
135 registry.initialize( registryProperties );
136 SecurityAccessManager.instance = new SecurityAccessManager( registry, timeout );
137 }
138
139 /**
140 * @return true if there is an instance
141 */
142 public static boolean isInitialized() {
143 return SecurityAccessManager.instance != null;
144 }
145
146 /**
147 * Returns the only instance of this class.
148 *
149 * @return the only instance of this class.
150 * @throws GeneralSecurityException
151 *
152 */
153 public static synchronized SecurityAccessManager getInstance()
154 throws GeneralSecurityException {
155 if ( SecurityAccessManager.instance == null ) {
156 throw new GeneralSecurityException( "SecurityAccessManager has not been initialized yet." );
157 }
158 return SecurityAccessManager.instance;
159 }
160
161 /**
162 * This method is only to be used to get an initial <code>User</code> object. (Otherwise one would need a
163 * <code>User</code> to perform a <code>User</code> lookup.)
164 *
165 * @param name
166 * @return
167 * @throws GeneralSecurityException
168 */
169 public User getUserByName( String name )
170 throws GeneralSecurityException {
171 return registry.getUserByName( null, name );
172 }
173
174 /**
175 * Tries to acquire a <code>SecurityAccess</code> -instance.
176 *
177 * @param user
178 * @return
179 *
180 * @throws GeneralSecurityException
181 * @throws UnauthorizedException
182 */
183 public SecurityAccess acquireAccess( User user )
184 throws GeneralSecurityException, UnauthorizedException {
185
186 if ( user == null ) {
187 throw new UnauthorizedException( "Can't acquire security access for anonymous user" );
188 }
189 if ( !user.isAuthenticated() ) {
190 throw new UnauthorizedException( "Can't acquire security access for '" + user.getName()
191 + "'. User has not been authorized to the system." );
192 }
193
194 return new SecurityAccess( user, registry );
195 }
196
197 /**
198 * Tries to acquire the <code>SecurityTransaction</code> for the given <code>User</code>. Only possibly for
199 * <code>User</code> s that have the "modify"-privilege.
200 * <p>
201 * NOTE: The implementation checks if the <code>currentTransaction</code> timed out BEFORE it checks if the user
202 * is allowed to write to the registry at all. This is because some JDBC-drivers (at least the JDBC-ODBC- bridge
203 * together with Microsoft Access (tm)) have been observed to return strange results sometimes when there's a
204 * transaction still going on (so that the privileges of the user cannot be retrieved reliably from the registry).
205 *
206 * @param user
207 * @return
208 *
209 * @throws GeneralSecurityException
210 * @throws UnauthorizedException
211 */
212 public SecurityTransaction acquireTransaction( User user )
213 throws GeneralSecurityException, UnauthorizedException {
214 if ( currentTransaction != null ) {
215 if ( System.currentTimeMillis() < currentTransaction.getTimestamp() + timeout ) {
216 throw new ReadWriteLockInUseException( "Can't get ReadWriteLock, because it is currently in use." );
217 }
218 try {
219 registry.abortTransaction( currentTransaction );
220 } catch ( GeneralSecurityException e ) {
221 e.printStackTrace();
222 }
223
224 }
225 if ( !user.isAuthenticated() ) {
226 throw new UnauthorizedException( "Can't acquire ReadWriteLock for '" + user.getName()
227 + "'. User has not been authorized " + "to the system." );
228 }
229 SecurityAccess tempAccess = new SecurityAccess( user, registry );
230 if ( !user.hasPrivilege( tempAccess, tempAccess.getPrivilegeByName( "write" ) ) ) {
231 throw new UnauthorizedException( "Can't acquire transaction: " + "User is not allowed to perform changes." );
232 }
233 currentTransaction = new SecurityTransaction( user, registry, adminRole );
234 registry.beginTransaction( currentTransaction );
235 return currentTransaction;
236 }
237
238 /**
239 * Private constructor to enforce the singleton pattern.
240 *
241 * @param registry
242 * @param timeout
243 * @throws GeneralSecurityException
244 */
245 private SecurityAccessManager( SecurityRegistry registry, long timeout ) throws GeneralSecurityException {
246 this.registry = registry;
247 this.timeout = timeout;
248
249 adminUser = getUserByName( "SEC_ADMIN" );
250 SecurityAccess access = new SecurityAccess( adminUser, registry );
251 // TODO adminGroup will never been read; can be removed?
252 // adminGroup = access.getGroupByName( "SEC_ADMIN" );
253 adminRole = registry.getRoleByName( access, "SEC_ADMIN" );
254 }
255
256 /**
257 * Verifies that the submitted <code>Transaction</code> is valid. There are two ways for it to become invalid:
258 * <ul>
259 * <li>it is too old (and timed out)
260 * <li>it ended (has been aborted / committed)
261 * </ul>
262 *
263 * @param transaction
264 * @throws ReadWriteLockInvalidException
265 * @throws GeneralSecurityException
266 * if transaction is invalid
267 */
268 void verify( SecurityTransaction transaction )
269 throws ReadWriteLockInvalidException {
270 if ( transaction == null || transaction != currentTransaction ) {
271 throw new ReadWriteLockInvalidException( "The SecurityTransaction is invalid." );
272 } else if ( System.currentTimeMillis() > currentTransaction.getTimestamp() + timeout ) {
273 currentTransaction = null;
274 try {
275 registry.abortTransaction( transaction );
276 } catch ( GeneralSecurityException e ) {
277 e.printStackTrace();
278 }
279 LOG.logInfo( "timeout: " + timeout );
280 LOG.logInfo( "current: " + System.currentTimeMillis() );
281 LOG.logInfo( "lock ts: " + currentTransaction.getTimestamp() );
282
283 throw new ReadWriteLockInvalidException( "The SecurityTransaction timed out." );
284 }
285 currentTransaction.renew();
286 }
287
288 /**
289 * Ends the current transaction and commits all changes to the <code>Registry</code>.
290 *
291 * @param transaction
292 *
293 * @throws GeneralSecurityException
294 */
295 public void commitTransaction( SecurityTransaction transaction )
296 throws GeneralSecurityException {
297 verify( transaction );
298 currentTransaction = null;
299 registry.commitTransaction( transaction );
300 }
301
302 /**
303 * Aborts the current transaction and undoes all changes made to the <code>Registry</code>.
304 *
305 * @param lock
306 *
307 * @throws GeneralSecurityException
308 */
309 public void abortTransaction( SecurityTransaction lock )
310 throws GeneralSecurityException {
311 verify( lock );
312 currentTransaction = null;
313 registry.abortTransaction( lock );
314 }
315 }