001 //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/branches/2.2_testing/src/org/deegree/security/owsrequestvalidator/GeneralPolicyValidator.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2008 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Prof. Dr. Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: greve@giub.uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043 package org.deegree.security.owsrequestvalidator;
044
045 import java.util.Arrays;
046 import java.util.List;
047 import java.util.Map;
048
049 import org.deegree.framework.util.StringTools;
050 import org.deegree.i18n.Messages;
051 import org.deegree.ogcwebservices.InvalidParameterValueException;
052 import org.deegree.security.UnauthorizedException;
053 import org.deegree.security.drm.model.User;
054 import org.deegree.security.owsproxy.Condition;
055 import org.deegree.security.owsproxy.OperationParameter;
056
057 /**
058 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
059 * @author last edited by: $Author: apoth $
060 *
061 * @version $Revision: 9346 $, $Date: 2007-12-27 17:39:07 +0100 (Do, 27 Dez 2007) $
062 */
063
064 public class GeneralPolicyValidator {
065
066 // known condition parameter
067 private static final String GETCONTENTLENGTH = "getContentLength";
068
069 private static final String POSTCONTENTLENGTH = "postContentLength";
070
071 private static final String HTTPHEADER = "httpHeader";
072
073 private static final String REQUESTTYPE = "requestType";
074
075 // message strings
076 // TODO: read from resource bundle
077 private static final String contentLengthMESSAGE1 = "contentLength condition isn't defined";
078
079 private static final String contentLengthMESSAGE2 = "contentLength exceeds defined maximum length";
080
081 private Condition generalCondition = null;
082
083 /**
084 * @param generalCondition
085 */
086 public GeneralPolicyValidator( Condition generalCondition ) {
087 this.generalCondition = generalCondition;
088 }
089
090 /**
091 * validates if the passed length of a request content doesn't exceeds the defined maximum
092 * length. If the OperationParameter indicates that the condition is coupled to specific user
093 * rights, these rights will be read from the rights management system
094 *
095 * @param contentLength
096 * @throws InvalidParameterValueException
097 *
098 */
099 public void validateGetContentLength( int contentLength )
100 throws InvalidParameterValueException {
101
102 OperationParameter op = generalCondition.getOperationParameter( GETCONTENTLENGTH );
103 if ( op == null ) {
104 // if no policy for a value is defined the condition
105 // never will be fullfilled --> rights are granted not limited
106 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
107 }
108 int compareValue = op.getFirstAsInt();
109 if ( op.isUserCoupled() ) {
110 // TODO
111 // get compareValue from the rights management system
112 }
113 if ( compareValue < contentLength ) {
114 throw new InvalidParameterValueException( contentLengthMESSAGE2 );
115 }
116 }
117
118 /**
119 * validates if the passed length of a request content doesn't exceeds the defined maximum
120 * length. If the OperationParameter indicates that the condition is coupled to specific user
121 * rights, these rights will be read from the rights management system
122 *
123 * @param contentLength
124 * @throws InvalidParameterValueException
125 */
126 public void validatePostContentLength( int contentLength )
127 throws InvalidParameterValueException {
128 OperationParameter op = generalCondition.getOperationParameter( POSTCONTENTLENGTH );
129 if ( op == null ) {
130 // if no policy for a value is defined the condition
131 // never will be fullfilled --> rights are granted not limited
132 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
133 }
134 int compareValue = op.getFirstAsInt();
135 if ( op.isUserCoupled() ) {
136 // TODO
137 // get compareValue from the rights management system
138 }
139 if ( compareValue < contentLength ) {
140 throw new InvalidParameterValueException( contentLengthMESSAGE2 + ": " + contentLength );
141 }
142 }
143
144 /**
145 * @param headerFields
146 * @param user
147 * @throws InvalidParameterValueException
148 * @throws UnauthorizedException
149 */
150 public void validateHeader( Map<String, Object> headerFields, User user )
151 throws InvalidParameterValueException, UnauthorizedException {
152 OperationParameter op = generalCondition.getOperationParameter( HTTPHEADER );
153 if ( op == null ) {
154 // if no policy for a value is defined the condition
155 // never will be fullfilled --> rights are granted, not limited
156 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
157 }
158
159 if ( op.isUserCoupled() && user == null ) {
160 String s = Messages.getMessage( "OWSPROXY_NO_ANONYMOUS_ACCESS" );
161 throw new UnauthorizedException( s );
162 }
163 // TODO
164
165 }
166
167 /**
168 * validates if the current request type (e.g. POST, GET ...) is granted to be performed
169 *
170 * @param type
171 * @throws InvalidParameterValueException
172 */
173 public void validateRequestMethod( String type )
174 throws InvalidParameterValueException {
175 OperationParameter op = generalCondition.getOperationParameter( REQUESTTYPE );
176 if ( op == null ) {
177 // if no policy for a value is defined the condition
178 // never will be fullfilled --> rights are granted not limited
179 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
180 }
181
182 String[] tmp = StringTools.toArray( op.getFirstAsString(), ",", true );
183 List compareValue = Arrays.asList( tmp );
184 if ( op.isUserCoupled() ) {
185 // TODO
186 // get compareValue from the rights management system
187 }
188 if ( !compareValue.contains( type ) ) {
189 throw new InvalidParameterValueException( contentLengthMESSAGE2 );
190 }
191 }
192
193 }