001 // $HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/branches/2.2_testing/src/org/deegree/tools/security/DRMAccess.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2008 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: klaus.greve@uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043
044 package org.deegree.tools.security;
045
046 import java.io.FileNotFoundException;
047 import java.io.IOException;
048 import java.io.InputStream;
049 import java.io.RandomAccessFile;
050 import java.io.StringReader;
051 import java.util.ArrayList;
052 import java.util.Arrays;
053 import java.util.List;
054 import java.util.Properties;
055
056 import org.deegree.framework.util.StringTools;
057 import org.deegree.framework.xml.XMLTools;
058 import org.deegree.model.filterencoding.AbstractFilter;
059 import org.deegree.model.filterencoding.Filter;
060 import org.deegree.security.GeneralSecurityException;
061 import org.deegree.security.drm.SecurityAccess;
062 import org.deegree.security.drm.SecurityAccessManager;
063 import org.deegree.security.drm.SecurityTransaction;
064 import org.deegree.security.drm.WrongCredentialsException;
065 import org.deegree.security.drm.model.Group;
066 import org.deegree.security.drm.model.Right;
067 import org.deegree.security.drm.model.RightSet;
068 import org.deegree.security.drm.model.RightType;
069 import org.deegree.security.drm.model.Role;
070 import org.deegree.security.drm.model.SecuredObject;
071 import org.deegree.security.drm.model.User;
072 import org.w3c.dom.Document;
073
074 /**
075 * tool class to handle deegree sercurity administration using commandline calls:
076 *
077 * <pre>
078 * general definitions:
079 * -driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)
080 * -logon jdbc:odbc:security logon to database (e.g. ODBC name)
081 * -user user name (optional)
082 * -password users password (optional)
083 *
084 * possible actions:
085 * -action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)
086 * defines the action be performed. possible actions are listed inn brackets.
087 *
088 * action = addUser -> adds a user to the right management
089 * -name users login name
090 * -password users password
091 * -firstName the first name of the user
092 * -lastName the last name of the user
093 * -emal email address of the user
094 *
095 * action = removeUser -> removes a user to the right management
096 * -name users login name
097 *
098 * action = addGroup -> adds a group to the right management system
099 * -name name of the group
100 * -title title of the group
101 *
102 * action = removeGroup -> removes a group to the right management
103 * -name groups login name
104 *
105 * action = addRole -> adds a role to the right management system
106 * -name name of the role
107 *
108 * action = addUserToGroup -> adds a user to a named group
109 * -userName name of the user
110 * -groupName name of the group
111 *
112 * action = addUserToGroup -> assignes a group with a role
113 * -groupName name of the group
114 * -roleName name of the role
115 *
116 * action = addSecuredObject -> adds a new secured object to the right management system
117 * -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
118 * -soName name of the secured object
119 * -soTitle title of the secured object
120 *
121 * action = removeSecuredObject -> removes a new secured object from the right management system
122 * -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
123 * -soName name of the secured object
124 *
125 * action = assignRights -> assigns rights on a named secured object to a role
126 * -constraints comma seperated list of absolut pathes to filter encoding files
127 * -rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints
128 * -soName name of the secured object
129 * -soType type of the secured object
130 * -role name of the role the rights shall be given to
131 *
132 * action = removeRights removes rights on a named secured object to a role
133 * -rights comma seperated list of rights to remove.
134 * -soName name of the secured object
135 * -soType type of the secured object
136 * -role name of the role the rights shall be given to
137 *
138 * action = clean -> cleans the complete right management system database by deleting all entries!
139 * </pre>
140 *
141 *
142 * @version $Revision: 9346 $
143 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
144 * @author last edited by: $Author: apoth $
145 *
146 * @version $Revision: 9346 $, $Date: 2007-12-27 17:39:07 +0100 (Do, 27 Dez 2007) $
147 */
148 public class DRMAccess {
149
150 private static String secAdminPassword = "JOSE67";
151
152 private SecurityAccessManager manager;
153
154 private SecurityTransaction transaction;
155
156 /**
157 * @throws IOException
158 */
159 public DRMAccess() throws IOException {
160 InputStream is = DRMAccess.class.getResourceAsStream( "sec.properties" );
161 Properties prop = new Properties();
162 prop.load( is );
163 is.close();
164 secAdminPassword = prop.getProperty( "adminpass" );
165 }
166
167 /**
168 * @param driver
169 * @param logon
170 * @param user
171 * @param password
172 * @throws Exception
173 */
174 protected void setUp( String driver, String logon, String user, String password )
175 throws Exception {
176 Properties properties = new Properties();
177 properties.setProperty( "driver", driver );
178 properties.setProperty( "url", logon );
179 if ( user == null )
180 user = "";
181 properties.setProperty( "user", user );
182 if ( password == null )
183 password = "";
184 properties.setProperty( "password", password );
185 try {
186 manager = SecurityAccessManager.getInstance();
187 } catch ( GeneralSecurityException e ) {
188 try {
189 System.out.println( properties );
190 SecurityAccessManager.initialize( "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000 );
191 manager = SecurityAccessManager.getInstance();
192
193 } catch ( GeneralSecurityException e1 ) {
194 e1.printStackTrace();
195 }
196 }
197 }
198
199 /**
200 *
201 */
202 public void GetUsers() {
203 try {
204 User user = manager.getUserByName( "SEC_ADMIN" );
205 user.authenticate( DRMAccess.secAdminPassword );
206 transaction = manager.acquireTransaction( user );
207 User[] users = transaction.getAllUsers();
208 for ( int i = 0; i < users.length; i++ ) {
209 System.out.println( "User " + i + ": " + users[i].getName() );
210 }
211 } catch ( Exception e ) {
212 e.printStackTrace();
213 }
214 }
215
216 /**
217 *
218 * @param name
219 * @param password
220 * @param firstName
221 * @param lastName
222 * @param email
223 */
224 public void addUser( String name, String password, String firstName, String lastName, String email ) {
225 try {
226 User user = manager.getUserByName( "SEC_ADMIN" );
227 user.authenticate( DRMAccess.secAdminPassword );
228 transaction = manager.acquireTransaction( user );
229 transaction.registerUser( name, password, firstName, lastName, email );
230
231 manager.commitTransaction( transaction );
232 } catch ( Exception e ) {
233 e.printStackTrace();
234 try {
235 manager.abortTransaction( transaction );
236 } catch ( GeneralSecurityException me ) {
237 me.printStackTrace();
238 }
239
240 }
241 }
242
243 /**
244 *
245 * @param name
246 */
247 public void removeUser( String name ) {
248 try {
249 User user = manager.getUserByName( "SEC_ADMIN" );
250 user.authenticate( DRMAccess.secAdminPassword );
251 transaction = manager.acquireTransaction( user );
252 user = transaction.getUserByName( name );
253 transaction.deregisterUser( user );
254 manager.commitTransaction( transaction );
255 } catch ( Exception e ) {
256 e.printStackTrace();
257 }
258 }
259
260 /**
261 *
262 * @param name
263 * @param password
264 * @return
265 */
266 public User login( String name, String password ) {
267 User user = null;
268 try {
269 user = manager.getUserByName( "SEC_ADMIN" );
270 user.authenticate( DRMAccess.secAdminPassword );
271 transaction = manager.acquireTransaction( user );
272 user = transaction.getUserByName( name );
273 try {
274 user.authenticate( password );
275 } catch ( WrongCredentialsException e ) {
276 System.out.println( "failed." );
277 }
278 } catch ( Exception e ) {
279 e.printStackTrace();
280 try {
281 manager.abortTransaction( transaction );
282 } catch ( GeneralSecurityException me ) {
283 me.printStackTrace();
284 }
285 }
286 return user;
287 }
288
289 /**
290 *
291 * @param name
292 * @param title
293 * @return
294 */
295 public Group addGroup( String name, String title ) {
296 Group humans = null;
297 try {
298 User user = manager.getUserByName( "SEC_ADMIN" );
299 user.authenticate( DRMAccess.secAdminPassword );
300 transaction = manager.acquireTransaction( user );
301
302 humans = transaction.registerGroup( name, title );
303 manager.commitTransaction( transaction );
304 } catch ( Exception e ) {
305 e.printStackTrace();
306 try {
307 manager.abortTransaction( transaction );
308 } catch ( GeneralSecurityException me ) {
309 me.printStackTrace();
310 }
311 }
312 return humans;
313 }
314
315 /**
316 *
317 * @param name
318 */
319 public void removeGroup( String name ) {
320
321 try {
322 User user = manager.getUserByName( "SEC_ADMIN" );
323 user.authenticate( DRMAccess.secAdminPassword );
324 transaction = manager.acquireTransaction( user );
325
326 Group group = transaction.getGroupByName( name );
327 transaction.deregisterGroup( group );
328 manager.commitTransaction( transaction );
329 } catch ( Exception e ) {
330 e.printStackTrace();
331 try {
332 manager.abortTransaction( transaction );
333 } catch ( GeneralSecurityException me ) {
334 me.printStackTrace();
335 }
336 }
337 }
338
339 /**
340 *
341 * @param name
342 * @return
343 */
344 public Role addRole( String name ) {
345 Role role = null;
346 try {
347 User user = manager.getUserByName( "SEC_ADMIN" );
348 user.authenticate( DRMAccess.secAdminPassword );
349 transaction = manager.acquireTransaction( user );
350
351 role = transaction.registerRole( name );
352 manager.commitTransaction( transaction );
353 } catch ( Exception e ) {
354 e.printStackTrace();
355 try {
356 manager.abortTransaction( transaction );
357 } catch ( GeneralSecurityException me ) {
358 me.printStackTrace();
359 }
360 }
361 return role;
362 }
363
364 /**
365 *
366 * @param name
367 */
368 public void removeRole( String name ) {
369
370 try {
371 User user = manager.getUserByName( "SEC_ADMIN" );
372 user.authenticate( DRMAccess.secAdminPassword );
373 transaction = manager.acquireTransaction( user );
374
375 Role role = transaction.getRoleByName( name );
376 transaction.deregisterRole( role );
377 manager.commitTransaction( transaction );
378 } catch ( Exception e ) {
379 e.printStackTrace();
380 try {
381 manager.abortTransaction( transaction );
382 } catch ( GeneralSecurityException me ) {
383 me.printStackTrace();
384 }
385 }
386
387 }
388
389 /**
390 * @param userName
391 * @param group
392 */
393 public void setGroupMemberships( String userName, String group ) {
394
395 try {
396 User user = manager.getUserByName( "SEC_ADMIN" );
397 user.authenticate( DRMAccess.secAdminPassword );
398 transaction = manager.acquireTransaction( user );
399
400 User jon = transaction.getUserByName( userName );
401 Group humans = transaction.getGroupByName( group );
402 User[] users = humans.getUsers( transaction );
403 List<User> list = Arrays.asList( users );
404 ArrayList<User> aList = new ArrayList<User>( list );
405 aList.add( jon );
406 users = aList.toArray( new User[aList.size()] );
407 transaction.setUsersInGroup( humans, users );
408
409 manager.commitTransaction( transaction );
410 } catch ( Exception e ) {
411 e.printStackTrace();
412 try {
413 manager.abortTransaction( transaction );
414 } catch ( GeneralSecurityException me ) {
415 me.printStackTrace();
416 }
417
418 }
419 }
420
421 /**
422 *
423 * @param role
424 * @param group
425 */
426 public void setRoleAssociation( String role, String group ) {
427 try {
428 User user = manager.getUserByName( "SEC_ADMIN" );
429 user.authenticate( DRMAccess.secAdminPassword );
430 transaction = manager.acquireTransaction( user );
431
432 Group humans = transaction.getGroupByName( group );
433 Role canOpener = transaction.getRoleByName( role );
434 Group[] groups = canOpener.getGroups( transaction );
435 List<Group> list = Arrays.asList( groups );
436 ArrayList<Group> aList = new ArrayList<Group>( list );
437 aList.add( humans );
438 groups = aList.toArray( new Group[aList.size()] );
439 transaction.setGroupsWithRole( canOpener, groups );
440 manager.commitTransaction( transaction );
441 } catch ( Exception e ) {
442 e.printStackTrace();
443 try {
444 manager.abortTransaction( transaction );
445 } catch ( GeneralSecurityException me ) {
446 me.printStackTrace();
447 }
448
449 }
450 }
451
452 /**
453 *
454 * @param type
455 * @param name
456 * @param title
457 */
458 public void addSecuredObject( String type, String name, String title ) {
459 try {
460 User user = manager.getUserByName( "SEC_ADMIN" );
461 user.authenticate( DRMAccess.secAdminPassword );
462 transaction = manager.acquireTransaction( user );
463 transaction.registerSecuredObject( type, name, title );
464 manager.commitTransaction( transaction );
465 } catch ( Exception e ) {
466 e.printStackTrace();
467 try {
468 manager.abortTransaction( transaction );
469 } catch ( GeneralSecurityException me ) {
470 me.printStackTrace();
471 }
472
473 }
474 }
475
476 /**
477 *
478 * @param type
479 * @param name
480 */
481 public void removeSecuredObject( String type, String name ) {
482 try {
483 User user = manager.getUserByName( "SEC_ADMIN" );
484 user.authenticate( DRMAccess.secAdminPassword );
485 transaction = manager.acquireTransaction( user );
486 SecuredObject so = transaction.getSecuredObjectByName( name, type );
487 transaction.deregisterSecuredObject( so );
488 manager.commitTransaction( transaction );
489 } catch ( Exception e ) {
490 e.printStackTrace();
491 try {
492 manager.abortTransaction( transaction );
493 } catch ( GeneralSecurityException me ) {
494 me.printStackTrace();
495 }
496
497 }
498 }
499
500 /**
501 *
502 * @param filter
503 * @param secObj
504 * @param soType
505 * @param role
506 * @param rights
507 */
508 public void assignRights( String[] filter, String secObj, String soType, String role, String[] rights ) {
509 try {
510 User user = manager.getUserByName( "SEC_ADMIN" );
511 user.authenticate( DRMAccess.secAdminPassword );
512 transaction = manager.acquireTransaction( user );
513
514 SecuredObject so = transaction.getSecuredObjectByName( secObj, soType );
515
516 Right[] rs = new Right[rights.length];
517 for ( int i = 0; i < rs.length; i++ ) {
518 Filter constraints = null;
519 if ( filter[i] != null ) {
520 Document doc = XMLTools.parse( new StringReader( filter[i] ) );
521 constraints = AbstractFilter.buildFromDOM( doc.getDocumentElement() );
522 }
523 if ( rights[i].equalsIgnoreCase( "getmap" ) ) {
524 rs[i] = new Right( so, RightType.GETMAP, constraints );
525 } else if ( rights[i].equalsIgnoreCase( "getmap_response" ) ) {
526 rs[i] = new Right( so, RightType.GETMAP_RESPONSE, constraints );
527 } else if ( rights[i].equalsIgnoreCase( "getfeatureinfo" ) ) {
528 rs[i] = new Right( so, RightType.GETFEATUREINFO, constraints );
529 } else if ( rights[i].equalsIgnoreCase( "getfeatureinfo_response" ) ) {
530 rs[i] = new Right( so, RightType.GETFEATUREINFO_RESPONSE, constraints );
531 } else if ( rights[i].equalsIgnoreCase( "getlegendgraphic" ) ) {
532 rs[i] = new Right( so, RightType.GETLEGENDGRAPHIC, constraints );
533 } else if ( rights[i].equalsIgnoreCase( "getlegendgraphic_response" ) ) {
534 rs[i] = new Right( so, RightType.GETLEGENDGRAPHIC_RESPONSE, constraints );
535 } else if ( rights[i].equalsIgnoreCase( "getfeature" ) ) {
536 rs[i] = new Right( so, RightType.GETFEATURE, constraints );
537 } else if ( rights[i].equalsIgnoreCase( "getfeature_response" ) ) {
538 rs[i] = new Right( so, RightType.GETFEATURE_RESPONSE, constraints );
539 } else if ( rights[i].equalsIgnoreCase( "describefeaturetype" ) ) {
540 rs[i] = new Right( so, RightType.DESCRIBEFEATURETYPE, constraints );
541 } else if ( rights[i].equalsIgnoreCase( "describefeaturetype_response" ) ) {
542 rs[i] = new Right( so, RightType.DESCRIBEFEATURETYPE_RESPONSE, constraints );
543 } else if ( rights[i].equalsIgnoreCase( "getcoverage" ) ) {
544 rs[i] = new Right( so, RightType.GETCOVERAGE, constraints );
545 } else if ( rights[i].equalsIgnoreCase( "getcoverage_response" ) ) {
546 rs[i] = new Right( so, RightType.GETCOVERAGE_RESPONSE, constraints );
547 } else if ( rights[i].equalsIgnoreCase( "describecoverage" ) ) {
548 rs[i] = new Right( so, RightType.DESCRIBECOVERAGE, constraints );
549 } else if ( rights[i].equalsIgnoreCase( "describecoverage_response" ) ) {
550 rs[i] = new Right( so, RightType.DESCRIBECOVERAGE_RESPONSE, constraints );
551 } else if ( rights[i].equalsIgnoreCase( "getrecords" ) ) {
552 rs[i] = new Right( so, RightType.GETRECORDS, constraints );
553 } else if ( rights[i].equalsIgnoreCase( "getrecords_response" ) ) {
554 rs[i] = new Right( so, RightType.GETRECORDS_RESPONSE, constraints );
555 } else if ( rights[i].equalsIgnoreCase( "getrecordbyid" ) ) {
556 rs[i] = new Right( so, RightType.GETRECORDBYID, constraints );
557 } else if ( rights[i].equalsIgnoreCase( "getrecordbyid_response" ) ) {
558 rs[i] = new Right( so, RightType.GETRECORDBYID_RESPONSE, constraints );
559 } else if ( rights[i].equalsIgnoreCase( "describerecordtype" ) ) {
560 rs[i] = new Right( so, RightType.DESCRIBERECORDTYPE, constraints );
561 } else if ( rights[i].equalsIgnoreCase( "describerecordtype_response" ) ) {
562 rs[i] = new Right( so, RightType.DESCRIBERECORDTYPE_RESPONSE, constraints );
563 } else if ( rights[i].equalsIgnoreCase( "delete" ) ) {
564 rs[i] = new Right( so, RightType.DELETE, constraints );
565 } else if ( rights[i].equalsIgnoreCase( "delete_response" ) ) {
566 rs[i] = new Right( so, RightType.DELETE_RESPONSE, constraints );
567 } else if ( rights[i].equalsIgnoreCase( "update" ) ) {
568 rs[i] = new Right( so, RightType.UPDATE, constraints );
569 } else if ( rights[i].equalsIgnoreCase( "update_response" ) ) {
570 rs[i] = new Right( so, RightType.UPDATE_RESPONSE, constraints );
571 } else if ( rights[i].equalsIgnoreCase( "insert" ) ) {
572 rs[i] = new Right( so, RightType.INSERT, constraints );
573 } else if ( rights[i].equalsIgnoreCase( "insert_response" ) ) {
574 rs[i] = new Right( so, RightType.INSERT_RESPONSE, constraints );
575 } else if ( rights[i].equalsIgnoreCase( "GetRepositoryItem" ) ) {
576 rs[i] = new Right( so, RightType.GETREPOSITORYITEM, constraints );
577 } else if ( rights[i].equalsIgnoreCase( "GetRepositoryItem_response" ) ) {
578 rs[i] = new Right( so, RightType.GETREPOSITORYITEM_RESPONSE, constraints );
579 } else {
580 System.out.println( "unknown right: " + rights[i] );
581 }
582 }
583
584 transaction.addRights( so, transaction.getRoleByName( role ), rs );
585 manager.commitTransaction( transaction );
586 } catch ( Exception e ) {
587 e.printStackTrace();
588 try {
589 manager.abortTransaction( transaction );
590 } catch ( GeneralSecurityException me ) {
591 me.printStackTrace();
592 }
593 }
594 }
595
596 /**
597 * @param secObj
598 * @param soType
599 * @param role
600 * @param rights
601 */
602 public void removeRights( String secObj, String soType, String role, String[] rights ) {
603 try {
604 User user = manager.getUserByName( "SEC_ADMIN" );
605 user.authenticate( DRMAccess.secAdminPassword );
606 transaction = manager.acquireTransaction( user );
607
608 SecuredObject so = transaction.getSecuredObjectByName( secObj, soType );
609
610 RightType[] rs = new RightType[rights.length];
611 for ( int i = 0; i < rs.length; i++ ) {
612 rs[i] = transaction.getRightByName( rights[i] );
613 }
614
615 transaction.removeRights( so, transaction.getRoleByName( role ), rs );
616 manager.commitTransaction( transaction );
617 } catch ( Exception e ) {
618 e.printStackTrace();
619 try {
620 manager.abortTransaction( transaction );
621 } catch ( GeneralSecurityException me ) {
622 me.printStackTrace();
623 }
624 }
625 }
626
627 /**
628 *
629 */
630 public void clean() {
631 try {
632 User user = manager.getUserByName( "SEC_ADMIN" );
633 user.authenticate( DRMAccess.secAdminPassword );
634 transaction = manager.acquireTransaction( user );
635 transaction.clean();
636 manager.commitTransaction( transaction );
637 } catch ( Exception e ) {
638 e.printStackTrace();
639 }
640 }
641
642 /**
643 * @param user
644 * @param password
645 * @param securedObject
646 * @param type
647 * @param right
648 */
649 public void hasRight( String user, String password, String securedObject, String type, String right ) {
650 try {
651 SecurityAccessManager sam = SecurityAccessManager.getInstance();
652 User usr = sam.getUserByName( user );
653 usr.authenticate( password );
654 SecurityAccess access = sam.acquireAccess( usr );
655 SecuredObject secObj = access.getSecuredObjectByName( securedObject, type );
656 if ( !usr.hasRight( access, right, secObj ) ) {
657 System.out.println( "You try to access a feature/resource on a "
658 + "securedObject you are not allowed to: " + securedObject );
659 } else {
660 System.out.println( "the user '" + user + "' has the requested right" );
661 }
662 } catch ( WrongCredentialsException e ) {
663 e.printStackTrace();
664 } catch ( GeneralSecurityException e ) {
665 e.printStackTrace();
666 }
667 }
668
669 private String fillString( String begin, int length ) {
670 StringBuffer sb = new StringBuffer();
671 for ( int i = 0; i < length - begin.length(); i++ ) {
672 sb.append( ' ' );
673 }
674 return begin + sb;
675 }
676
677 /**
678 * @param userName
679 * @param secObjectType
680 */
681 public void printRights( String userName, String secObjectType ) {
682 try {
683 User secAdminUser = manager.getUserByName( "SEC_ADMIN" );
684 secAdminUser.authenticate( DRMAccess.secAdminPassword );
685 SecurityAccess access = manager.acquireAccess( secAdminUser );
686
687 User user = access.getUserByName( userName );
688 SecuredObject[] secObjects = access.getAllSecuredObjects( secObjectType );
689 Role[] roles = user.getRoles( access );
690
691 System.out.println( "ROLE SEC_OBJECT RIGHT CONSTRAINTS\n" );
692 for ( int i = 0; i < roles.length; i++ ) {
693 String roleString = fillString( roles[i].getName(), 24 );
694 for ( int j = 0; j < secObjects.length; j++ ) {
695 String secObjectString = fillString( secObjects[j].getName(), 26 );
696 RightSet rightSet = roles[i].getRights( access, secObjects[j] );
697 Right[] rights = rightSet.toArray( secObjects[j] );
698 for ( int k = 0; k < rights.length; k++ ) {
699 String rightString = fillString( rights[k].getType().getName(), 16 );
700 Filter filter = rights[k].getConstraints();
701 String constraintsString = " 0";
702 if ( filter != null ) {
703 constraintsString = " 1";
704 }
705 System.out.println( roleString + secObjectString + rightString + constraintsString );
706 }
707 }
708 }
709 } catch ( Exception e ) {
710 e.printStackTrace();
711 }
712 }
713
714 /**
715 *
716 *
717 */
718 private static void printHelp() {
719 System.out.println( "general definitions:" );
720 System.out.println( "-driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)" );
721 System.out.println( "-logon jdbc:odbc:security logon to database (e.g. ODBC name)" );
722 System.out.println( "-user user name (optional)" );
723 System.out.println( "-pw users password (optional)" );
724 System.out.println();
725 System.out.println( "possible actions:" );
726 System.out.println( "-action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)" );
727 System.out.println( "defines the action be performed. possible actions are listed inn brackets." );
728 System.out.println();
729 System.out.println( "action = addUser -> adds a user to the right management" );
730 System.out.println( "-name users login name" );
731 System.out.println( "-password users password" );
732 System.out.println( "-firstName the first name of the user" );
733 System.out.println( "-lastName the last name of the user" );
734 System.out.println( "-emal email address of the user" );
735 System.out.println();
736 System.out.println( "action = removeUser -> removes a user to the right management" );
737 System.out.println( "-name users login name" );
738 System.out.println();
739 System.out.println( "action = addGroup -> adds a group to the right management system" );
740 System.out.println( "-name name of the group" );
741 System.out.println( "-title title of the group" );
742 System.out.println();
743 System.out.println( "action = removeGroup -> removes a group to the right management" );
744 System.out.println( "-name groups login name" );
745 System.out.println();
746 System.out.println( "action = addRole -> adds a role to the right management system" );
747 System.out.println( "-name name of the role" );
748 System.out.println();
749 System.out.println( "action = addUserToGroup -> adds a user to a named group" );
750 System.out.println( "-userName name of the user" );
751 System.out.println( "-groupName name of the group" );
752 System.out.println();
753 System.out.println( "action = addUserToGroup -> assignes a group with a role" );
754 System.out.println( "-groupName name of the group" );
755 System.out.println( "-roleName name of the role" );
756 System.out.println();
757 System.out.println( "action = addSecuredObject -> adds a new secured object to the right management system" );
758 System.out.println( "-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)" );
759 System.out.println( "-soName name of the secured object" );
760 System.out.println( "-soTitle title of the secured object" );
761 System.out.println();
762 System.out.println( "action = removeSecuredObject -> removes a new secured object from the right management system" );
763 System.out.println( "-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)" );
764 System.out.println( "-soName name of the secured object" );
765 System.out.println();
766 System.out.println( "action = assignRights -> assigns rights on a named secured object to a role" );
767 System.out.println( "-constraints comma seperated list of absolut pathes to filter encoding files" );
768 System.out.println( "-rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints" );
769 System.out.println( "-soName name of the secured object" );
770 System.out.println( "-soType type of the secured object" );
771 System.out.println( "-role name of the role the rights shall be given to" );
772 System.out.println();
773 System.out.println( "action = removeRights removes rights on a named secured object to a role" );
774 System.out.println( "-rights comma seperated list of rights to remove." );
775 System.out.println( "-soName name of the secured object" );
776 System.out.println( "-soType type of the secured object" );
777 System.out.println( "-role name of the role the rights shall be given to" );
778 System.out.println();
779 System.out.println( "action = printRights -> print roles and associated rights of a user" );
780 System.out.println( "-userName name of the user" );
781 System.out.println( "-soType type of the secured object" );
782 System.out.println();
783 System.out.println( "action = clean -> cleans the complete right management system "
784 + "database by deleting all entries!" );
785 }
786
787 /**
788 * @param args
789 */
790 public static void main( String[] args ) {
791 try {
792 Properties map = new Properties();
793
794 for ( int i = 0; i < args.length; i += 2 ) {
795 if ( args.length >= i + 2 ) {
796 map.put( args[i], args[i + 1] );
797 } else {
798 map.put( args[i], "" );
799 }
800 }
801
802 if ( map.containsKey( "-help" ) || map.containsKey( "-h" ) || map.containsKey( "-?" ) ) {
803 printHelp();
804 }
805
806 String driver = map.getProperty( "-driver" );
807 String logon = map.getProperty( "-logon" );
808 String user = map.getProperty( "-user" );
809 String password = map.getProperty( "-pw" );
810
811 DRMAccess sac = new DRMAccess();
812 sac.setUp( driver, logon, user, password );
813
814 String action = map.getProperty( "-action" );
815
816 if ( action.equals( "addUser" ) ) {
817 sac.addUser( map.getProperty( "-name" ), map.getProperty( "-password" ),
818 map.getProperty( "-firstName" ), map.getProperty( "-lastName" ),
819 map.getProperty( "-email" ) );
820 } else if ( action.equals( "removeUser" ) ) {
821 sac.removeUser( map.getProperty( "-name" ) );
822 } else if ( action.equals( "addGroup" ) ) {
823 sac.addGroup( map.getProperty( "-name" ), map.getProperty( "-title" ) );
824 } else if ( action.equals( "removeGroup" ) ) {
825 sac.removeGroup( map.getProperty( "-name" ) );
826 } else if ( action.equals( "addRole" ) ) {
827 sac.addRole( map.getProperty( "-name" ) );
828 } else if ( action.equals( "removeRole" ) ) {
829 sac.removeRole( map.getProperty( "-name" ) );
830 } else if ( action.equals( "addUserToGroup" ) ) {
831 sac.setGroupMemberships( map.getProperty( "-userName" ), map.getProperty( "-groupName" ) );
832 } else if ( action.equals( "assignRoleWithGroup" ) ) {
833 sac.setRoleAssociation( map.getProperty( "-roleName" ), map.getProperty( "-groupName" ) );
834 } else if ( action.equals( "addSecuredObject" ) ) {
835 sac.addSecuredObject( map.getProperty( "-soType" ), map.getProperty( "-soName" ),
836 map.getProperty( "-soTitle" ) );
837 } else if ( action.equals( "removeSecuredObject" ) ) {
838 sac.removeSecuredObject( map.getProperty( "-soType" ), map.getProperty( "-soName" ) );
839 } else if ( action.equals( "assignRights" ) ) {
840 String[] filter = StringTools.toArray( map.getProperty( "-constraints" ), ",;", false );
841 for ( int i = 0; i < filter.length; i++ ) {
842 if ( filter[i] != null && !filter[i].trim().equals( "-" ) && !filter[i].trim().equals( "." ) ) {
843 RandomAccessFile raf = new RandomAccessFile( filter[i], "r" );
844 long l = raf.length();
845 byte[] b = new byte[(int) l];
846 raf.read( b );
847 raf.close();
848 filter[i] = new String( b );
849 } else {
850 filter[i] = null;
851 }
852 }
853 String[] rights = StringTools.toArray( map.getProperty( "-rights" ), ",:;", false );
854 sac.assignRights( filter, map.getProperty( "-soName" ), map.getProperty( "-soType" ),
855 map.getProperty( "-role" ), rights );
856 } else if ( action.equals( "removeRights" ) ) {
857 String[] rights = StringTools.toArray( map.getProperty( "-rights" ), ",", false );
858 sac.removeRights( map.getProperty( "-soName" ), map.getProperty( "-soType" ),
859 map.getProperty( "-role" ), rights );
860 } else if ( action.equals( "hasRight" ) ) {
861 sac.hasRight( map.getProperty( "-userName" ), map.getProperty( "-password" ),
862 map.getProperty( "-soName" ), map.getProperty( "-soType" ), map.getProperty( "-right" ) );
863 } else if ( action.equals( "clean" ) ) {
864 sac.clean();
865 } else if ( action.equals( "printRights" ) ) {
866 sac.printRights( map.getProperty( "-userName" ), map.getProperty( "-soType" ) );
867 }
868
869 try {
870 Thread.sleep( 100 );
871 } catch ( Exception e ) {
872 }
873 System.out.println( "finished" );
874 System.exit( 0 );
875 } catch ( FileNotFoundException e ) {
876 e.printStackTrace();
877 } catch ( IOException e ) {
878 e.printStackTrace();
879 } catch ( Exception e ) {
880 e.printStackTrace();
881 }
882 }
883 }