001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/portal/standard/context/control/InitDownloadListener.java $$ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 037 package org.deegree.portal.standard.context.control; 038 039 import java.util.ArrayList; 040 import java.util.List; 041 import java.util.Map; 042 import java.util.Properties; 043 044 import javax.servlet.http.HttpServletRequest; 045 import javax.servlet.http.HttpSession; 046 047 import org.deegree.enterprise.control.FormEvent; 048 import org.deegree.framework.log.ILogger; 049 import org.deegree.framework.log.LoggerFactory; 050 import org.deegree.portal.Constants; 051 import org.deegree.portal.context.DataService; 052 import org.deegree.portal.context.Layer; 053 import org.deegree.portal.context.LayerExtension; 054 import org.deegree.portal.context.ViewContext; 055 import org.deegree.security.drm.SecurityAccess; 056 import org.deegree.security.drm.SecurityAccessManager; 057 import org.deegree.security.drm.model.RightType; 058 import org.deegree.security.drm.model.SecuredObject; 059 import org.deegree.security.drm.model.User; 060 061 /** 062 * 063 * 064 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a> 065 * @author last edited by: $Author: mschneider $ 066 * 067 * @version 1.1, $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $ 068 * 069 * @since 1.1 070 */ 071 public class InitDownloadListener extends AbstractContextListener { 072 073 private static final ILogger LOG = LoggerFactory.getLogger( InitDownloadListener.class ); 074 075 /* 076 * (non-Javadoc) 077 * 078 * @see org.deegree.enterprise.control.AbstractListener#actionPerformed(org.deegree.enterprise.control.FormEvent) 079 */ 080 @Override 081 public void actionPerformed( FormEvent event ) { 082 083 Map map = toModel(); 084 try { 085 String userName = getUserName( (String) map.get( "SESSIONID" ) ); 086 String userPw = getUserPassword( (String) map.get( "SESSIONID" ) ); 087 Layer[] layers = getLayers( userName, userPw ); 088 getRequest().setAttribute( "LAYERS", layers ); 089 } catch ( Exception e ) { 090 LOG.logError( e.getMessage(), e ); 091 gotoErrorPage( e.getMessage() ); 092 return; 093 } 094 } 095 096 /** 097 * returns true if the passed user is allowed to download the passed featureType 098 * 099 * @param user 100 * @param featureType 101 * @return true if the user is authorized, false otherwise 102 */ 103 private boolean isAuthorized( String user, String password, String featureType ) { 104 105 try { 106 LOG.logDebug( "SecurityAccesManagr.isInitialized: ", SecurityAccessManager.isInitialized() ); 107 if ( !SecurityAccessManager.isInitialized() ) { 108 initSAM(); 109 } 110 SecurityAccessManager sam = SecurityAccessManager.getInstance(); 111 User usr = sam.getUserByName( user ); 112 usr.authenticate( password ); 113 SecurityAccess access = sam.acquireAccess( usr ); 114 SecuredObject secObj = access.getSecuredObjectByName( featureType, "Featuretype" ); 115 if ( !usr.hasRight( access, RightType.GETFEATURE, secObj ) ) { 116 LOG.logError( "You are trying to access a feature/resource on a securedObject, which you do not have authentication to: " 117 + featureType ); 118 return false; 119 } else { 120 return true; 121 } 122 } catch ( Exception e ) { 123 LOG.logError( e.getMessage(), e ); 124 } 125 return false; 126 } 127 128 protected boolean initSAM() { 129 130 String driver = getInitParameter( "driver" ); 131 String url = getInitParameter( "url" ); 132 String user = getInitParameter( "user" ); 133 String password = getInitParameter( "password" ); 134 135 Properties properties = new Properties(); 136 properties.setProperty( "driver", driver ); 137 properties.setProperty( "url", url ); 138 properties.setProperty( "user", user ); 139 properties.setProperty( "password", password ); 140 141 try { 142 SecurityAccessManager.initialize( "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000 ); 143 } catch ( Exception e ) { 144 LOG.logError( "securitymanager could not be initilaized" ); 145 return false; 146 } 147 return false; 148 } 149 150 /** 151 * returns a list of layers that are downloadable (assigend to a WFS) and for which the passed user has access 152 * rights 153 * 154 * @param user 155 * username 156 * @param pw 157 * password 158 * @return all layers allowed for the given user 159 */ 160 private Layer[] getLayers( String user, String pw ) { 161 HttpSession session = ( (HttpServletRequest) this.getRequest() ).getSession(); 162 ViewContext vc = (ViewContext) session.getAttribute( Constants.CURRENTMAPCONTEXT ); 163 List<Layer> list = new ArrayList<Layer>(); 164 Layer[] layers = vc.getLayerList().getLayers(); 165 LOG.logDebug( "Calling getLayers()" ); 166 for ( int i = 0; i < layers.length; i++ ) { 167 // gets the dataservice (WFS) that is responsible for 168 // delivering a layers data 169 DataService ds = ( (LayerExtension) layers[i].getExtension() ).getDataService(); 170 if ( ds != null ) { 171 if ( isAuthorized( user, pw, ds.getFeatureType() ) ) { 172 list.add( layers[i] ); 173 LOG.logDebug( "Adding layer: ", layers[i].getName(), " to list" ); 174 } else { 175 LOG.logDebug( "You are not authorized to Layer: ", layers[i].getName() ); 176 } 177 } else { 178 LOG.logDebug( "Dataservice for layer: ", layers[i].getName(), " is null" ); 179 } 180 } 181 layers = new Layer[list.size()]; 182 return (Layer[]) list.toArray( layers ); 183 } 184 185 }