001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/portal/standard/security/control/GetUsersListener.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.portal.standard.security.control;
037
038 import java.util.ArrayList;
039 import java.util.regex.Pattern;
040 import java.util.regex.PatternSyntaxException;
041
042 import org.deegree.enterprise.control.AbstractListener;
043 import org.deegree.enterprise.control.FormEvent;
044 import org.deegree.enterprise.control.RPCException;
045 import org.deegree.enterprise.control.RPCMethodCall;
046 import org.deegree.enterprise.control.RPCParameter;
047 import org.deegree.enterprise.control.RPCWebEvent;
048 import org.deegree.framework.log.ILogger;
049 import org.deegree.framework.log.LoggerFactory;
050 import org.deegree.i18n.Messages;
051 import org.deegree.security.GeneralSecurityException;
052 import org.deegree.security.drm.SecurityAccess;
053 import org.deegree.security.drm.model.User;
054
055 /**
056 * This <code>Listener</code> reacts on RPC-GetUsers events, extracts the submitted letters and
057 * passes the users that begin with one of the letters on to the JSP.
058 * <p>
059 * The internal "SEC_ADMIN" user is sorted out from the USERS parameter.
060 * </p>
061 * <p>
062 * Access constraints:
063 * <ul>
064 * <li>only users that have the 'SEC_ADMIN'-role are allowed</li>
065 * </ul>
066 * </p>
067 *
068 * @author <a href="mschneider@lat-lon.de">Markus Schneider </a>
069 * @author last edited by: $Author: mschneider $
070 *
071 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $
072 */
073 public class GetUsersListener extends AbstractListener {
074
075 private static final ILogger LOG = LoggerFactory.getLogger( GetUsersListener.class );
076
077 @Override
078 public void actionPerformed( FormEvent event ) {
079
080 try {
081 // perform access check
082 SecurityAccess access = SecurityHelper.acquireAccess( this );
083 SecurityHelper.checkForAdminRole( access );
084
085 String regex = null;
086
087 if ( event instanceof RPCWebEvent ) {
088 RPCWebEvent ev = (RPCWebEvent) event;
089 RPCMethodCall rpcCall = ev.getRPCMethodCall();
090 RPCParameter[] params = rpcCall.getParameters();
091 if ( params.length != 1 || !( params[0].getValue() instanceof String ) ) {
092 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_PARAM_NUM_REGEX" ) );
093 }
094 regex = (String) params[0].getValue();
095 }
096
097 User[] users = access.getAllUsers();
098 ArrayList<User> filteredUsers = new ArrayList<User>( 1000 );
099 Pattern pattern = Pattern.compile( regex );
100
101 // include all users which match the submitte regular expression
102 for ( int i = 0; i < users.length; i++ ) {
103 if ( users[i].getID() != User.ID_SEC_ADMIN ) {
104 String name = users[i].getName();
105 LOG.logDebug( "Does '" + name + "' match '" + regex + "'? " );
106 if ( pattern.matcher( name ).matches() ) {
107 LOG.logDebug( "Yes." );
108 filteredUsers.add( users[i] );
109 } else {
110 LOG.logDebug( "No." );
111 }
112 }
113 }
114
115 User[] us = filteredUsers.toArray( new User[filteredUsers.size()] );
116 getRequest().setAttribute( "USERS", us );
117 } catch ( PatternSyntaxException e ) {
118 getRequest().setAttribute( "SOURCE", this.getClass().getName() );
119 getRequest().setAttribute( "MESSAGE",
120 Messages.getMessage( "IGEO_STD_SEC_ERROR_GET_USERS_REGEX", e.getMessage() ) );
121 setNextPage( "error.jsp" );
122 LOG.logError( e.getMessage() );
123 } catch ( RPCException e ) {
124 getRequest().setAttribute( "SOURCE", this.getClass().getName() );
125 getRequest().setAttribute( "MESSAGE",
126 Messages.getMessage( "IGEO_STD_SEC_ERROR_GET_USERS_REQUEST", e.getMessage() ) );
127 setNextPage( "error.jsp" );
128 LOG.logError( e.getMessage() );
129 } catch ( GeneralSecurityException e ) {
130 getRequest().setAttribute( "SOURCE", this.getClass().getName() );
131 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_GET_USERS", e.getMessage() ) );
132 setNextPage( "error.jsp" );
133 LOG.logError( e.getMessage() );
134 }
135
136 }
137 }