001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/portal/standard/security/control/StoreRolesListener.java $ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.portal.standard.security.control; 037 038 import java.util.ArrayList; 039 040 import org.deegree.enterprise.control.AbstractListener; 041 import org.deegree.enterprise.control.FormEvent; 042 import org.deegree.enterprise.control.RPCException; 043 import org.deegree.enterprise.control.RPCMember; 044 import org.deegree.enterprise.control.RPCMethodCall; 045 import org.deegree.enterprise.control.RPCParameter; 046 import org.deegree.enterprise.control.RPCStruct; 047 import org.deegree.enterprise.control.RPCWebEvent; 048 import org.deegree.framework.log.ILogger; 049 import org.deegree.framework.log.LoggerFactory; 050 import org.deegree.i18n.Messages; 051 import org.deegree.security.GeneralSecurityException; 052 import org.deegree.security.drm.SecurityAccessManager; 053 import org.deegree.security.drm.SecurityTransaction; 054 import org.deegree.security.drm.model.Group; 055 import org.deegree.security.drm.model.Right; 056 import org.deegree.security.drm.model.RightType; 057 import org.deegree.security.drm.model.Role; 058 059 /** 060 * This <code>Listener</code> reacts on RPC-StoreRoles events, extracts the submitted role/group 061 * relations and updates the <code>SecurityAccessManager</code> accordingly. 062 * 063 * Access constraints: 064 * <ul> 065 * <li>only users that have the 'SEC_ADMIN'-rol are allowed</li> 066 * </ul> 067 * 068 * @author <a href="mschneider@lat-lon.de">Markus Schneider </a> 069 * @author last edited by: $Author: mschneider $ 070 * 071 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $ 072 */ 073 public class StoreRolesListener extends AbstractListener { 074 075 private static final ILogger LOG = LoggerFactory.getLogger( StoreRolesListener.class ); 076 077 @Override 078 public void actionPerformed( FormEvent event ) { 079 080 // contains the data from the RPC, values of the ArrayLists 081 // are Integers (one roleId followed by several groupIds; the 082 // first value is a String in case of a new role) 083 ArrayList[] roles = null; 084 085 SecurityAccessManager manager = null; 086 SecurityTransaction transaction = null; 087 088 try { 089 RPCWebEvent ev = (RPCWebEvent) event; 090 RPCMethodCall rpcCall = ev.getRPCMethodCall(); 091 RPCParameter[] params = rpcCall.getParameters(); 092 093 roles = new ArrayList[params.length]; 094 for ( int i = 0; i < params.length; i++ ) { 095 ArrayList<Object> list = new ArrayList<Object>(); 096 roles[i] = list; 097 if ( !( params[0].getValue() instanceof RPCStruct ) ) { 098 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_STRUCT" ) ); 099 } 100 RPCStruct struct = (RPCStruct) params[i].getValue(); 101 102 // extract role-id / role-name 103 RPCMember roleId = struct.getMember( "roleId" ); 104 RPCMember roleName = struct.getMember( "roleName" ); 105 if ( ( roleId == null && roleName == null ) || ( roleId != null && roleName != null ) ) { 106 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_ROLES", "roleId", "roleName" ) ); 107 } 108 if ( roleId != null ) { 109 if ( !( roleId.getValue() instanceof String ) ) { 110 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_MEMBER", "roleId", "string" ) ); 111 } 112 try { 113 list.add( new Integer( (String) roleId.getValue() ) ); 114 } catch ( NumberFormatException e ) { 115 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_MEMBER", "roleId", "integer" ) ); 116 } 117 } else { 118 if ( !( roleName.getValue() instanceof String ) ) { 119 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_MEMBER", "roleName", "string" ) ); 120 } 121 list.add( roleName.getValue() ); 122 } 123 124 // extract groups 125 RPCMember groups = struct.getMember( "groups" ); 126 if ( !( groups.getValue() instanceof RPCParameter[] ) ) { 127 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_ARRAY", "groups" ) ); 128 } 129 RPCParameter[] groupArray = (RPCParameter[]) groups.getValue(); 130 for ( int j = 0; j < groupArray.length; j++ ) { 131 if ( !( groupArray[j].getValue() instanceof String ) ) { 132 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_ARRAY_VALUES", "groups", 133 "String" ) ); 134 } 135 try { 136 list.add( new Integer( (String) groupArray[j].getValue() ) ); 137 } catch ( NumberFormatException e ) { 138 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_INVALID_ARRAY_VALUES", "groups", 139 "Integer" ) ); 140 } 141 } 142 } 143 144 // get Transaction 145 manager = SecurityAccessManager.getInstance(); 146 transaction = SecurityHelper.acquireTransaction( this ); 147 SecurityHelper.checkForAdminRole( transaction ); 148 149 // perform access check (and get admin/subadmin role) 150 Role subadminRole = SecurityHelper.checkForAdminOrSubadminRole( transaction ); 151 152 // remove deleted roles 153 Role[] oldRoles = transaction.getAllRoles(); 154 for ( int i = 0; i < oldRoles.length; i++ ) { 155 if ( !oldRoles[i].getName().startsWith( "SUBADMIN:" ) ) { 156 boolean deleted = true; 157 for ( int j = 0; j < roles.length; j++ ) { 158 ArrayList list = roles[j]; 159 if ( list.get( 0 ) instanceof Integer ) { 160 if ( ( (Integer) list.get( 0 ) ).intValue() == oldRoles[i].getID() ) { 161 deleted = false; 162 } 163 } 164 } 165 if ( deleted ) { 166 // deregister Role 167 transaction.deregisterRole( oldRoles[i] ); 168 } 169 } 170 } 171 172 // store all submitted roles (and their groups) 173 for ( int i = 0; i < roles.length; i++ ) { 174 Role role = null; 175 176 ArrayList list = roles[i]; 177 if ( list.get( 0 ) instanceof Integer ) { 178 role = transaction.getRoleById( ( (Integer) list.get( 0 ) ).intValue() ); 179 180 // only modify role if editor has the right to grant the 181 // role 182 if ( !transaction.getUser().hasRight( transaction, "grant", role ) ) { 183 continue; 184 } 185 } else { 186 // only add role if editor has the privilege to do so 187 if ( transaction.getUser().hasPrivilege( transaction, "addrole" ) ) { 188 role = transaction.registerRole( (String) list.get( 0 ) ); 189 if ( subadminRole.getID() != Role.ID_SEC_ADMIN ) { 190 transaction.setRights( role, subadminRole, 191 new Right[] { new Right( role, RightType.DELETE ), 192 new Right( role, RightType.UPDATE ), 193 new Right( role, RightType.GRANT ) } ); 194 } 195 } 196 } 197 // set groups to be associated with the role 198 Group[] groups = new Group[list.size() - 1]; 199 for ( int j = 1; j < list.size(); j++ ) { 200 int groupId = ( (Integer) list.get( j ) ).intValue(); 201 groups[j - 1] = transaction.getGroupById( groupId ); 202 } 203 transaction.setGroupsWithRole( role, groups ); 204 } 205 manager.commitTransaction( transaction ); 206 transaction = null; 207 208 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_SUCCESS_INITROLEEDITOR" ) ); 209 210 } catch ( RPCException e ) { 211 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 212 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_CHANGE_REQ", e.getMessage() ) ); 213 setNextPage( "error.jsp" ); 214 LOG.logDebug( e.getMessage(), e ); 215 216 } catch ( GeneralSecurityException e ) { 217 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 218 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_CHANGE", e.getMessage() ) ); 219 setNextPage( "error.jsp" ); 220 LOG.logDebug( e.getMessage(), e ); 221 } finally { 222 if ( manager != null && transaction != null ) { 223 try { 224 manager.abortTransaction( transaction ); 225 } catch ( GeneralSecurityException ex ) { 226 LOG.logDebug( ex.getMessage(), ex ); 227 } 228 } 229 } 230 } 231 }