001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/portal/standard/security/control/StoreRolesListener.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.portal.standard.security.control;
037
038 import java.util.ArrayList;
039
040 import org.deegree.enterprise.control.AbstractListener;
041 import org.deegree.enterprise.control.FormEvent;
042 import org.deegree.enterprise.control.RPCException;
043 import org.deegree.enterprise.control.RPCMember;
044 import org.deegree.enterprise.control.RPCMethodCall;
045 import org.deegree.enterprise.control.RPCParameter;
046 import org.deegree.enterprise.control.RPCStruct;
047 import org.deegree.enterprise.control.RPCWebEvent;
048 import org.deegree.framework.log.ILogger;
049 import org.deegree.framework.log.LoggerFactory;
050 import org.deegree.i18n.Messages;
051 import org.deegree.security.GeneralSecurityException;
052 import org.deegree.security.drm.SecurityAccessManager;
053 import org.deegree.security.drm.SecurityTransaction;
054 import org.deegree.security.drm.model.Group;
055 import org.deegree.security.drm.model.Right;
056 import org.deegree.security.drm.model.RightType;
057 import org.deegree.security.drm.model.Role;
058
059 /**
060 * This <code>Listener</code> reacts on RPC-StoreRoles events, extracts the submitted role/group
061 * relations and updates the <code>SecurityAccessManager</code> accordingly.
062 *
063 * Access constraints:
064 * <ul>
065 * <li>only users that have the 'SEC_ADMIN'-rol are allowed</li>
066 * </ul>
067 *
068 * @author <a href="mschneider@lat-lon.de">Markus Schneider </a>
069 * @author last edited by: $Author: mschneider $
070 *
071 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $
072 */
073 public class StoreRolesListener extends AbstractListener {
074
075 private static final ILogger LOG = LoggerFactory.getLogger( StoreRolesListener.class );
076
077 @Override
078 public void actionPerformed( FormEvent event ) {
079
080 // contains the data from the RPC, values of the ArrayLists
081 // are Integers (one roleId followed by several groupIds; the
082 // first value is a String in case of a new role)
083 ArrayList[] roles = null;
084
085 SecurityAccessManager manager = null;
086 SecurityTransaction transaction = null;
087
088 try {
089 RPCWebEvent ev = (RPCWebEvent) event;
090 RPCMethodCall rpcCall = ev.getRPCMethodCall();
091 RPCParameter[] params = rpcCall.getParameters();
092
093 roles = new ArrayList[params.length];
094 for ( int i = 0; i < params.length; i++ ) {
095 ArrayList<Object> list = new ArrayList<Object>();
096 roles[i] = list;
097 if ( !( params[0].getValue() instanceof RPCStruct ) ) {
098 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_STRUCT" ) );
099 }
100 RPCStruct struct = (RPCStruct) params[i].getValue();
101
102 // extract role-id / role-name
103 RPCMember roleId = struct.getMember( "roleId" );
104 RPCMember roleName = struct.getMember( "roleName" );
105 if ( ( roleId == null && roleName == null ) || ( roleId != null && roleName != null ) ) {
106 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_ROLES", "roleId", "roleName" ) );
107 }
108 if ( roleId != null ) {
109 if ( !( roleId.getValue() instanceof String ) ) {
110 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_MEMBER", "roleId", "string" ) );
111 }
112 try {
113 list.add( new Integer( (String) roleId.getValue() ) );
114 } catch ( NumberFormatException e ) {
115 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_MEMBER", "roleId", "integer" ) );
116 }
117 } else {
118 if ( !( roleName.getValue() instanceof String ) ) {
119 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_MEMBER", "roleName", "string" ) );
120 }
121 list.add( roleName.getValue() );
122 }
123
124 // extract groups
125 RPCMember groups = struct.getMember( "groups" );
126 if ( !( groups.getValue() instanceof RPCParameter[] ) ) {
127 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_ARRAY", "groups" ) );
128 }
129 RPCParameter[] groupArray = (RPCParameter[]) groups.getValue();
130 for ( int j = 0; j < groupArray.length; j++ ) {
131 if ( !( groupArray[j].getValue() instanceof String ) ) {
132 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_ARRAY_VALUES", "groups",
133 "String" ) );
134 }
135 try {
136 list.add( new Integer( (String) groupArray[j].getValue() ) );
137 } catch ( NumberFormatException e ) {
138 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_INVALID_ARRAY_VALUES", "groups",
139 "Integer" ) );
140 }
141 }
142 }
143
144 // get Transaction
145 manager = SecurityAccessManager.getInstance();
146 transaction = SecurityHelper.acquireTransaction( this );
147 SecurityHelper.checkForAdminRole( transaction );
148
149 // perform access check (and get admin/subadmin role)
150 Role subadminRole = SecurityHelper.checkForAdminOrSubadminRole( transaction );
151
152 // remove deleted roles
153 Role[] oldRoles = transaction.getAllRoles();
154 for ( int i = 0; i < oldRoles.length; i++ ) {
155 if ( !oldRoles[i].getName().startsWith( "SUBADMIN:" ) ) {
156 boolean deleted = true;
157 for ( int j = 0; j < roles.length; j++ ) {
158 ArrayList list = roles[j];
159 if ( list.get( 0 ) instanceof Integer ) {
160 if ( ( (Integer) list.get( 0 ) ).intValue() == oldRoles[i].getID() ) {
161 deleted = false;
162 }
163 }
164 }
165 if ( deleted ) {
166 // deregister Role
167 transaction.deregisterRole( oldRoles[i] );
168 }
169 }
170 }
171
172 // store all submitted roles (and their groups)
173 for ( int i = 0; i < roles.length; i++ ) {
174 Role role = null;
175
176 ArrayList list = roles[i];
177 if ( list.get( 0 ) instanceof Integer ) {
178 role = transaction.getRoleById( ( (Integer) list.get( 0 ) ).intValue() );
179
180 // only modify role if editor has the right to grant the
181 // role
182 if ( !transaction.getUser().hasRight( transaction, "grant", role ) ) {
183 continue;
184 }
185 } else {
186 // only add role if editor has the privilege to do so
187 if ( transaction.getUser().hasPrivilege( transaction, "addrole" ) ) {
188 role = transaction.registerRole( (String) list.get( 0 ) );
189 if ( subadminRole.getID() != Role.ID_SEC_ADMIN ) {
190 transaction.setRights( role, subadminRole,
191 new Right[] { new Right( role, RightType.DELETE ),
192 new Right( role, RightType.UPDATE ),
193 new Right( role, RightType.GRANT ) } );
194 }
195 }
196 }
197 // set groups to be associated with the role
198 Group[] groups = new Group[list.size() - 1];
199 for ( int j = 1; j < list.size(); j++ ) {
200 int groupId = ( (Integer) list.get( j ) ).intValue();
201 groups[j - 1] = transaction.getGroupById( groupId );
202 }
203 transaction.setGroupsWithRole( role, groups );
204 }
205 manager.commitTransaction( transaction );
206 transaction = null;
207
208 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_SUCCESS_INITROLEEDITOR" ) );
209
210 } catch ( RPCException e ) {
211 getRequest().setAttribute( "SOURCE", this.getClass().getName() );
212 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_CHANGE_REQ", e.getMessage() ) );
213 setNextPage( "error.jsp" );
214 LOG.logDebug( e.getMessage(), e );
215
216 } catch ( GeneralSecurityException e ) {
217 getRequest().setAttribute( "SOURCE", this.getClass().getName() );
218 getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_CHANGE", e.getMessage() ) );
219 setNextPage( "error.jsp" );
220 LOG.logDebug( e.getMessage(), e );
221 } finally {
222 if ( manager != null && transaction != null ) {
223 try {
224 manager.abortTransaction( transaction );
225 } catch ( GeneralSecurityException ex ) {
226 LOG.logDebug( ex.getMessage(), ex );
227 }
228 }
229 }
230 }
231 }