001 //$HeadURL: svn+ssh://developername@svn.wald.intevation.org/deegree/base/trunk/src/org/deegree/security/owsproxy/OWSProxyServletFilter.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.owsproxy;
037
038 import static java.lang.System.getProperty;
039 import static org.deegree.framework.util.CharsetUtils.getSystemCharset;
040 import static org.deegree.i18n.Messages.getMessage;
041
042 import java.awt.Color;
043 import java.awt.Font;
044 import java.awt.Graphics;
045 import java.awt.image.BufferedImage;
046 import java.io.File;
047 import java.io.IOException;
048 import java.io.InputStream;
049 import java.io.OutputStream;
050 import java.lang.reflect.Constructor;
051 import java.lang.reflect.InvocationTargetException;
052 import java.net.MalformedURLException;
053 import java.net.URL;
054 import java.util.Enumeration;
055 import java.util.HashMap;
056 import java.util.List;
057 import java.util.Map;
058 import java.util.Properties;
059
060 import javax.servlet.Filter;
061 import javax.servlet.FilterChain;
062 import javax.servlet.FilterConfig;
063 import javax.servlet.ServletContext;
064 import javax.servlet.ServletException;
065 import javax.servlet.ServletRequest;
066 import javax.servlet.ServletResponse;
067 import javax.servlet.http.HttpServletRequest;
068 import javax.servlet.http.HttpServletResponse;
069
070 import org.deegree.enterprise.servlet.ServletRequestWrapper;
071 import org.deegree.enterprise.servlet.ServletResponseWrapper;
072 import org.deegree.framework.log.ILogger;
073 import org.deegree.framework.log.LoggerFactory;
074 import org.deegree.framework.trigger.TriggerProvider;
075 import org.deegree.framework.util.ImageUtils;
076 import org.deegree.framework.util.MimeTypeMapper;
077 import org.deegree.framework.util.StringTools;
078 import org.deegree.framework.xml.XMLFragment;
079 import org.deegree.framework.xml.XMLParsingException;
080 import org.deegree.model.spatialschema.Envelope;
081 import org.deegree.ogcwebservices.InvalidParameterValueException;
082 import org.deegree.ogcwebservices.OGCRequestFactory;
083 import org.deegree.ogcwebservices.OGCWebServiceException;
084 import org.deegree.ogcwebservices.OGCWebServiceRequest;
085 import org.deegree.ogcwebservices.csw.discovery.GetRecords;
086 import org.deegree.ogcwebservices.wcs.getcoverage.GetCoverage;
087 import org.deegree.ogcwebservices.wfs.XMLFactory;
088 import org.deegree.ogcwebservices.wfs.operation.GetFeature;
089 import org.deegree.ogcwebservices.wfs.operation.transaction.Transaction;
090 import org.deegree.ogcwebservices.wms.operation.GetLegendGraphic;
091 import org.deegree.ogcwebservices.wms.operation.GetMap;
092 import org.deegree.security.AbstractAuthentication;
093 import org.deegree.security.AuthenticationDocument;
094 import org.deegree.security.Authentications;
095 import org.deegree.security.SecurityConfigurationException;
096 import org.deegree.security.UnauthorizedException;
097 import org.deegree.security.drm.WrongCredentialsException;
098 import org.deegree.security.drm.model.User;
099 import org.deegree.security.owsrequestvalidator.OWSValidator;
100 import org.deegree.security.owsrequestvalidator.Policy;
101 import org.deegree.security.owsrequestvalidator.PolicyDocument;
102 import org.xml.sax.SAXException;
103
104 /**
105 * An OWSProxyPolicyFilter can be registered as a ServletFilter to a web context. It offers a facade that looks like a
106 * OWS but additionaly enables validating incoming requests and outgoing responses against rules defined in a policy
107 * document and/or a deegree user and right management system.
108 *
109 * @see org.deegree.security.drm.SecurityRegistry
110 *
111 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
112 * @author last edited by: $Author: apoth $
113 *
114 * @version $Revision: 7461 $, $Date: 2007-06-05 15:35:14 +0200 (Di, 05 Jun 2007) $
115 */
116 public class ConfigurableOWSProxyServletFilter implements Filter {
117
118 private static TriggerProvider TP = TriggerProvider.create( ConfigurableOWSProxyServletFilter.class );
119
120 private static final ILogger LOG = LoggerFactory.getLogger( ConfigurableOWSProxyServletFilter.class );
121
122 private FilterConfig config;
123
124 private OWSProxyPolicyFilter pFilter;
125
126 private Authentications authentications;
127
128 private SecurityConfig secConfig;
129
130 private String altRequestPage;
131
132 private String altResponsePage;
133
134 private boolean imageExpected = false;
135
136 private String proxiedUrl;
137
138 /**
139 * initialize the filter with parameters from the deployment descriptor
140 *
141 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
142 */
143 public void init( FilterConfig config )
144 throws ServletException {
145 this.config = config;
146
147 Properties validators = new Properties();
148 try {
149 InputStream is = ConfigurableOWSProxyServletFilter.class.getResourceAsStream( "validators.properties" );
150 validators.load( is );
151 is.close();
152 } catch ( Exception e ) {
153 throw new ServletException( e );
154 }
155
156 pFilter = new OWSProxyPolicyFilter();
157 String proxyURL = "http://127.0.0.1/owsproxy/proxy";
158 if ( config.getInitParameter( "PROXYURL" ) != null ) {
159 proxyURL = config.getInitParameter( "PROXYURL" );
160 }
161
162 // may be null
163 proxiedUrl = config.getInitParameter( "PROXIED_URL" );
164 if ( proxiedUrl == null ) {
165 LOG.logInfo( "NOT using service prefixes for layers and feature types." );
166 } else {
167 LOG.logInfo( "Using service prefix '" + proxiedUrl + "' for layers and feature types." );
168 }
169
170 Enumeration<?> iterator = config.getInitParameterNames();
171 while ( iterator.hasMoreElements() ) {
172 String paramName = (String) iterator.nextElement();
173 String paramValue = config.getInitParameter( paramName );
174 if ( paramName.endsWith( "POLICY" ) ) {
175 paramValue = config.getServletContext().getRealPath( paramValue );
176 File file = new File( paramValue );
177 URL fileURL = null;
178 try {
179 fileURL = file.toURI().toURL();
180 } catch ( MalformedURLException e ) {
181 LOG.logError( "Couldn't create an url from the configured POLICY parameter: " + paramValue
182 + " because: " + e.getMessage() );
183 throw new ServletException( e );
184 }
185 if ( fileURL != null ) {
186 LOG.logDebug( "OWSProxyFilter: reading configuration file from : " + fileURL.toExternalForm() );
187 initValidator( proxyURL, paramName, fileURL, validators );
188 }
189 }
190
191 }
192 // } catch ( Exception e ) {
193 // LOG.logError( e.getMessage(), e );
194 // throw new ServletException( e );
195 // }
196 LOG.logInfo( "OWSProxyServlet intitialized successfully" );
197 LOG.logInfo( "-DCHARSET setting: " + getSystemCharset() );
198 LOG.logInfo( "-Dfile.encoding setting: " + getProperty( "file.encoding" ) );
199 altRequestPage = config.getInitParameter( "ALTREQUESTPAGE" );
200 altResponsePage = config.getInitParameter( "ALTRESPONSEPAGE" );
201
202 if ( altRequestPage == null ) {
203 LOG.logWarning( "You did not configure the ALTREQUESTPAGE parameter." );
204 LOG.logWarning( "The servlet filter will not be fully functional." );
205 }
206 if ( altResponsePage == null ) {
207 LOG.logWarning( "You did not configure the ALTRESPONSEPAGE parameter." );
208 LOG.logWarning( "The servlet filter will not be fully functional." );
209 }
210
211 try {
212 initAuthentications( config.getInitParameter( "AuthenticationSettings" ) );
213 } catch ( Exception e ) {
214 LOG.logDebug( "Error while initializing", e );
215 throw new ServletException( e );
216 }
217 }
218
219 /**
220 *
221 * @param configFile
222 * @throws IOException
223 * @throws SAXException
224 * @throws XMLParsingException
225 */
226 private void initAuthentications( String configFile )
227 throws IOException, SAXException, XMLParsingException {
228 URL url = null;
229 if ( configFile == null ) {
230 // TODO what to do here?
231 } else {
232 File file = new File( configFile );
233 if ( !file.isAbsolute() ) {
234 String s = this.config.getServletContext().getRealPath( configFile );
235 url = new File( s ).toURI().toURL();
236 } else {
237 url = file.toURI().toURL();
238 }
239 }
240 AuthenticationDocument ad = new AuthenticationDocument( url );
241 authentications = ad.createAuthentications();
242
243 }
244
245 /**
246 *
247 * @param proxyURL
248 * @param paramName
249 * @param paramValue
250 * @param validators
251 * @throws ServletException
252 */
253 private void initValidator( String proxyURL, String paramName, URL paramValue, Properties validators )
254 throws ServletException {
255 try {
256 PolicyDocument doc = new PolicyDocument( paramValue );
257 Policy policy = doc.getPolicy();
258 if ( secConfig == null && policy.getSecurityConfig() != null ) {
259 // use security configuration of the first policy that defined one.
260 // this is possible because just one security configuration can be
261 // used within a deegree/VM instance
262 secConfig = policy.getSecurityConfig();
263 }
264
265 if ( secConfig != null ) {
266 secConfig.setProxiedUrl( proxiedUrl );
267 }
268
269 int pos = paramName.indexOf( ':' );
270 String service = paramName.substring( 0, pos );
271
272 // describes the signature of the required constructor
273 Class<?>[] cl = new Class<?>[2];
274 cl[0] = Policy.class;
275 cl[1] = String.class;
276
277 // set parameter to submit to the constructor
278 Object[] o = new Object[2];
279 o[0] = policy;
280 o[1] = proxyURL;
281
282 Class<?> clzz = Class.forName( validators.getProperty( service ) );
283 Constructor<?> con = clzz.getConstructor( cl );
284
285 pFilter.addValidator( service, (OWSValidator) con.newInstance( o ) );
286 } catch ( SecurityConfigurationException e ) {
287 LOG.logError( "Couldn't create a policy document from given value: " + paramValue + ", because : "
288 + e.getMessage(), e );
289 throw new ServletException( e );
290 } catch ( XMLParsingException e ) {
291 LOG.logError( "Couldn't create a policy from given value: " + paramValue + ", because : " + e.getMessage(),
292 e );
293 throw new ServletException( e );
294 } catch ( ClassNotFoundException e ) {
295 LOG.logError( "The classloader couldn't find an appropriate class for the configured service, because"
296 + e.getMessage(), e );
297 throw new ServletException( e );
298 } catch ( NoSuchMethodException e ) {
299 LOG.logError( "The classloader couldn't find a constructor for the configured service, because"
300 + e.getMessage(), e );
301 throw new ServletException( e );
302 } catch ( InstantiationException e ) {
303 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage(), e );
304 throw new ServletException( e );
305 } catch ( IllegalAccessException e ) {
306 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage(), e );
307 throw new ServletException( e );
308 } catch ( InvocationTargetException e ) {
309 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage(), e );
310 throw new ServletException( e );
311 }
312 }
313
314 /**
315 * free resources allocated by the filter
316 *
317 * @see javax.servlet.Filter#destroy()
318 */
319 public void destroy() {
320 config = null;
321 }
322
323 /**
324 * perform filter
325 *
326 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
327 * javax.servlet.FilterChain)
328 */
329 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
330 throws IOException, ServletException {
331
332 Object[] o = TP.doPreTrigger( this, request, response, chain );
333 request = (ServletRequest) o[0];
334 response = (ServletResponse) o[1];
335 chain = (FilterChain) o[2];
336
337 // encapsulate the servlet request into a wrapper object to ensure
338 // the availability of the InputStream
339 ServletRequestWrapper requestWrapper = null;
340
341 if ( request instanceof ServletRequestWrapper ) {
342 LOG.logDebug( "OWSProxySerlvetFilter: the incoming request is actually an org.deegree.enterprise.servlet.RequestWrapper, so not creating new instance." );
343 requestWrapper = (ServletRequestWrapper) request;
344 } else {
345 requestWrapper = new ServletRequestWrapper( (HttpServletRequest) request );
346 }
347
348 LOG.logDebug( "OWSProxySerlvetFilter: GetContentype(): " + requestWrapper.getContentType() );
349
350 OGCWebServiceRequest owsReq = null;
351 try {
352 owsReq = OGCRequestFactory.create( requestWrapper );
353 } catch ( OGCWebServiceException e ) {
354 LOG.logError( "OWSProxyServletFilter: Couln't create an OGCWebserviceRequest because: " + e.getMessage(), e );
355 throw new ServletException( e.getMessage() );
356 }
357 imageExpected = isImageRequested( owsReq );
358 // extract user from the request
359 User user = null;
360 try {
361 user = getUser( requestWrapper, owsReq );
362 } catch ( Exception e1 ) {
363 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
364 e1.getMessage() );
365 return;
366 }
367 try {
368 pFilter.validateGeneralConditions( (HttpServletRequest) request, requestWrapper.getContentLength(), user );
369 pFilter.validate( owsReq, user );
370 } catch ( InvalidParameterValueException e ) {
371 handleRequestMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
372 e.getMessage() );
373 return;
374 } catch ( UnauthorizedException e ) {
375 handleRequestMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
376 e.getMessage() );
377 return;
378 } catch ( Exception e ) {
379 LOG.logError( e.getMessage(), e );
380 request.setAttribute( "MESSAGE", e.getMessage() );
381 ServletContext sc = config.getServletContext();
382 sc.getRequestDispatcher( altResponsePage ).forward( request, response );
383 return;
384 }
385
386 export( requestWrapper, owsReq );
387
388 // encapsulate the servlet response into a wrapper object to ensure
389 // the availability of the OutputStream
390 ServletResponseWrapper resWrap = new ServletResponseWrapper( (HttpServletResponse) response );
391 logHttpRequest( requestWrapper );
392 // forward request to the next filter or servlet
393 chain.doFilter( requestWrapper, resWrap );
394 // get result from performing the request
395 OutputStream os = resWrap.getOutputStream();
396 byte[] b = ( (ServletResponseWrapper.ProxyServletOutputStream) os ).toByteArray();
397
398 if ( !imageExpected ) {
399 // fixup encoding mess: convert byte array into system character set for processing
400 String str = new String( b, resWrap.getCharacterEncoding() );
401 b = str.getBytes( getSystemCharset() );
402 LOG.logDebug( "Internal response was", str );
403 } else {
404 LOG.logDebug( "Expecting image." );
405 }
406 try {
407 // validate the result of a request performing
408 String mime = resWrap.getContentType();
409 LOG.logDebug( "mime type raw: " + mime );
410 if ( mime != null ) {
411 mime = StringTools.toArray( mime, ";", false )[0];
412 } else {
413 if ( imageExpected ) {
414 mime = "image/jpeg";
415 } else {
416 mime = "text/xml";
417 }
418 }
419 LOG.logDebug( "mime type", mime );
420 b = pFilter.validate( owsReq, b, mime, user );
421 } catch ( InvalidParameterValueException ee ) {
422 LOG.logError( ee.getMessage(), ee );
423 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
424 ee.getMessage() );
425 return;
426 } catch ( UnauthorizedException e ) {
427 LOG.logError( e.getMessage(), e );
428 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
429 e.getMessage() );
430 return;
431 }
432
433 // fix up encoding mess: convert encoding of byte array into response character set for sending
434 if ( !imageExpected ) {
435 if ( resWrap.getCharacterEncoding() != null ) {
436 String str = new String( b, getSystemCharset() );
437 b = str.getBytes( resWrap.getCharacterEncoding() );
438 }
439 }
440 response.setContentType( resWrap.getContentType() );
441 response.setCharacterEncoding( resWrap.getCharacterEncoding() );
442 // write result back to the client
443 os = response.getOutputStream();
444 os.write( b );
445 os.close();
446
447 TP.doPostTrigger( this, b );
448 }
449
450 /**
451 * exports the changed request to a XML document/string that will substitute the original request contained in the
452 * passed {@link ServletRequestWrapper}
453 *
454 * @param requestWrapper
455 * @param owsReq
456 */
457 private void export( ServletRequestWrapper requestWrapper, OGCWebServiceRequest owsReq ) {
458 try {
459 XMLFragment doc = null;
460 if ( owsReq instanceof GetFeature ) {
461 doc = XMLFactory.export( (GetFeature) owsReq );
462 } else if ( owsReq instanceof Transaction ) {
463 doc = XMLFactory.export( (Transaction) owsReq );
464 } else if ( owsReq instanceof GetRecords ) {
465 doc = org.deegree.ogcwebservices.csw.discovery.XMLFactory.export( (GetRecords) owsReq );
466 } else if ( owsReq instanceof org.deegree.ogcwebservices.csw.manager.Transaction ) {
467 doc = org.deegree.ogcwebservices.csw.manager.XMLFactory.export( (org.deegree.ogcwebservices.csw.manager.Transaction) owsReq );
468 }
469 if ( doc != null ) {
470 requestWrapper.setInputStreamAsByteArray( doc.getAsString().getBytes() );
471 }
472 } catch ( Exception e ) {
473 // TODO Auto-generated catch block
474 e.printStackTrace();
475 }
476 }
477
478 /**
479 * logs a requests parameters and meta informations
480 *
481 * @param reqWrap
482 */
483 private void logHttpRequest( ServletRequestWrapper reqWrap ) {
484 if ( LOG.getLevel() == ILogger.LOG_DEBUG ) {
485 LOG.logDebug( "getRemoteAddr " + reqWrap.getRemoteAddr() );
486 LOG.logDebug( "getPort " + reqWrap.getServerPort() );
487 LOG.logDebug( "getMethod " + reqWrap.getMethod() );
488 LOG.logDebug( "getQueryString " + reqWrap.getQueryString() );
489 LOG.logDebug( "getPathInfo " + reqWrap.getPathInfo() );
490 LOG.logDebug( "getRequestURI " + reqWrap.getRequestURI() );
491 LOG.logDebug( "getServerName " + reqWrap.getServerName() );
492 LOG.logDebug( "getServerPort " + reqWrap.getServerPort() );
493 LOG.logDebug( "getServletPath " + reqWrap.getServletPath() );
494 }
495 }
496
497 /**
498 * go to alternative page if authorization to perform the desired request ist missing
499 *
500 * @param request
501 * @param response
502 * @param owsReq
503 * @param message
504 * @throws IOException
505 * @throws ServletException
506 */
507 private void handleRequestMissingAutorization( HttpServletRequest request, HttpServletResponse response,
508 OGCWebServiceRequest owsReq, String message )
509 throws IOException, ServletException {
510 if ( message == null ) {
511 message = "missing authorization";
512 }
513 if ( imageExpected ) {
514 int width = 500;
515 int height = 500;
516 if ( owsReq != null && owsReq instanceof GetMap ) {
517 width = ( (GetMap) owsReq ).getWidth();
518 height = ( (GetMap) owsReq ).getHeight();
519 } else if ( owsReq != null && owsReq instanceof GetCoverage ) {
520 Envelope env = (Envelope) ( (GetCoverage) owsReq ).getDomainSubset().getSpatialSubset().getGrid();
521 width = (int) env.getWidth();
522 height = (int) env.getHeight();
523 }
524 response.setContentType( "image/jpeg" );
525 OutputStream os = response.getOutputStream();
526 BufferedImage bi = new BufferedImage( width, height, BufferedImage.TYPE_INT_RGB );
527 Graphics g = bi.getGraphics();
528 g.setColor( Color.WHITE );
529 g.fillRect( 0, 0, width, height );
530 g.setColor( Color.BLACK );
531 g.setFont( new Font( "DIALOG", Font.PLAIN, 14 ) );
532 g.drawString( Messages.getString( "MISSINGAUTHORIZATION" ), 5, 60 );
533 String[] lines = StringTools.toArray( message, ":|", false );
534 int y = 100;
535 for ( int i = 0; i < lines.length; i++ ) {
536 g.drawString( lines[i], 5, y );
537 y = y + 30;
538 }
539 g.dispose();
540 try {
541 ImageUtils.saveImage( bi, os, "jpeg", 0.95f );
542 } catch ( Exception e ) {
543 e.printStackTrace();
544 }
545 os.close();
546 } else {
547 request.setAttribute( "MESSAGE", message );
548 ServletContext sc = config.getServletContext();
549 sc.getRequestDispatcher( altRequestPage ).forward( request, response );
550 }
551 }
552
553 /**
554 * go to alternative page if authorization to deliver the result to a request is missing
555 *
556 * @param request
557 * @param response
558 * @param owsReq
559 * @param message
560 * @throws IOException
561 * @throws ServletException
562 */
563 private void handleResponseMissingAutorization( HttpServletRequest request, HttpServletResponse response,
564 OGCWebServiceRequest owsReq, String message )
565 throws IOException, ServletException {
566
567 if ( imageExpected ) {
568 int width = 500;
569 int height = 500;
570 if ( owsReq != null && owsReq instanceof GetMap ) {
571 width = ( (GetMap) owsReq ).getWidth();
572 height = ( (GetMap) owsReq ).getHeight();
573 } else if ( owsReq != null && owsReq instanceof GetCoverage ) {
574 Envelope env = (Envelope) ( (GetCoverage) owsReq ).getDomainSubset().getSpatialSubset().getGrid();
575 width = (int) env.getWidth();
576 height = (int) env.getHeight();
577 }
578 response.setContentType( "image/jpeg" );
579 OutputStream os = response.getOutputStream();
580 BufferedImage bi = new BufferedImage( width, height, BufferedImage.TYPE_INT_RGB );
581 Graphics g = bi.getGraphics();
582 g.setColor( Color.WHITE );
583 g.fillRect( 0, 0, width, height );
584 g.setColor( Color.BLACK );
585 g.setFont( new Font( "DIALOG", Font.PLAIN, 14 ) );
586 String[] lines = StringTools.toArray( message, ":|", false );
587 int y = 100;
588 for ( int i = 0; i < lines.length; i++ ) {
589 g.drawString( lines[i], 5, y );
590 y = y + 30;
591 }
592 g.dispose();
593 try {
594 ImageUtils.saveImage( bi, os, "jpeg", 0.95f );
595 } catch ( Exception e ) {
596 LOG.logError( e.getMessage(), e );
597 }
598 os.write( message.getBytes() );
599 os.close();
600 } else {
601 request.setAttribute( "MESSAGE", message );
602 ServletContext sc = config.getServletContext();
603 sc.getRequestDispatcher( altResponsePage ).forward( request, response );
604 }
605 }
606
607 /**
608 * returns the user from the incoming request.
609 *
610 * @param request
611 * @return the user from the incoming request.
612 * @throws WrongCredentialsException
613 */
614 private User getUser( HttpServletRequest request, OGCWebServiceRequest owsReq )
615 throws WrongCredentialsException {
616
617 String sessionId = owsReq.getVendorSpecificParameter( "SESSIONID" );
618 String user = owsReq.getVendorSpecificParameter( "USER" );
619 String password = owsReq.getVendorSpecificParameter( "PASSWORD" );
620 Map<String, String> params = new HashMap<String, String>();
621 // known Authentication classes requires following parameters. Depending on the
622 // concrete implementation not all parameters are used for authentication
623 params.put( "SESSIONID", sessionId );
624 params.put( "USER", user );
625 params.put( "PASSWORD", password );
626 params.put( "USERPRINCIPAL", request.getUserPrincipal().getName() );
627 params.put( "IPADDRESS", request.getRemoteHost() );
628
629 User usr = null;
630
631 List<AbstractAuthentication> authList = authentications.getAuthenticationsAsOrderedList();
632 // the available authentication implementations and their order are defined in a
633 // configuration file. Depending on their order it will be tried to authenticate
634 // the current user against DRM. As soon as a authentication method succeeds the
635 // authenticated user will be returned. If no authentication method succeeds an
636 // exception will be thrown.
637 // So it can be configured which authentication methods in which order shall be used.
638 StringBuffer sb = new StringBuffer( 1000 );
639 if ( authList.size() == 0 ) {
640 LOG.logInfo( "no authentication method defined, return null as user" );
641 return null;
642 }
643 sb.append( "following authentication methods have been performed: " );
644 for ( AbstractAuthentication authentication : authList ) {
645 try {
646 LOG.logDebug( "authenticate using: " + authentication.getAuthenticationName() );
647 usr = authentication.authenticate( params );
648 if ( usr != null ) {
649 return usr;
650 }
651 sb.append( "cannot get user with authentication method: " );
652 sb.append( authentication.getAuthenticationName() ).append( " | " );
653 } catch ( WrongCredentialsException e ) {
654 LOG.logInfo( "user cannot be authenticated with: " + authentication.getAuthenticationName() );
655 LOG.logInfo( "reason: " + e.getMessage() );
656 sb.append( "authentication method " ).append( authentication.getAuthenticationName() );
657 sb.append( ": " ).append( e.getMessage() ).append( " | " );
658 }
659 }
660
661 // no authentication method succeeded (user is still null)
662 String msg = getMessage( "OWSPROXY_UNAUTHORIZED_USER", sb );
663 throw new WrongCredentialsException( msg );
664
665 }
666
667 private boolean isImageRequested( OGCWebServiceRequest request ) {
668 boolean imageReq = false;
669
670 if ( request instanceof GetMap ) {
671 imageReq = ( (GetMap) request ).getExceptions().indexOf( "image" ) > -1
672 || ( (GetMap) request ).getFormat().indexOf( "image" ) > -1;
673 } else if ( request instanceof GetLegendGraphic ) {
674 imageReq = ( (GetLegendGraphic) request ).getExceptions().indexOf( "image" ) > -1
675 || ( (GetLegendGraphic) request ).getFormat().indexOf( "image" ) > -1;
676 } else if ( request instanceof GetCoverage ) {
677 String format = ( (GetCoverage) request ).getOutput().getFormat().getCode();
678 imageReq = MimeTypeMapper.isKnownImageType( "image/" + format );
679 }
680
681 LOG.logDebug( "authorization problems expected to be returned as image: ", imageReq );
682
683 return imageReq;
684 }
685
686 }