001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/security/owsproxy/OWSProxyServletFilter.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.owsproxy;
037
038 import java.awt.Color;
039 import java.awt.Font;
040 import java.awt.Graphics;
041 import java.awt.image.BufferedImage;
042 import java.io.File;
043 import java.io.IOException;
044 import java.io.InputStream;
045 import java.io.InputStreamReader;
046 import java.io.OutputStream;
047 import java.lang.reflect.Constructor;
048 import java.lang.reflect.InvocationTargetException;
049 import java.net.MalformedURLException;
050 import java.net.URL;
051 import java.util.Enumeration;
052 import java.util.Properties;
053
054 import javax.servlet.Filter;
055 import javax.servlet.FilterChain;
056 import javax.servlet.FilterConfig;
057 import javax.servlet.ServletContext;
058 import javax.servlet.ServletException;
059 import javax.servlet.ServletRequest;
060 import javax.servlet.ServletResponse;
061 import javax.servlet.http.HttpServletRequest;
062 import javax.servlet.http.HttpServletResponse;
063
064 import org.deegree.enterprise.servlet.ServletRequestWrapper;
065 import org.deegree.enterprise.servlet.ServletResponseWrapper;
066 import org.deegree.framework.log.ILogger;
067 import org.deegree.framework.log.LoggerFactory;
068 import org.deegree.framework.util.ImageUtils;
069 import org.deegree.framework.util.MimeTypeMapper;
070 import org.deegree.framework.util.StringTools;
071 import org.deegree.framework.xml.NamespaceContext;
072 import org.deegree.framework.xml.XMLParsingException;
073 import org.deegree.framework.xml.XMLTools;
074 import org.deegree.model.spatialschema.Envelope;
075 import org.deegree.ogcbase.BaseURL;
076 import org.deegree.ogcbase.CommonNamespaces;
077 import org.deegree.ogcwebservices.InvalidParameterValueException;
078 import org.deegree.ogcwebservices.OGCRequestFactory;
079 import org.deegree.ogcwebservices.OGCWebServiceException;
080 import org.deegree.ogcwebservices.OGCWebServiceRequest;
081 import org.deegree.ogcwebservices.wcs.getcoverage.GetCoverage;
082 import org.deegree.ogcwebservices.wms.operation.GetMap;
083 import org.deegree.security.SecurityConfigurationException;
084 import org.deegree.security.UnauthorizedException;
085 import org.deegree.security.drm.SecurityAccessManager;
086 import org.deegree.security.drm.model.User;
087 import org.deegree.security.owsrequestvalidator.OWSValidator;
088 import org.deegree.security.owsrequestvalidator.Policy;
089 import org.deegree.security.owsrequestvalidator.PolicyDocument;
090 import org.w3c.dom.Document;
091
092 /**
093 * An OWSProxyPolicyFilter can be registered as a ServletFilter to a web context. It offeres a facade that looks like a
094 * OWS but additionaly enables validating incoming requests and outgoing responses against rules defined in a policy
095 * document and/or a deegree user and right management system.
096 *
097 * @see org.deegree.security.drm.SecurityRegistry
098 *
099 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
100 * @author last edited by: $Author: mschneider $
101 *
102 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $
103 * @deprecated use
104 * @see ConfigurableOWSProxyServletFilter
105 */
106 @Deprecated
107 public class OWSProxyServletFilter implements Filter {
108
109 private static final ILogger LOG = LoggerFactory.getLogger( OWSProxyServletFilter.class );
110
111 private static final NamespaceContext nsContext = CommonNamespaces.getNamespaceContext();
112
113 private FilterConfig config;
114
115 private OWSProxyPolicyFilter pFilter;
116
117 // private Policy policy = null;
118 private SecurityConfig secConfig;
119
120 private String altRequestPage;
121
122 private String altResponsePage;
123
124 private boolean imageExpected = false;
125
126 /**
127 * initialize the filter with parameters from the deployment descriptor
128 *
129 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
130 */
131 @SuppressWarnings("unchecked")
132 public void init( FilterConfig config )
133 throws ServletException {
134 this.config = config;
135
136 Properties validators = new Properties();
137 try {
138 InputStream is = OWSProxyServletFilter.class.getResourceAsStream( "validators.properties" );
139 validators.load( is );
140 is.close();
141 } catch ( Exception e ) {
142 throw new ServletException( e );
143 }
144
145 pFilter = new OWSProxyPolicyFilter();
146 String proxyURL = "http://127.0.0.1/owsproxy/proxy";
147 if ( config.getInitParameter( "PROXYURL" ) != null ) {
148 proxyURL = config.getInitParameter( "PROXYURL" );
149 }
150 Enumeration<String> iterator = config.getInitParameterNames();
151 while ( iterator.hasMoreElements() ) {
152 String paramName = iterator.nextElement();
153 String paramValue = config.getInitParameter( paramName );
154 if ( paramName.endsWith( "POLICY" ) ) {
155 paramValue = config.getServletContext().getRealPath( paramValue );
156 File file = new File( paramValue );
157 URL fileURL = null;
158 try {
159 fileURL = file.toURI().toURL();
160 } catch ( MalformedURLException e ) {
161 LOG.logError( "Couldn't create an url from the configured POLICY parameter: " + paramValue
162 + " because: " + e.getMessage() );
163 throw new ServletException( e );
164 }
165 if ( fileURL != null ) {
166 LOG.logDebug( "OWSProxyFilter: reading configuration file from : " + fileURL.toExternalForm() );
167 initValidator( proxyURL, paramName, fileURL, validators );
168 }
169 }
170
171 }
172 // } catch ( Exception e ) {
173 // LOG.logError( e.getMessage(), e );
174 // throw new ServletException( e );
175 // }
176 LOG.logInfo( "OWSProxyServlet intitialized successfully" );
177 LOG.logWarning( "You are running a deprecated version of OWSProxy!" );
178 LOG.logWarning( "Please use the ConfigurableOWSProxyServletFilter instead." );
179 altRequestPage = config.getInitParameter( "ALTREQUESTPAGE" );
180 altResponsePage = config.getInitParameter( "ALTRESPONSEPAGE" );
181 }
182
183 /**
184 *
185 * @param proxyURL
186 * @param paramName
187 * @param paramValue
188 * @param validators
189 * @throws ServletException
190 */
191 private void initValidator( String proxyURL, String paramName, URL paramValue, Properties validators )
192 throws ServletException {
193 try {
194 PolicyDocument doc = new PolicyDocument( paramValue );
195 Policy policy = doc.getPolicy();
196 if ( secConfig == null && policy.getSecurityConfig() != null ) {
197 // use security configuration of the first policy that defined one.
198 // this is possible because just one security configuration can be
199 // used within a deegree/VM instance
200 secConfig = policy.getSecurityConfig();
201 }
202 int pos = paramName.indexOf( ':' );
203 String service = paramName.substring( 0, pos );
204
205 // describes the signature of the required constructor
206 Class<?>[] cl = new Class<?>[2];
207 cl[0] = Policy.class;
208 cl[1] = String.class;
209
210 // set parameter to submitt to the constructor
211 Object[] o = new Object[2];
212 o[0] = policy;
213 o[1] = proxyURL;
214
215 Class<?> clzz = Class.forName( validators.getProperty( service ) );
216 Constructor<?> con = clzz.getConstructor( cl );
217
218 pFilter.addValidator( service, (OWSValidator) con.newInstance( o ) );
219 } catch ( SecurityConfigurationException e ) {
220 LOG.logError( "Couldn't create a policy document from given value: " + paramValue + ", because : "
221 + e.getMessage() );
222 throw new ServletException( e );
223 } catch ( XMLParsingException e ) {
224 LOG.logError( "Couldn't create a policy from given value: " + paramValue + ", because : " + e.getMessage() );
225 throw new ServletException( e );
226 } catch ( ClassNotFoundException e ) {
227 LOG.logError( "The classloader couldn't find an appropriate class for the configured service, because"
228 + e.getMessage() );
229 throw new ServletException( e );
230 } catch ( NoSuchMethodException e ) {
231 LOG.logError( "The classloader couldn't find a constructor for the configured service, because"
232 + e.getMessage() );
233 throw new ServletException( e );
234 } catch ( InstantiationException e ) {
235 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage() );
236 throw new ServletException( e );
237 } catch ( IllegalAccessException e ) {
238 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage() );
239 throw new ServletException( e );
240 } catch ( InvocationTargetException e ) {
241 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage() );
242 throw new ServletException( e );
243 }
244 }
245
246 /**
247 * free resources allocated by the filter
248 *
249 * @see javax.servlet.Filter#destroy()
250 */
251 public void destroy() {
252 config = null;
253 }
254
255 /**
256 * perform filter
257 *
258 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
259 * javax.servlet.FilterChain)
260 */
261 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
262 throws IOException, ServletException {
263
264 // Map<String, String[]> params = request.getParameterMap();
265
266 // encapsulate the servelt request into a wrapper object to ensure
267 // the availability of the InputStream
268 ServletRequestWrapper requestWrapper = null;
269
270 if ( request instanceof ServletRequestWrapper ) {
271 LOG.logDebug( "OWSProxySerlvetFilter: the incoming request is actually an org.deegree.enterprise.servlet.RequestWrapper, so not creating new instance." );
272 requestWrapper = (ServletRequestWrapper) request;
273 } else {
274 requestWrapper = new ServletRequestWrapper( (HttpServletRequest) request );
275 }
276
277 LOG.logDebug( "OWSProxySerlvetFilter: GetContentype(): " + requestWrapper.getContentType() );
278
279 OGCWebServiceRequest owsReq = null;
280 try {
281 owsReq = OGCRequestFactory.create( requestWrapper );
282 } catch ( OGCWebServiceException e ) {
283 LOG.logError( "OWSProxyServletFilter: Couln't create an OGCWebserviceRequest because: " + e.getMessage(), e );
284 throw new ServletException( e.getMessage() );
285 }
286 imageExpected = isImageRequested( owsReq );
287 // extract user from the request
288 User user = null;
289 try {
290 user = getUser( requestWrapper, owsReq );
291 } catch ( Exception e1 ) {
292 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
293 e1.getMessage() );
294 return;
295 }
296 try {
297 pFilter.validateGeneralConditions( (HttpServletRequest) request, requestWrapper.getContentLength(), user );
298 pFilter.validate( owsReq, user );
299 } catch ( InvalidParameterValueException e ) {
300 handleRequestMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
301 e.getMessage() );
302 return;
303 } catch ( UnauthorizedException e ) {
304 handleRequestMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
305 e.getMessage() );
306 return;
307 } catch ( Exception e ) {
308 LOG.logError( e.getMessage(), e );
309 request.setAttribute( "MESSAGE", e.getMessage() );
310 ServletContext sc = config.getServletContext();
311 sc.getRequestDispatcher( altResponsePage ).forward( request, response );
312 return;
313 }
314 // encapsulate the servelt response into a wrapper object to ensure
315 // the availability of the OutputStream
316 ServletResponseWrapper resWrap = new ServletResponseWrapper( (HttpServletResponse) response );
317 logHttpRequest( requestWrapper );
318 // forward request to the next filter or servlet
319 chain.doFilter( requestWrapper, resWrap );
320 // get result from performing the request
321 OutputStream os = resWrap.getOutputStream();
322 byte[] b = ( (ServletResponseWrapper.ProxyServletOutputStream) os ).toByteArray();
323
324 if ( !imageExpected ) {
325 LOG.logDebug( new String( b ) );
326 }
327 try {
328 // validate the result of a request performing
329 String mime = resWrap.getContentType();
330 LOG.logDebug( "mime type raw: " + mime );
331 if ( mime != null ) {
332 mime = StringTools.toArray( mime, ";", false )[0];
333 } else {
334 if ( imageExpected ) {
335 mime = "image/jpeg";
336 } else {
337 mime = "text/xml";
338 }
339 }
340 LOG.logDebug( "mime type: " + mime );
341 b = pFilter.validate( owsReq, b, mime, user );
342 } catch ( InvalidParameterValueException ee ) {
343 LOG.logError( ee.getMessage(), ee );
344 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
345 ee.getMessage() );
346 return;
347 } catch ( UnauthorizedException e ) {
348 LOG.logError( e.getMessage(), e );
349 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq,
350 e.getMessage() );
351 return;
352 }
353
354 response.setContentType( resWrap.getContentType() );
355 // write result back to the client
356 os = response.getOutputStream();
357 os.write( b );
358 os.close();
359 }
360
361 /**
362 * logs a requests parameters and meta informations
363 *
364 * @param reqWrap
365 */
366 private void logHttpRequest( ServletRequestWrapper reqWrap ) {
367 if ( LOG.getLevel() == ILogger.LOG_DEBUG ) {
368 LOG.logDebug( "getRemoteAddr " + reqWrap.getRemoteAddr() );
369 LOG.logDebug( "getRemotePort " + reqWrap.getRemotePort() );
370 LOG.logDebug( "getLocalPort " + reqWrap.getLocalPort() );
371 LOG.logDebug( "getMethod " + reqWrap.getMethod() );
372 LOG.logDebug( "getQueryString " + reqWrap.getQueryString() );
373 LOG.logDebug( "getPathInfo " + reqWrap.getPathInfo() );
374 LOG.logDebug( "getRequestURI " + reqWrap.getRequestURI() );
375 LOG.logDebug( "getServerName " + reqWrap.getServerName() );
376 LOG.logDebug( "getServerPort " + reqWrap.getServerPort() );
377 LOG.logDebug( "getServletPath " + reqWrap.getServletPath() );
378 }
379 }
380
381 /**
382 * go to alternative page if autorization to perform the desired request ist missing
383 *
384 * @param request
385 * @param response
386 * @param owsReq
387 * @param message
388 * @throws IOException
389 * @throws ServletException
390 */
391 private void handleRequestMissingAutorization( HttpServletRequest request, HttpServletResponse response,
392 OGCWebServiceRequest owsReq, String message )
393 throws IOException, ServletException {
394 if ( message == null ) {
395 message = "missing authorization";
396 }
397 if ( imageExpected ) {
398 int width = 500;
399 int height = 500;
400 if ( owsReq != null && owsReq instanceof GetMap ) {
401 width = ( (GetMap) owsReq ).getWidth();
402 height = ( (GetMap) owsReq ).getHeight();
403 } else if ( owsReq != null && owsReq instanceof GetCoverage ) {
404 Envelope env = (Envelope) ( (GetCoverage) owsReq ).getDomainSubset().getSpatialSubset().getGrid();
405 width = (int) env.getWidth();
406 height = (int) env.getHeight();
407 }
408 response.setContentType( "image/jpeg" );
409 OutputStream os = response.getOutputStream();
410 BufferedImage bi = new BufferedImage( width, height, BufferedImage.TYPE_INT_RGB );
411 Graphics g = bi.getGraphics();
412 g.setColor( Color.WHITE );
413 g.fillRect( 0, 0, width, height );
414 g.setColor( Color.BLACK );
415 g.setFont( new Font( "DIALOG", Font.PLAIN, 14 ) );
416 g.drawString( Messages.getString( "MISSINGAUTHORIZATION" ), 5, 60 );
417 String[] lines = StringTools.toArray( message, ":|", false );
418 int y = 100;
419 for ( int i = 0; i < lines.length; i++ ) {
420 g.drawString( lines[i], 5, y );
421 y = y + 30;
422 }
423 g.dispose();
424 try {
425 ImageUtils.saveImage( bi, os, "jpeg", 0.95f );
426 } catch ( Exception e ) {
427 e.printStackTrace();
428 }
429 os.close();
430 } else {
431 request.setAttribute( "MESSAGE", message );
432 ServletContext sc = config.getServletContext();
433 sc.getRequestDispatcher( altRequestPage ).forward( request, response );
434 }
435 }
436
437 /**
438 * go to alternative page if autorization to deliver the result to a request is missing
439 *
440 * @param request
441 * @param response
442 * @param owsReq
443 * @param message
444 * @throws IOException
445 * @throws ServletException
446 */
447 private void handleResponseMissingAutorization( HttpServletRequest request, HttpServletResponse response,
448 OGCWebServiceRequest owsReq, String message )
449 throws IOException, ServletException {
450
451 if ( imageExpected ) {
452 int width = 500;
453 int height = 500;
454 if ( owsReq != null && owsReq instanceof GetMap ) {
455 width = ( (GetMap) owsReq ).getWidth();
456 height = ( (GetMap) owsReq ).getHeight();
457 } else if ( owsReq != null && owsReq instanceof GetCoverage ) {
458 Envelope env = (Envelope) ( (GetCoverage) owsReq ).getDomainSubset().getSpatialSubset().getGrid();
459 width = (int) env.getWidth();
460 height = (int) env.getHeight();
461 }
462 response.setContentType( "image/jpeg" );
463 OutputStream os = response.getOutputStream();
464 BufferedImage bi = new BufferedImage( width, height, BufferedImage.TYPE_INT_RGB );
465 Graphics g = bi.getGraphics();
466 g.setColor( Color.WHITE );
467 g.fillRect( 0, 0, width, height );
468 g.setColor( Color.BLACK );
469 g.setFont( new Font( "DIALOG", Font.PLAIN, 14 ) );
470 String[] lines = StringTools.toArray( message, ":|", false );
471 int y = 100;
472 for ( int i = 0; i < lines.length; i++ ) {
473 g.drawString( lines[i], 5, y );
474 y = y + 30;
475 }
476 g.dispose();
477 try {
478 ImageUtils.saveImage( bi, os, "jpeg", 0.95f );
479 } catch ( Exception e ) {
480 LOG.logError( e.getMessage(), e );
481 }
482 os.write( message.getBytes() );
483 os.close();
484 } else {
485 request.setAttribute( "MESSAGE", message );
486 ServletContext sc = config.getServletContext();
487 sc.getRequestDispatcher( altResponsePage ).forward( request, response );
488 }
489 }
490
491 /**
492 * returns the user from the incomming request. The extraction of the user takes three steps
493 * <ul>
494 * <li>1. get the vendorspecific parameter 'USER' & 'PASSWORD'
495 * <li>2. if 1.) is null get the remote users name (request.getRemoteUser())
496 * </ul>
497 *
498 * @param request
499 * @return the user from the incomming request.
500 * @throws InvalidParameterValueException
501 */
502 private User getUser( HttpServletRequest request, OGCWebServiceRequest owsReq )
503 throws UnauthorizedException, IOException, InvalidParameterValueException {
504
505 String sessionId = owsReq.getVendorSpecificParameter( "SESSIONID" );
506 String user = owsReq.getVendorSpecificParameter( "USER" );
507 String password = null;
508 if ( user != null ) {
509 LOG.logDebug( "get user from user/password parameter" );
510 return authentificateFromUserPw( owsReq );
511 } else if ( sessionId == null && request.getUserPrincipal() != null ) {
512 LOG.logDebug( "get user from UserPrinicipal" );
513 user = request.getUserPrincipal().getName();
514 if ( user.indexOf( "\\" ) > 1 ) {
515 String[] us = StringTools.toArray( user, "\\", false );
516 user = us[us.length - 1];
517 }
518 } else if ( secConfig != null && sessionId != null ) {
519 LOG.logDebug( "get user from WAS/sessionID" );
520 AuthentificationSettings as = secConfig.getAuthsettings();
521 if ( as != null ) {
522 BaseURL baseUrl = as.getAuthentificationURL();
523 String tmp[] = getUserFromWAS( baseUrl.getOnlineResource().toExternalForm(), sessionId );
524 user = tmp[0];
525 password = tmp[1];
526 }
527 } else {
528 LOG.logDebug( "get user as source IP address because wether USER, "
529 + "SESSIONID nor Userprincipal are available" );
530 user = request.getRemoteAddr();
531 }
532 LOG.logDebug( StringTools.concat( 100, "USER: ", user, "/", password ) );
533 User usr = null;
534 try {
535 if ( user != null && SecurityAccessManager.isInitialized() ) {
536 SecurityAccessManager sam = SecurityAccessManager.getInstance();
537
538 usr = sam.getUserByName( user );
539 if ( request.getUserPrincipal() == null ) {
540 // a user just must authenticate himself if he is
541 // not identified by its user name being send within
542 // the HTTP header
543 usr.authenticate( password );
544 } else {
545 // if user is read from UserPrincipal his password must
546 // be read from security management
547 usr.authenticate( sam.getUserByName( user ).getPassword() );
548 }
549 }
550 } catch ( Exception e ) {
551 LOG.logError( e.getMessage(), e );
552 throw new UnauthorizedException( Messages.format( "OWSProxyServletFilter.USERERROR", user ) );
553 }
554
555 return usr;
556 }
557
558 /**
559 * Authenticates a user if he is identified by its name and password passed as vendorspecific parameters with an OGC
560 * service request
561 *
562 * @param owsReq
563 * @return the user
564 * @throws UnauthorizedException
565 * @throws InvalidParameterValueException
566 */
567 private User authentificateFromUserPw( OGCWebServiceRequest owsReq )
568 throws UnauthorizedException, InvalidParameterValueException {
569 String user = owsReq.getVendorSpecificParameter( "USER" );
570 String password = owsReq.getVendorSpecificParameter( "PASSWORD" );
571
572 LOG.logDebug( "USER: ", user );
573 LOG.logDebug( "PASSWORD: ", password );
574 if ( password == null ) {
575 throw new InvalidParameterValueException( Messages.getString( "PASSWORDMISSING" ) );
576 }
577
578 User usr = null;
579 try {
580 SecurityAccessManager sam = SecurityAccessManager.getInstance();
581 usr = sam.getUserByName( user );
582 usr.authenticate( password );
583 } catch ( Exception e ) {
584 LOG.logError( e.getMessage(), e );
585 if ( !( user.equals( "anonymous" ) ) ) {
586 throw new UnauthorizedException( Messages.format( "OWSProxyServletFilter.USERERROR", user ) );
587 }
588 }
589
590 return usr;
591 }
592
593 /**
594 * access user informations from a remote WAAS. an array of Strings will be returned. with
595 * <ul>
596 * <li>[0] = user name
597 * <li>[1] = the users password
598 * </ul>
599 *
600 * @param sessionID
601 * @return all users.
602 * @throws IOException
603 */
604 private String[] getUserFromWAS( String urlStr, String sessionID )
605 throws IOException {
606 String[] user = new String[3];
607 try {
608 StringBuffer sb = new StringBuffer( 200 );
609 sb.append( urlStr ).append( "?REQUEST=DescribeUser&Service=WAS&" );
610 sb.append( "SESSIONID=" ).append( sessionID ).append( "&version=1.0.0" );
611 URL url = new URL( sb.toString() );
612 InputStreamReader isr = new InputStreamReader( url.openStream() );
613 Document doc = XMLTools.parse( isr );
614 user[0] = XMLTools.getNodeAsString( doc, "/User/UserName", nsContext, null );
615 user[1] = XMLTools.getNodeAsString( doc, "/User/Password", nsContext, null );
616 } catch ( Exception e ) {
617 LOG.logError( e.getMessage(), e );
618 throw new IOException( Messages.getString( "OWSProxyServletFilter.WASACCESS" ) );
619 }
620 return user;
621 }
622
623 private boolean isImageRequested( OGCWebServiceRequest request ) {
624 boolean imageReq = false;
625
626 if ( request instanceof GetMap ) {
627 imageReq = ( (GetMap) request ).getExceptions().indexOf( "image" ) > -1;
628 } else if ( request instanceof GetCoverage ) {
629 String format = ( (GetCoverage) request ).getOutput().getFormat().getCode();
630 imageReq = MimeTypeMapper.isKnownImageType( "image/" + format );
631 }
632
633 LOG.logDebug( "authorization problems expected to be returned as image: ", imageReq );
634
635 return imageReq;
636 }
637
638 }