001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/security/owsproxy/OWSProxyServletFilter.java $ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.security.owsproxy; 037 038 import java.awt.Color; 039 import java.awt.Font; 040 import java.awt.Graphics; 041 import java.awt.image.BufferedImage; 042 import java.io.File; 043 import java.io.IOException; 044 import java.io.InputStream; 045 import java.io.InputStreamReader; 046 import java.io.OutputStream; 047 import java.lang.reflect.Constructor; 048 import java.lang.reflect.InvocationTargetException; 049 import java.net.MalformedURLException; 050 import java.net.URL; 051 import java.util.Enumeration; 052 import java.util.Properties; 053 054 import javax.servlet.Filter; 055 import javax.servlet.FilterChain; 056 import javax.servlet.FilterConfig; 057 import javax.servlet.ServletContext; 058 import javax.servlet.ServletException; 059 import javax.servlet.ServletRequest; 060 import javax.servlet.ServletResponse; 061 import javax.servlet.http.HttpServletRequest; 062 import javax.servlet.http.HttpServletResponse; 063 064 import org.deegree.enterprise.servlet.ServletRequestWrapper; 065 import org.deegree.enterprise.servlet.ServletResponseWrapper; 066 import org.deegree.framework.log.ILogger; 067 import org.deegree.framework.log.LoggerFactory; 068 import org.deegree.framework.util.ImageUtils; 069 import org.deegree.framework.util.MimeTypeMapper; 070 import org.deegree.framework.util.StringTools; 071 import org.deegree.framework.xml.NamespaceContext; 072 import org.deegree.framework.xml.XMLParsingException; 073 import org.deegree.framework.xml.XMLTools; 074 import org.deegree.model.spatialschema.Envelope; 075 import org.deegree.ogcbase.BaseURL; 076 import org.deegree.ogcbase.CommonNamespaces; 077 import org.deegree.ogcwebservices.InvalidParameterValueException; 078 import org.deegree.ogcwebservices.OGCRequestFactory; 079 import org.deegree.ogcwebservices.OGCWebServiceException; 080 import org.deegree.ogcwebservices.OGCWebServiceRequest; 081 import org.deegree.ogcwebservices.wcs.getcoverage.GetCoverage; 082 import org.deegree.ogcwebservices.wms.operation.GetMap; 083 import org.deegree.security.SecurityConfigurationException; 084 import org.deegree.security.UnauthorizedException; 085 import org.deegree.security.drm.SecurityAccessManager; 086 import org.deegree.security.drm.model.User; 087 import org.deegree.security.owsrequestvalidator.OWSValidator; 088 import org.deegree.security.owsrequestvalidator.Policy; 089 import org.deegree.security.owsrequestvalidator.PolicyDocument; 090 import org.w3c.dom.Document; 091 092 /** 093 * An OWSProxyPolicyFilter can be registered as a ServletFilter to a web context. It offeres a facade that looks like a 094 * OWS but additionaly enables validating incoming requests and outgoing responses against rules defined in a policy 095 * document and/or a deegree user and right management system. 096 * 097 * @see org.deegree.security.drm.SecurityRegistry 098 * 099 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a> 100 * @author last edited by: $Author: mschneider $ 101 * 102 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $ 103 * @deprecated use 104 * @see ConfigurableOWSProxyServletFilter 105 */ 106 @Deprecated 107 public class OWSProxyServletFilter implements Filter { 108 109 private static final ILogger LOG = LoggerFactory.getLogger( OWSProxyServletFilter.class ); 110 111 private static final NamespaceContext nsContext = CommonNamespaces.getNamespaceContext(); 112 113 private FilterConfig config; 114 115 private OWSProxyPolicyFilter pFilter; 116 117 // private Policy policy = null; 118 private SecurityConfig secConfig; 119 120 private String altRequestPage; 121 122 private String altResponsePage; 123 124 private boolean imageExpected = false; 125 126 /** 127 * initialize the filter with parameters from the deployment descriptor 128 * 129 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) 130 */ 131 @SuppressWarnings("unchecked") 132 public void init( FilterConfig config ) 133 throws ServletException { 134 this.config = config; 135 136 Properties validators = new Properties(); 137 try { 138 InputStream is = OWSProxyServletFilter.class.getResourceAsStream( "validators.properties" ); 139 validators.load( is ); 140 is.close(); 141 } catch ( Exception e ) { 142 throw new ServletException( e ); 143 } 144 145 pFilter = new OWSProxyPolicyFilter(); 146 String proxyURL = "http://127.0.0.1/owsproxy/proxy"; 147 if ( config.getInitParameter( "PROXYURL" ) != null ) { 148 proxyURL = config.getInitParameter( "PROXYURL" ); 149 } 150 Enumeration<String> iterator = config.getInitParameterNames(); 151 while ( iterator.hasMoreElements() ) { 152 String paramName = iterator.nextElement(); 153 String paramValue = config.getInitParameter( paramName ); 154 if ( paramName.endsWith( "POLICY" ) ) { 155 paramValue = config.getServletContext().getRealPath( paramValue ); 156 File file = new File( paramValue ); 157 URL fileURL = null; 158 try { 159 fileURL = file.toURI().toURL(); 160 } catch ( MalformedURLException e ) { 161 LOG.logError( "Couldn't create an url from the configured POLICY parameter: " + paramValue 162 + " because: " + e.getMessage() ); 163 throw new ServletException( e ); 164 } 165 if ( fileURL != null ) { 166 LOG.logDebug( "OWSProxyFilter: reading configuration file from : " + fileURL.toExternalForm() ); 167 initValidator( proxyURL, paramName, fileURL, validators ); 168 } 169 } 170 171 } 172 // } catch ( Exception e ) { 173 // LOG.logError( e.getMessage(), e ); 174 // throw new ServletException( e ); 175 // } 176 LOG.logInfo( "OWSProxyServlet intitialized successfully" ); 177 LOG.logWarning( "You are running a deprecated version of OWSProxy!" ); 178 LOG.logWarning( "Please use the ConfigurableOWSProxyServletFilter instead." ); 179 altRequestPage = config.getInitParameter( "ALTREQUESTPAGE" ); 180 altResponsePage = config.getInitParameter( "ALTRESPONSEPAGE" ); 181 } 182 183 /** 184 * 185 * @param proxyURL 186 * @param paramName 187 * @param paramValue 188 * @param validators 189 * @throws ServletException 190 */ 191 private void initValidator( String proxyURL, String paramName, URL paramValue, Properties validators ) 192 throws ServletException { 193 try { 194 PolicyDocument doc = new PolicyDocument( paramValue ); 195 Policy policy = doc.getPolicy(); 196 if ( secConfig == null && policy.getSecurityConfig() != null ) { 197 // use security configuration of the first policy that defined one. 198 // this is possible because just one security configuration can be 199 // used within a deegree/VM instance 200 secConfig = policy.getSecurityConfig(); 201 } 202 int pos = paramName.indexOf( ':' ); 203 String service = paramName.substring( 0, pos ); 204 205 // describes the signature of the required constructor 206 Class<?>[] cl = new Class<?>[2]; 207 cl[0] = Policy.class; 208 cl[1] = String.class; 209 210 // set parameter to submitt to the constructor 211 Object[] o = new Object[2]; 212 o[0] = policy; 213 o[1] = proxyURL; 214 215 Class<?> clzz = Class.forName( validators.getProperty( service ) ); 216 Constructor<?> con = clzz.getConstructor( cl ); 217 218 pFilter.addValidator( service, (OWSValidator) con.newInstance( o ) ); 219 } catch ( SecurityConfigurationException e ) { 220 LOG.logError( "Couldn't create a policy document from given value: " + paramValue + ", because : " 221 + e.getMessage() ); 222 throw new ServletException( e ); 223 } catch ( XMLParsingException e ) { 224 LOG.logError( "Couldn't create a policy from given value: " + paramValue + ", because : " + e.getMessage() ); 225 throw new ServletException( e ); 226 } catch ( ClassNotFoundException e ) { 227 LOG.logError( "The classloader couldn't find an appropriate class for the configured service, because" 228 + e.getMessage() ); 229 throw new ServletException( e ); 230 } catch ( NoSuchMethodException e ) { 231 LOG.logError( "The classloader couldn't find a constructor for the configured service, because" 232 + e.getMessage() ); 233 throw new ServletException( e ); 234 } catch ( InstantiationException e ) { 235 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage() ); 236 throw new ServletException( e ); 237 } catch ( IllegalAccessException e ) { 238 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage() ); 239 throw new ServletException( e ); 240 } catch ( InvocationTargetException e ) { 241 LOG.logError( "The classloader couldn't instantiate the configured service, because" + e.getMessage() ); 242 throw new ServletException( e ); 243 } 244 } 245 246 /** 247 * free resources allocated by the filter 248 * 249 * @see javax.servlet.Filter#destroy() 250 */ 251 public void destroy() { 252 config = null; 253 } 254 255 /** 256 * perform filter 257 * 258 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, 259 * javax.servlet.FilterChain) 260 */ 261 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) 262 throws IOException, ServletException { 263 264 // Map<String, String[]> params = request.getParameterMap(); 265 266 // encapsulate the servelt request into a wrapper object to ensure 267 // the availability of the InputStream 268 ServletRequestWrapper requestWrapper = null; 269 270 if ( request instanceof ServletRequestWrapper ) { 271 LOG.logDebug( "OWSProxySerlvetFilter: the incoming request is actually an org.deegree.enterprise.servlet.RequestWrapper, so not creating new instance." ); 272 requestWrapper = (ServletRequestWrapper) request; 273 } else { 274 requestWrapper = new ServletRequestWrapper( (HttpServletRequest) request ); 275 } 276 277 LOG.logDebug( "OWSProxySerlvetFilter: GetContentype(): " + requestWrapper.getContentType() ); 278 279 OGCWebServiceRequest owsReq = null; 280 try { 281 owsReq = OGCRequestFactory.create( requestWrapper ); 282 } catch ( OGCWebServiceException e ) { 283 LOG.logError( "OWSProxyServletFilter: Couln't create an OGCWebserviceRequest because: " + e.getMessage(), e ); 284 throw new ServletException( e.getMessage() ); 285 } 286 imageExpected = isImageRequested( owsReq ); 287 // extract user from the request 288 User user = null; 289 try { 290 user = getUser( requestWrapper, owsReq ); 291 } catch ( Exception e1 ) { 292 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq, 293 e1.getMessage() ); 294 return; 295 } 296 try { 297 pFilter.validateGeneralConditions( (HttpServletRequest) request, requestWrapper.getContentLength(), user ); 298 pFilter.validate( owsReq, user ); 299 } catch ( InvalidParameterValueException e ) { 300 handleRequestMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq, 301 e.getMessage() ); 302 return; 303 } catch ( UnauthorizedException e ) { 304 handleRequestMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq, 305 e.getMessage() ); 306 return; 307 } catch ( Exception e ) { 308 LOG.logError( e.getMessage(), e ); 309 request.setAttribute( "MESSAGE", e.getMessage() ); 310 ServletContext sc = config.getServletContext(); 311 sc.getRequestDispatcher( altResponsePage ).forward( request, response ); 312 return; 313 } 314 // encapsulate the servelt response into a wrapper object to ensure 315 // the availability of the OutputStream 316 ServletResponseWrapper resWrap = new ServletResponseWrapper( (HttpServletResponse) response ); 317 logHttpRequest( requestWrapper ); 318 // forward request to the next filter or servlet 319 chain.doFilter( requestWrapper, resWrap ); 320 // get result from performing the request 321 OutputStream os = resWrap.getOutputStream(); 322 byte[] b = ( (ServletResponseWrapper.ProxyServletOutputStream) os ).toByteArray(); 323 324 if ( !imageExpected ) { 325 LOG.logDebug( new String( b ) ); 326 } 327 try { 328 // validate the result of a request performing 329 String mime = resWrap.getContentType(); 330 LOG.logDebug( "mime type raw: " + mime ); 331 if ( mime != null ) { 332 mime = StringTools.toArray( mime, ";", false )[0]; 333 } else { 334 if ( imageExpected ) { 335 mime = "image/jpeg"; 336 } else { 337 mime = "text/xml"; 338 } 339 } 340 LOG.logDebug( "mime type: " + mime ); 341 b = pFilter.validate( owsReq, b, mime, user ); 342 } catch ( InvalidParameterValueException ee ) { 343 LOG.logError( ee.getMessage(), ee ); 344 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq, 345 ee.getMessage() ); 346 return; 347 } catch ( UnauthorizedException e ) { 348 LOG.logError( e.getMessage(), e ); 349 handleResponseMissingAutorization( (HttpServletRequest) request, (HttpServletResponse) response, owsReq, 350 e.getMessage() ); 351 return; 352 } 353 354 response.setContentType( resWrap.getContentType() ); 355 // write result back to the client 356 os = response.getOutputStream(); 357 os.write( b ); 358 os.close(); 359 } 360 361 /** 362 * logs a requests parameters and meta informations 363 * 364 * @param reqWrap 365 */ 366 private void logHttpRequest( ServletRequestWrapper reqWrap ) { 367 if ( LOG.getLevel() == ILogger.LOG_DEBUG ) { 368 LOG.logDebug( "getRemoteAddr " + reqWrap.getRemoteAddr() ); 369 LOG.logDebug( "getRemotePort " + reqWrap.getRemotePort() ); 370 LOG.logDebug( "getLocalPort " + reqWrap.getLocalPort() ); 371 LOG.logDebug( "getMethod " + reqWrap.getMethod() ); 372 LOG.logDebug( "getQueryString " + reqWrap.getQueryString() ); 373 LOG.logDebug( "getPathInfo " + reqWrap.getPathInfo() ); 374 LOG.logDebug( "getRequestURI " + reqWrap.getRequestURI() ); 375 LOG.logDebug( "getServerName " + reqWrap.getServerName() ); 376 LOG.logDebug( "getServerPort " + reqWrap.getServerPort() ); 377 LOG.logDebug( "getServletPath " + reqWrap.getServletPath() ); 378 } 379 } 380 381 /** 382 * go to alternative page if autorization to perform the desired request ist missing 383 * 384 * @param request 385 * @param response 386 * @param owsReq 387 * @param message 388 * @throws IOException 389 * @throws ServletException 390 */ 391 private void handleRequestMissingAutorization( HttpServletRequest request, HttpServletResponse response, 392 OGCWebServiceRequest owsReq, String message ) 393 throws IOException, ServletException { 394 if ( message == null ) { 395 message = "missing authorization"; 396 } 397 if ( imageExpected ) { 398 int width = 500; 399 int height = 500; 400 if ( owsReq != null && owsReq instanceof GetMap ) { 401 width = ( (GetMap) owsReq ).getWidth(); 402 height = ( (GetMap) owsReq ).getHeight(); 403 } else if ( owsReq != null && owsReq instanceof GetCoverage ) { 404 Envelope env = (Envelope) ( (GetCoverage) owsReq ).getDomainSubset().getSpatialSubset().getGrid(); 405 width = (int) env.getWidth(); 406 height = (int) env.getHeight(); 407 } 408 response.setContentType( "image/jpeg" ); 409 OutputStream os = response.getOutputStream(); 410 BufferedImage bi = new BufferedImage( width, height, BufferedImage.TYPE_INT_RGB ); 411 Graphics g = bi.getGraphics(); 412 g.setColor( Color.WHITE ); 413 g.fillRect( 0, 0, width, height ); 414 g.setColor( Color.BLACK ); 415 g.setFont( new Font( "DIALOG", Font.PLAIN, 14 ) ); 416 g.drawString( Messages.getString( "MISSINGAUTHORIZATION" ), 5, 60 ); 417 String[] lines = StringTools.toArray( message, ":|", false ); 418 int y = 100; 419 for ( int i = 0; i < lines.length; i++ ) { 420 g.drawString( lines[i], 5, y ); 421 y = y + 30; 422 } 423 g.dispose(); 424 try { 425 ImageUtils.saveImage( bi, os, "jpeg", 0.95f ); 426 } catch ( Exception e ) { 427 e.printStackTrace(); 428 } 429 os.close(); 430 } else { 431 request.setAttribute( "MESSAGE", message ); 432 ServletContext sc = config.getServletContext(); 433 sc.getRequestDispatcher( altRequestPage ).forward( request, response ); 434 } 435 } 436 437 /** 438 * go to alternative page if autorization to deliver the result to a request is missing 439 * 440 * @param request 441 * @param response 442 * @param owsReq 443 * @param message 444 * @throws IOException 445 * @throws ServletException 446 */ 447 private void handleResponseMissingAutorization( HttpServletRequest request, HttpServletResponse response, 448 OGCWebServiceRequest owsReq, String message ) 449 throws IOException, ServletException { 450 451 if ( imageExpected ) { 452 int width = 500; 453 int height = 500; 454 if ( owsReq != null && owsReq instanceof GetMap ) { 455 width = ( (GetMap) owsReq ).getWidth(); 456 height = ( (GetMap) owsReq ).getHeight(); 457 } else if ( owsReq != null && owsReq instanceof GetCoverage ) { 458 Envelope env = (Envelope) ( (GetCoverage) owsReq ).getDomainSubset().getSpatialSubset().getGrid(); 459 width = (int) env.getWidth(); 460 height = (int) env.getHeight(); 461 } 462 response.setContentType( "image/jpeg" ); 463 OutputStream os = response.getOutputStream(); 464 BufferedImage bi = new BufferedImage( width, height, BufferedImage.TYPE_INT_RGB ); 465 Graphics g = bi.getGraphics(); 466 g.setColor( Color.WHITE ); 467 g.fillRect( 0, 0, width, height ); 468 g.setColor( Color.BLACK ); 469 g.setFont( new Font( "DIALOG", Font.PLAIN, 14 ) ); 470 String[] lines = StringTools.toArray( message, ":|", false ); 471 int y = 100; 472 for ( int i = 0; i < lines.length; i++ ) { 473 g.drawString( lines[i], 5, y ); 474 y = y + 30; 475 } 476 g.dispose(); 477 try { 478 ImageUtils.saveImage( bi, os, "jpeg", 0.95f ); 479 } catch ( Exception e ) { 480 LOG.logError( e.getMessage(), e ); 481 } 482 os.write( message.getBytes() ); 483 os.close(); 484 } else { 485 request.setAttribute( "MESSAGE", message ); 486 ServletContext sc = config.getServletContext(); 487 sc.getRequestDispatcher( altResponsePage ).forward( request, response ); 488 } 489 } 490 491 /** 492 * returns the user from the incomming request. The extraction of the user takes three steps 493 * <ul> 494 * <li>1. get the vendorspecific parameter 'USER' & 'PASSWORD' 495 * <li>2. if 1.) is null get the remote users name (request.getRemoteUser()) 496 * </ul> 497 * 498 * @param request 499 * @return the user from the incomming request. 500 * @throws InvalidParameterValueException 501 */ 502 private User getUser( HttpServletRequest request, OGCWebServiceRequest owsReq ) 503 throws UnauthorizedException, IOException, InvalidParameterValueException { 504 505 String sessionId = owsReq.getVendorSpecificParameter( "SESSIONID" ); 506 String user = owsReq.getVendorSpecificParameter( "USER" ); 507 String password = null; 508 if ( user != null ) { 509 LOG.logDebug( "get user from user/password parameter" ); 510 return authentificateFromUserPw( owsReq ); 511 } else if ( sessionId == null && request.getUserPrincipal() != null ) { 512 LOG.logDebug( "get user from UserPrinicipal" ); 513 user = request.getUserPrincipal().getName(); 514 if ( user.indexOf( "\\" ) > 1 ) { 515 String[] us = StringTools.toArray( user, "\\", false ); 516 user = us[us.length - 1]; 517 } 518 } else if ( secConfig != null && sessionId != null ) { 519 LOG.logDebug( "get user from WAS/sessionID" ); 520 AuthentificationSettings as = secConfig.getAuthsettings(); 521 if ( as != null ) { 522 BaseURL baseUrl = as.getAuthentificationURL(); 523 String tmp[] = getUserFromWAS( baseUrl.getOnlineResource().toExternalForm(), sessionId ); 524 user = tmp[0]; 525 password = tmp[1]; 526 } 527 } else { 528 LOG.logDebug( "get user as source IP address because wether USER, " 529 + "SESSIONID nor Userprincipal are available" ); 530 user = request.getRemoteAddr(); 531 } 532 LOG.logDebug( StringTools.concat( 100, "USER: ", user, "/", password ) ); 533 User usr = null; 534 try { 535 if ( user != null && SecurityAccessManager.isInitialized() ) { 536 SecurityAccessManager sam = SecurityAccessManager.getInstance(); 537 538 usr = sam.getUserByName( user ); 539 if ( request.getUserPrincipal() == null ) { 540 // a user just must authenticate himself if he is 541 // not identified by its user name being send within 542 // the HTTP header 543 usr.authenticate( password ); 544 } else { 545 // if user is read from UserPrincipal his password must 546 // be read from security management 547 usr.authenticate( sam.getUserByName( user ).getPassword() ); 548 } 549 } 550 } catch ( Exception e ) { 551 LOG.logError( e.getMessage(), e ); 552 throw new UnauthorizedException( Messages.format( "OWSProxyServletFilter.USERERROR", user ) ); 553 } 554 555 return usr; 556 } 557 558 /** 559 * Authenticates a user if he is identified by its name and password passed as vendorspecific parameters with an OGC 560 * service request 561 * 562 * @param owsReq 563 * @return the user 564 * @throws UnauthorizedException 565 * @throws InvalidParameterValueException 566 */ 567 private User authentificateFromUserPw( OGCWebServiceRequest owsReq ) 568 throws UnauthorizedException, InvalidParameterValueException { 569 String user = owsReq.getVendorSpecificParameter( "USER" ); 570 String password = owsReq.getVendorSpecificParameter( "PASSWORD" ); 571 572 LOG.logDebug( "USER: ", user ); 573 LOG.logDebug( "PASSWORD: ", password ); 574 if ( password == null ) { 575 throw new InvalidParameterValueException( Messages.getString( "PASSWORDMISSING" ) ); 576 } 577 578 User usr = null; 579 try { 580 SecurityAccessManager sam = SecurityAccessManager.getInstance(); 581 usr = sam.getUserByName( user ); 582 usr.authenticate( password ); 583 } catch ( Exception e ) { 584 LOG.logError( e.getMessage(), e ); 585 if ( !( user.equals( "anonymous" ) ) ) { 586 throw new UnauthorizedException( Messages.format( "OWSProxyServletFilter.USERERROR", user ) ); 587 } 588 } 589 590 return usr; 591 } 592 593 /** 594 * access user informations from a remote WAAS. an array of Strings will be returned. with 595 * <ul> 596 * <li>[0] = user name 597 * <li>[1] = the users password 598 * </ul> 599 * 600 * @param sessionID 601 * @return all users. 602 * @throws IOException 603 */ 604 private String[] getUserFromWAS( String urlStr, String sessionID ) 605 throws IOException { 606 String[] user = new String[3]; 607 try { 608 StringBuffer sb = new StringBuffer( 200 ); 609 sb.append( urlStr ).append( "?REQUEST=DescribeUser&Service=WAS&" ); 610 sb.append( "SESSIONID=" ).append( sessionID ).append( "&version=1.0.0" ); 611 URL url = new URL( sb.toString() ); 612 InputStreamReader isr = new InputStreamReader( url.openStream() ); 613 Document doc = XMLTools.parse( isr ); 614 user[0] = XMLTools.getNodeAsString( doc, "/User/UserName", nsContext, null ); 615 user[1] = XMLTools.getNodeAsString( doc, "/User/Password", nsContext, null ); 616 } catch ( Exception e ) { 617 LOG.logError( e.getMessage(), e ); 618 throw new IOException( Messages.getString( "OWSProxyServletFilter.WASACCESS" ) ); 619 } 620 return user; 621 } 622 623 private boolean isImageRequested( OGCWebServiceRequest request ) { 624 boolean imageReq = false; 625 626 if ( request instanceof GetMap ) { 627 imageReq = ( (GetMap) request ).getExceptions().indexOf( "image" ) > -1; 628 } else if ( request instanceof GetCoverage ) { 629 String format = ( (GetCoverage) request ).getOutput().getFormat().getCode(); 630 imageReq = MimeTypeMapper.isKnownImageType( "image/" + format ); 631 } 632 633 LOG.logDebug( "authorization problems expected to be returned as image: ", imageReq ); 634 635 return imageReq; 636 } 637 638 }