001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/security/owsrequestvalidator/GeneralPolicyValidator.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.owsrequestvalidator;
037
038 import java.util.Arrays;
039 import java.util.List;
040 import java.util.Map;
041
042 import org.deegree.framework.util.StringTools;
043 import org.deegree.i18n.Messages;
044 import org.deegree.ogcwebservices.InvalidParameterValueException;
045 import org.deegree.security.UnauthorizedException;
046 import org.deegree.security.drm.model.User;
047 import org.deegree.security.owsproxy.Condition;
048 import org.deegree.security.owsproxy.OperationParameter;
049
050 /**
051 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
052 * @author last edited by: $Author: mschneider $
053 *
054 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $
055 */
056
057 public class GeneralPolicyValidator {
058
059 // known condition parameter
060 private static final String GETCONTENTLENGTH = "getContentLength";
061
062 private static final String POSTCONTENTLENGTH = "postContentLength";
063
064 private static final String HTTPHEADER = "httpHeader";
065
066 private static final String REQUESTTYPE = "requestType";
067
068 // message strings
069 // TODO: read from resource bundle
070 private static final String contentLengthMESSAGE1 = "contentLength condition isn't defined";
071
072 private static final String contentLengthMESSAGE2 = "contentLength exceeds defined maximum length";
073
074 private Condition generalCondition = null;
075
076 /**
077 * @param generalCondition
078 */
079 public GeneralPolicyValidator( Condition generalCondition ) {
080 this.generalCondition = generalCondition;
081 }
082
083 /**
084 * validates if the passed length of a request content doesn't exceeds the defined maximum length. If the
085 * OperationParameter indicates that the condition is coupled to specific user rights, these rights will be read
086 * from the rights management system
087 *
088 * @param contentLength
089 * @throws InvalidParameterValueException
090 *
091 */
092 public void validateGetContentLength( int contentLength )
093 throws InvalidParameterValueException {
094
095 OperationParameter op = generalCondition.getOperationParameter( GETCONTENTLENGTH );
096 if ( op == null ) {
097 // if no policy for a value is defined the condition
098 // never will be fullfilled --> rights are granted not limited
099 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
100 }
101
102 if ( op.isAny() ) {
103 return;
104 }
105
106 int compareValue = op.getFirstAsInt();
107 if ( op.isUserCoupled() ) {
108 // TODO
109 // get compareValue from the rights management system
110 }
111 if ( compareValue < contentLength ) {
112 throw new InvalidParameterValueException( contentLengthMESSAGE2 );
113 }
114 }
115
116 /**
117 * validates if the passed length of a request content doesn't exceeds the defined maximum length. If the
118 * OperationParameter indicates that the condition is coupled to specific user rights, these rights will be read
119 * from the rights management system
120 *
121 * @param contentLength
122 * @throws InvalidParameterValueException
123 */
124 public void validatePostContentLength( int contentLength )
125 throws InvalidParameterValueException {
126 OperationParameter op = generalCondition.getOperationParameter( POSTCONTENTLENGTH );
127 if ( op == null ) {
128 // if no policy for a value is defined the condition
129 // never will be fulfilled --> rights are granted not limited
130 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
131 }
132
133 if ( op.isAny() ) {
134 return;
135 }
136
137 int compareValue = op.getFirstAsInt();
138 if ( op.isUserCoupled() ) {
139 // TODO
140 // get compareValue from the rights management system
141 }
142 if ( compareValue < contentLength ) {
143 throw new InvalidParameterValueException( contentLengthMESSAGE2 + ": " + contentLength );
144 }
145 }
146
147 /**
148 * @param headerFields
149 * @param user
150 * @throws InvalidParameterValueException
151 * @throws UnauthorizedException
152 */
153 public void validateHeader( Map<String, Object> headerFields, User user )
154 throws InvalidParameterValueException, UnauthorizedException {
155 OperationParameter op = generalCondition.getOperationParameter( HTTPHEADER );
156 if ( op == null ) {
157 // if no policy for a value is defined the condition
158 // never will be fullfilled --> rights are granted, not limited
159 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
160 }
161
162 if ( op.isUserCoupled() && user == null ) {
163 String s = Messages.getMessage( "OWSPROXY_NO_ANONYMOUS_ACCESS" );
164 throw new UnauthorizedException( s );
165 }
166 // TODO
167
168 }
169
170 /**
171 * validates if the current request type (e.g. POST, GET ...) is granted to be performed
172 *
173 * @param type
174 * @throws InvalidParameterValueException
175 */
176 public void validateRequestMethod( String type )
177 throws InvalidParameterValueException {
178 OperationParameter op = generalCondition.getOperationParameter( REQUESTTYPE );
179 if ( op == null ) {
180 // if no policy for a value is defined the condition
181 // never will be fullfilled --> rights are granted not limited
182 throw new InvalidParameterValueException( contentLengthMESSAGE1 );
183 }
184
185 if ( op.isAny() ) {
186 return;
187 }
188
189 String[] tmp = StringTools.toArray( op.getFirstAsString(), ",", true );
190 List<String> compareValue = Arrays.asList( tmp );
191 if ( op.isUserCoupled() ) {
192 // TODO
193 // get compareValue from the rights management system
194 }
195 if ( !compareValue.contains( type ) ) {
196 throw new InvalidParameterValueException( contentLengthMESSAGE2 );
197 }
198 }
199
200 }