001    //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/security/owsrequestvalidator/wfs/GetFeatureResponseValidator.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.owsrequestvalidator.wfs;
037    
038    import java.io.ByteArrayInputStream;
039    import java.io.ObjectInputStream;
040    
041    import org.deegree.framework.util.MimeTypeMapper;
042    import org.deegree.i18n.Messages;
043    import org.deegree.model.feature.FeatureCollection;
044    import org.deegree.ogcwebservices.InvalidParameterValueException;
045    import org.deegree.ogcwebservices.OGCWebServiceRequest;
046    import org.deegree.security.drm.model.User;
047    import org.deegree.security.owsproxy.Request;
048    import org.deegree.security.owsrequestvalidator.Policy;
049    import org.deegree.security.owsrequestvalidator.ResponseValidator;
050    import org.deegree.security.owsrequestvalidator.wms.GetMapRequestValidator;
051    
052    /**
053     *
054     * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
055     * @author last edited by: $Author: mschneider $
056     *
057     * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $
058     */
059    class GetFeatureResponseValidator extends ResponseValidator {
060    
061        /**
062         * @param policy
063         */
064        public GetFeatureResponseValidator( Policy policy ) {
065            super( policy );
066        }
067    
068        /**
069         * validates the passed object as a response to a OWS request. The validity of the response may
070         * is assigned to specific user rights. If the passed user is <>null this will be evaluated.
071         * <br>
072         * the reponse may contain three valid kinds of objects:
073         * <ul>
074         * <li>a xml encoded exception
075         * <li>a GML document
076         * <li>a XML document
077         * <li>a serialized deegree FeatureCollection
078         * <li>any other kind of document that is valid against the formats defined for GetFeature in
079         * the capabilities
080         * </ul>
081         * Each of these types can be identified by the mime-type of the response that is also passed to
082         * the method. <br>
083         * If something basic went wrong it is possible that not further specified kind of object is
084         * passed as response. In this case the method will throw an
085         * <tt>InvalidParameterValueException</tt> to avoid sending bad responses to the client.
086         *
087         * @param service
088         *            service which produced the response (WMS, WFS ...)
089         * @param response
090         * @param mime
091         *            mime-type of the response
092         * @param user
093         * @return the validated response.
094         * @throws InvalidParameterValueException
095         * @see GetMapRequestValidator#validateRequest(OGCWebServiceRequest, User)
096         */
097        @Override
098        public byte[] validateResponse( String service, byte[] response, String mime, User user )
099                                throws InvalidParameterValueException {
100    
101            Request req = policy.getRequest( service, "GetFeature" );
102            // request is valid because no restrictions are made
103            if ( req.isAny() || req.getPostConditions().isAny() ) {
104                return response;
105            }
106    
107            // Condition condition = req.getPostConditions();
108    
109            if ( MimeTypeMapper.isKnownOGCType( mime ) ) {
110                // if the mime-type isn't an image type but a known
111                // OGC mime-type it must be an XML document.
112                // probably it is an exception but it also could be
113                // a GML document
114                response = validateXML( response, mime, user );
115            } else if ( mime.equals( "text/xml" ) ) {
116                // if the mime-type isn't an image type but 'text/xml'
117                // it could be an exception
118                response = validateXML( response, mime, user );
119            } else if ( mime.equals( "application/octet-stream" ) ) {
120                response = validateBinaryResult( response, user );
121            } else {
122                throw new InvalidParameterValueException( UNKNOWNMIMETYPE + mime );
123            }
124    
125            return response;
126        }
127    
128        /**
129         * validates the passed byte array to be valid against the policy
130         *
131         * @param xml
132         * @param mime
133         * @param user
134         */
135        private byte[] validateXML( byte[] xml, String mime, User user ) {
136            // TODO
137            // define useful post-validation for xml-documents
138            // at the moment everything is valid
139            return xml;
140        }
141    
142        /**
143         * validates the passed byte array to be valid against the policy. At the moment just a
144         * org.deegree.model.feature.FeatureCollection is a valid response if mime type is
145         * application/octet-stream. This may be enhanced in future versions.
146         *
147         * @param object
148         * @param user
149         * @throws InvalidParameterValueException
150         */
151        private byte[] validateBinaryResult( byte[] object, User user )
152                                throws InvalidParameterValueException {
153            try {
154                ByteArrayInputStream bis = new ByteArrayInputStream( object );
155                ObjectInputStream ois = new ObjectInputStream( bis );
156                Object obj = ois.readObject();
157    
158                if ( !( obj instanceof FeatureCollection ) ) {
159                    String s = Messages.getMessage( "OWSPROXY_INVALID_GETFEATURE_RESPONSETYPE" );
160                    throw new InvalidParameterValueException( s );
161                }
162            } catch ( Exception e ) {
163                throw new InvalidParameterValueException( e );
164            }
165    
166            return object;
167        }
168    }