001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/ogcwebservices/wass/wss/WSService.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036
037 package org.deegree.ogcwebservices.wass.wss;
038
039 import static org.deegree.i18n.Messages.get;
040
041 import java.util.ArrayList;
042
043 import org.deegree.framework.log.ILogger;
044 import org.deegree.framework.log.LoggerFactory;
045 import org.deegree.framework.trigger.TriggerProvider;
046 import org.deegree.ogcwebservices.OGCWebService;
047 import org.deegree.ogcwebservices.OGCWebServiceException;
048 import org.deegree.ogcwebservices.OGCWebServiceRequest;
049 import org.deegree.ogcwebservices.getcapabilities.OGCCapabilities;
050 import org.deegree.ogcwebservices.wass.common.AuthenticationData;
051 import org.deegree.ogcwebservices.wass.common.CloseSession;
052 import org.deegree.ogcwebservices.wass.common.CloseSessionHandler;
053 import org.deegree.ogcwebservices.wass.common.GetSession;
054 import org.deegree.ogcwebservices.wass.common.GetSessionAnonymousHandler;
055 import org.deegree.ogcwebservices.wass.common.GetSessionDispatcher;
056 import org.deegree.ogcwebservices.wass.common.GetSessionHandler;
057 import org.deegree.ogcwebservices.wass.common.GetSessionPasswordHandler;
058 import org.deegree.ogcwebservices.wass.common.GetSessionWASHandler;
059 import org.deegree.ogcwebservices.wass.common.Operation_1_0;
060 import org.deegree.ogcwebservices.wass.common.WASSSecurityManager;
061 import org.deegree.ogcwebservices.wass.exceptions.DoServiceException;
062 import org.deegree.ogcwebservices.wass.wss.configuration.WSSConfiguration;
063 import org.deegree.ogcwebservices.wass.wss.configuration.WSSDeegreeParams;
064 import org.deegree.ogcwebservices.wass.wss.operation.DoService;
065 import org.deegree.ogcwebservices.wass.wss.operation.DoServiceAnonymousHandler;
066 import org.deegree.ogcwebservices.wass.wss.operation.DoServiceHandler;
067 import org.deegree.ogcwebservices.wass.wss.operation.DoServicePasswordHandler;
068 import org.deegree.ogcwebservices.wass.wss.operation.DoServiceSessionHandler;
069 import org.deegree.ogcwebservices.wass.wss.operation.WSSGetCapabilities;
070 import org.deegree.security.GeneralSecurityException;
071 import org.deegree.security.session.SessionStatusException;
072
073 /**
074 * The Web Security Service - <code>WSService</code> - is the dispatcher of the entire WSS. It calls the appropriate
075 * classes according to a given request.
076 *
077 * @author <a href="mailto:bezema@lat-lon.de">Rutger Bezema</a>
078 * @author last edited by: $Author: mschneider $
079 *
080 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $
081 */
082 public class WSService implements OGCWebService {
083
084 private WSSConfiguration configuration = null;
085
086 private static final ILogger LOG = LoggerFactory.getLogger( WSService.class );
087
088 private static final TriggerProvider TP = TriggerProvider.create( WSService.class );
089
090 private GetSessionHandler getSessionHandler = null;
091
092 private CloseSessionHandler closeSessionHandler = null;
093
094 private DoServiceHandler doServiceHandler = null;
095
096 private WASSSecurityManager secManager = null;
097
098 /**
099 * Creates a new WebSecurityService with the given configuration( = capabilities) bean.
100 *
101 * @param config
102 * @throws OGCWebServiceException
103 */
104 public WSService( WSSConfiguration config ) throws OGCWebServiceException {
105 configuration = config;
106
107 WSSDeegreeParams dgParams = configuration.getDeegreeParams();
108 if ( configuration.isSessionAuthenticationSupported() ) {
109 for ( Operation_1_0 operation : configuration.getOperationsMetadata().getAllOperations() ) {
110 if ( "GetSession".equals( operation.getName() ) ) {
111 try {
112 ArrayList<GetSessionHandler> handlers = new ArrayList<GetSessionHandler>();
113 int lifetime = dgParams.getSessionLifetime();
114 if ( configuration.isPasswordAuthenticationSupported()
115 && dgParams.getDatabaseConnection() != null ) {
116 secManager = new WASSSecurityManager( dgParams.getDatabaseConnection() );
117 handlers.add( new GetSessionPasswordHandler( secManager, lifetime ) );
118 }
119 if ( configuration.isPasswordAuthenticationSupported() && dgParams.getWASAddress() != null ) {
120 handlers.add( new GetSessionWASHandler( dgParams.getWASAddress(), lifetime ) );
121 }
122 if ( configuration.isAnonymousAuthenticationSupported() ) {
123 handlers.add( new GetSessionAnonymousHandler( lifetime ) );
124 }
125 if ( handlers.size() == 0 )
126 throw new OGCWebServiceException( get( "WASS_ERROR_NO_AUTHMETHOD_HANDLER", "WSS" ) );
127 getSessionHandler = new GetSessionDispatcher( handlers );
128
129 } catch ( GeneralSecurityException e ) {
130 LOG.logError( e.getLocalizedMessage(), e );
131 throw new OGCWebServiceException( e.getLocalizedMessage() );
132 }
133 } else if ( "CloseSession".equals( operation.getName() ) ) {
134 closeSessionHandler = new CloseSessionHandler();
135 }
136 }
137 }
138 }
139
140 /*
141 * Returns the capabilities of the WSS. This is not the correct default behavior, for a GetCapabilities request must
142 * be able to request only parts of the capabilities of this wss .
143 *
144 * @see org.deegree.ogcwebservices.OGCWebService#getCapabilities()
145 */
146 public OGCCapabilities getCapabilities() {
147 return configuration;
148 }
149
150 /*
151 * The core method. It dispatches the request to the appropriate classes which handle them.
152 *
153 * @see org.deegree.ogcwebservices.OGCWebService#doService(org.deegree.ogcwebservices.OGCWebServiceRequest)
154 */
155 public Object doService( OGCWebServiceRequest request )
156 throws OGCWebServiceException {
157
158 request = (OGCWebServiceRequest) TP.doPreTrigger( this, request )[0];
159
160 Object response = null;
161
162 // TODO exception handling: throw e after each different occasion with descriptive msg
163 try {
164 if ( request instanceof WSSGetCapabilities ) {
165 response = getCapabilities();
166 } else if ( ( getSessionHandler != null ) && ( request instanceof GetSession ) ) {
167 response = getSessionHandler.handleRequest( (GetSession) request );
168 } else if ( ( closeSessionHandler != null ) && ( request instanceof CloseSession ) ) {
169 closeSessionHandler.handleRequest( (CloseSession) request );
170 } else if ( request instanceof DoService ) {
171 AuthenticationData authData = ( (DoService) request ).getAuthenticationData();
172 // password authentication used?
173 if ( authData.usesPasswordAuthentication() ) {
174 if ( configuration.isPasswordAuthenticationSupported() )
175 doServiceHandler = new DoServicePasswordHandler( secManager );
176 else
177 response = new OGCWebServiceException( get( "WASS_ERROR_AUTHENTICATION_PASSWORD_NOT_SUPPORTED",
178 "WSS" ) );
179 } else if ( authData.usesSessionAuthentication() ) {
180 if ( configuration.isSessionAuthenticationSupported() )
181 doServiceHandler = new DoServiceSessionHandler();
182 else
183 response = new OGCWebServiceException( get( "WASS_ERROR_AUTHENTICATION_SESSION_NOT_SUPPORTED",
184 "WSS" ) );
185 } else if ( authData.usesAnonymousAuthentication() ) {
186 if ( configuration.isAnonymousAuthenticationSupported() )
187 doServiceHandler = new DoServiceAnonymousHandler();
188 else
189 response = new OGCWebServiceException(
190 get(
191 "WASS_ERROR_AUTHENTICATION_ANONYMOUS_NOT_SUPPORTED",
192 "WSS" ) );
193 }
194 if ( response == null ) {
195 doServiceHandler.handleRequest( (DoService) request );
196 if ( doServiceHandler.requestAllowed() )
197 response = doServiceHandler.sendRequest(
198 (DoService) request,
199 ( configuration.getDeegreeParams() ).getSecuredServiceAddress().getLinkage().getHref(),
200 /* configuration.getDeegreeParams().getCharacterSet() */null,
201 /*
202 * configuration.getDeegreeParams().getRequestTimeLimit(
203 * )
204 */0, configuration.getSecuredServiceType() );
205 }
206 } else {
207 LOG.logError( get( "WASS_ERROR_UNKNOWN_REQUEST", new Object[] { "WSS", request.getClass().getName() } ) );
208 throw new OGCWebServiceException( get( "WASS_ERROR_UNKNOWN_REQUEST",
209 new Object[] { "WSS", request.getClass().getName() } ) );
210 }
211 } catch ( DoServiceException e ) {
212 LOG.logError( e.getLocalizedMessage(), e );
213 response = new OGCWebServiceException( e.getLocalizedMessage() );
214 } catch ( SessionStatusException e ) {
215 LOG.logError( e.getLocalizedMessage(), e );
216 // TODO Check if this particular message is needed for the GDI NRW spec V1.0.
217 // Otherwise delete it and use e.getLocalizedMessage() instead.
218 response = new OGCWebServiceException( get( "WASS_ERROR_INVALID_SESSION", "WSService" ) );
219 } catch ( GeneralSecurityException e ) {
220 LOG.logError( e.getLocalizedMessage(), e );
221 // TODO Check if this particular message is needed for the GDI NRW spec V1.0.
222 // Otherwise delete it and use e.getMessage() instead.
223 // throw new OGCWebServiceException( e.getLocalizedMessage() );
224 throw new OGCWebServiceException( get( "WASS_ERROR_SECURITY_SYSTEM", "WSService" ) );
225 }
226
227 return TP.doPostTrigger( this, response )[0];
228 }
229
230 }