001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/context/control/InitDownloadListener.java $$ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 - Department of Geography, University of Bonn 006 and 007 - lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 037 package org.deegree.portal.standard.context.control; 038 039 import java.util.ArrayList; 040 import java.util.List; 041 import java.util.Map; 042 import java.util.Properties; 043 044 import javax.servlet.http.HttpServletRequest; 045 import javax.servlet.http.HttpSession; 046 047 import org.deegree.enterprise.control.FormEvent; 048 import org.deegree.framework.log.ILogger; 049 import org.deegree.framework.log.LoggerFactory; 050 import org.deegree.framework.util.StringTools; 051 import org.deegree.portal.Constants; 052 import org.deegree.portal.context.DataService; 053 import org.deegree.portal.context.Layer; 054 import org.deegree.portal.context.LayerExtension; 055 import org.deegree.portal.context.ViewContext; 056 import org.deegree.security.drm.SecurityAccess; 057 import org.deegree.security.drm.SecurityAccessManager; 058 import org.deegree.security.drm.model.RightType; 059 import org.deegree.security.drm.model.SecuredObject; 060 import org.deegree.security.drm.model.User; 061 062 /** 063 * 064 * 065 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a> 066 * @author last edited by: $Author: jmays $ 067 * 068 * @version $Revision: 22587 $, $Date: 2010-02-17 17:43:09 +0100 (Mi, 17 Feb 2010) $ 069 */ 070 public class InitDownloadListener extends AbstractContextListener { 071 072 private static final ILogger LOG = LoggerFactory.getLogger( InitDownloadListener.class ); 073 074 /* 075 * (non-Javadoc) 076 * 077 * @see org.deegree.enterprise.control.AbstractListener#actionPerformed(org.deegree.enterprise.control.FormEvent) 078 */ 079 @Override 080 public void actionPerformed( FormEvent event ) { 081 082 Map<String, String> map = toModel(); 083 084 try { 085 String userName = null; 086 String userPw = null; 087 String email = null; 088 089 if ( "null".equals( map.get( "SESSIONID" ) ) ) { 090 // yes, this if condition is correct. 091 // map entry is never NULL, but it may be "null". 092 userName = ( (HttpServletRequest) getRequest() ).getUserPrincipal().getName(); // userName = "default" 093 } else { 094 userName = getUserName( (String) map.get( "SESSIONID" ) ); // userName = "MyName" or "default" 095 Properties prop = new Properties(); 096 prop.load( getClass().getClassLoader().getResourceAsStream( "org/deegree/enterprise/servlet/ServletRequestWrapper.properties" ) ); 097 if ( !prop.get( "defaultuser" ).equals( userName ) ) { 098 userPw = getUserPassword( (String) map.get( "SESSIONID" ) ); 099 email = "known"; 100 } 101 } 102 if( LOG.getLevel() == ILogger.LOG_DEBUG ){ 103 LOG.logDebug( "user name: ", userName ); 104 } 105 Layer[] layers = getLayers( userName, userPw ); 106 107 // default value. MUST NOT BE CHANGED for backward compatibilities !!! (shp was the first supported format) 108 String formats = "SHP"; 109 if ( getInitParameter( "DOWNLOAD_FORMAT" ) != null ) { 110 formats = getInitParameter( "DOWNLOAD_FORMAT" ); 111 } 112 List<String> formatArray = StringTools.toList( formats, ",", true ); 113 114 getRequest().setAttribute( "LAYERS", layers ); 115 getRequest().setAttribute( "EMAIL", email ); 116 getRequest().setAttribute( "FORMATS", formatArray ); 117 } catch ( Exception e ) { 118 LOG.logError( e.getMessage(), e ); 119 gotoErrorPage( e.getMessage() ); 120 return; 121 } 122 } 123 124 /** 125 * returns true if the passed user is allowed to download the passed featureType. 126 * 127 * If there is no security component installed, a user is authorized for all featuretypes. Otherwise, user 128 * authorisation is checked against the user-rights database. 129 * 130 * @param user 131 * @param featureType 132 * @return true if the user is authorized, false otherwise 133 */ 134 private boolean isAuthorized( String user, String password, String featureType ) { 135 136 boolean isSAM = false; 137 138 if( LOG.getLevel() == ILogger.LOG_DEBUG ){ 139 LOG.logDebug( "SecurityAccesManagr.isInitialized: ", SecurityAccessManager.isInitialized() ); 140 } 141 142 if ( !SecurityAccessManager.isInitialized() ) { 143 isSAM = initSAM(); 144 } else { 145 isSAM = true; 146 } 147 148 if ( !isSAM ) { 149 // no security component -> user has all rights -> user is authorized 150 if( LOG.getLevel() == ILogger.LOG_DEBUG ){ 151 LOG.logDebug( "no security component available -> user has all rights -> user is authorized" ); 152 } 153 return true; 154 } else { 155 // security component is installed. checking for user rights 156 try { 157 SecurityAccessManager sam = SecurityAccessManager.getInstance(); 158 User usr = sam.getUserByName( user ); 159 usr.authenticate( password ); 160 SecurityAccess access = sam.acquireAccess( usr ); 161 SecuredObject secObj = access.getSecuredObjectByName( featureType, "Featuretype" ); 162 if ( !usr.hasRight( access, RightType.GETFEATURE, secObj ) ) { 163 LOG.logError( "You are trying to access a feature/resource on a securedObject, which you do not have authentication to: " 164 + featureType ); 165 return false; 166 } else { 167 return true; 168 } 169 } catch ( Exception e ) { 170 LOG.logError( e.getMessage(), e ); 171 return false; 172 } 173 } 174 } 175 176 /** 177 * @return true, if initialization of SecurityAccessManager was successful. return false otherwise. 178 */ 179 protected boolean initSAM() { 180 if( LOG.getLevel() == ILogger.LOG_DEBUG ){ 181 LOG.logDebug( "try to init security access manager" ); 182 } 183 String driver = getInitParameter( "driver" ); 184 String url = getInitParameter( "url" ); 185 String user = getInitParameter( "user" ); 186 String password = getInitParameter( "password" ); 187 188 Properties properties = new Properties(); 189 if ( driver != null && url != null && user != null && password != null ) { 190 properties.setProperty( "driver", driver ); 191 properties.setProperty( "url", url ); 192 properties.setProperty( "user", user ); 193 properties.setProperty( "password", password ); 194 } 195 try { 196 SecurityAccessManager.initialize( "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000 ); 197 } catch ( Exception e ) { 198 LOG.logError( "security access manager could not be initialized." ); 199 return false; 200 } 201 return true; 202 } 203 204 /** 205 * returns a list of layers that are downloadable (assigned to a WFS). 206 * 207 * If a security component (WAS) is installed, it is checked for which layers the passed user has access rights. If 208 * NO security ocmponent is available, all downloadable layers will be returned. 209 * 210 * @param user 211 * username 212 * @param pw 213 * password 214 * @return all downloadable layers allowed for the given user 215 */ 216 private Layer[] getLayers( String user, String pw ) { 217 HttpSession session = ( (HttpServletRequest) this.getRequest() ).getSession(); 218 ViewContext vc = (ViewContext) session.getAttribute( Constants.CURRENTMAPCONTEXT ); 219 List<Layer> list = new ArrayList<Layer>(); 220 Layer[] layers = vc.getLayerList().getLayers(); 221 LOG.logDebug( "Calling getLayers()" ); 222 for ( int i = 0; i < layers.length; i++ ) { 223 // gets the dataservice (WFS) that is responsible for delivering a layers data 224 DataService ds = ( (LayerExtension) layers[i].getExtension() ).getDataService(); 225 if ( ds != null ) { 226 if ( isAuthorized( user, pw, ds.getFeatureType() ) ) { 227 list.add( layers[i] ); 228 LOG.logDebug( "Adding layer '", layers[i].getName(), "' to list" ); 229 } else { 230 LOG.logDebug( "You are not authorized to layer '", layers[i].getName(), "'" ); 231 } 232 } else { 233 LOG.logDebug( "Dataservice for layer '", layers[i].getName(), "' is null" ); 234 } 235 } 236 layers = new Layer[list.size()]; 237 return (Layer[]) list.toArray( layers ); 238 } 239 240 }