001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/drm/model/Right.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.drm.model;
037    
038    import org.deegree.framework.log.ILogger;
039    import org.deegree.framework.log.LoggerFactory;
040    import org.deegree.model.feature.Feature;
041    import org.deegree.model.filterencoding.ComplexFilter;
042    import org.deegree.model.filterencoding.Filter;
043    import org.deegree.model.filterencoding.FilterEvaluationException;
044    import org.deegree.model.filterencoding.OperationDefines;
045    import org.deegree.security.GeneralSecurityException;
046    
047    /**
048     * A <code>Right</code> instance encapsulates a <code>SecurableObject</code>, a
049     * <code>RightType</code> and optional constraints which restrict it's applicability.
050     * <p>
051     * For example, one instance of a <code>RightSet</code> may be the 'access'-Right to a geographic
052     * dataset restricted to a certain area and weekdays. The situation (requested area and current
053     * time) is coded as a <code>Feature</code> object.
054     *
055     * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
056     * @version $Revision: 18195 $
057     */
058    
059    public class Right {
060    
061        private ILogger LOG = LoggerFactory.getLogger( Right.class );
062    
063        private SecurableObject object;
064    
065        private RightType type;
066    
067        private Filter constraints;
068    
069        /**
070         * Creates a new <code>Right</code> -instance (with no constraints).
071         *
072         * @param object
073         * @param type
074         */
075        public Right( SecurableObject object, RightType type ) {
076            this.object = object;
077            this.type = type;
078        }
079    
080        /**
081         * Creates a new <code>Right</code> -instance.
082         *
083         * @param object
084         * @param type
085         * @param constraints
086         *            null means that no constraints are defined
087         */
088        public Right( SecurableObject object, RightType type, Filter constraints ) {
089            this( object, type );
090            this.constraints = constraints;
091        }
092    
093        /**
094         * @return the associated <code>SecurableObject</code>.
095         */
096        public SecurableObject getSecurableObject() {
097            return object;
098        }
099    
100        /**
101         * @return the associated <code>RightType</code>.
102         *
103         */
104        public RightType getType() {
105            return type;
106        }
107    
108        /**
109         * Returns the restrictions (the parameters) of this <code>Right</code>.
110         *
111         * @return null, if no constraints are defined
112         *
113         */
114        public Filter getConstraints() {
115            return constraints;
116        }
117    
118        /**
119         * @return the disjunctive combination of the instance and the submitted <code>Right</code>,
120         *         so that the new <code>Right</code> has the permissions of both instances.
121         *
122         * @param that
123         * @throws GeneralSecurityException
124         */
125        public Right merge( Right that )
126                                throws GeneralSecurityException {
127            Right combinedRight = null;
128    
129            if ( !this.object.equals( that.object ) ) {
130                throw new GeneralSecurityException( "Trying to merge right on securable object '" + this.object.id
131                                                    + "' and on object '" + that.object.id
132                                                    + "', but only rights on the same object may be merged." );
133            }
134            if ( this.type.getID() != that.type.getID() ) {
135                throw new GeneralSecurityException( "Trying to merge right of type '" + this.type.getName()
136                                                    + "' and right of type '" + that.type.getName()
137                                                    + "', but only rights of the same type may be merged." );
138            }
139    
140            // check if any of the rights has no constraints
141            if ( this.constraints == null && that.constraints == null ) {
142                combinedRight = new Right( object, type, null );
143            } else if ( this.constraints == null && that.constraints != null ) {
144                combinedRight = new Right( object, type, that.constraints );
145            } else if ( this.constraints != null && that.constraints == null ) {
146                combinedRight = new Right( object, type, this.constraints );
147            } else if ( that.constraints == null ) {
148                combinedRight = that;
149            } else {
150                Filter combinedConstraints = new ComplexFilter( (ComplexFilter) this.constraints,
151                                                                (ComplexFilter) that.constraints, OperationDefines.OR );
152                combinedRight = new Right( object, type, combinedConstraints );
153    
154            }
155            return combinedRight;
156        }
157    
158        /**
159         * @return true if the <code>Right</code> applies on the given <code>SecurableObject</code>
160         *         and in a concrete situation (the situation is represented by the given
161         *         <code>Feature</code>).
162         *
163         * @param object
164         * @param situation
165         * @throws GeneralSecurityException
166         */
167        public boolean applies( SecurableObject object, Feature situation )
168                                throws GeneralSecurityException {
169            boolean applies = false;
170            if ( object.equals( this.object ) ) {
171                try {
172                    if ( constraints != null ) {
173                        if ( LOG.getLevel() == ILogger.LOG_DEBUG ) {
174                            LOG.logDebug( "constraints", constraints.toXML() );
175                        }
176                        applies = constraints.evaluate( situation );
177                    } else {
178                        LOG.logDebug( "no constraints" );
179                        applies = true;
180                    }
181                } catch ( FilterEvaluationException e ) {
182                    LOG.logError( e.getMessage(), e );
183                    throw new GeneralSecurityException( "Error evaluating parameters (filter expression): "
184                                                        + e.getMessage() );
185                }
186            }
187            LOG.logDebug( "situation", situation );
188            LOG.logDebug( "object", object );
189            LOG.logDebug( applies ? "The right applies." : "The right does not apply." );
190    
191            return applies;
192        }
193    
194        /**
195         * @return true if the <code>Right</code> applies on the given <code>SecurableObject</code>
196         *         and in unrestricted manner (w/o constraints).
197         *
198         * @param object
199         */
200        public boolean applies( SecurableObject object ) {
201            boolean applies = false;
202            if ( object.equals( this.object ) ) {
203                if ( constraints == null ) {
204                    applies = true;
205                }
206            }
207            return applies;
208        }
209    
210        @Override
211        public String toString() {
212            StringBuffer sb = new StringBuffer( "Id: " ).append( type.getID() ).append( ", Name: " ).append( type.getName() ).append(
213                                                                                                                                      ", " );
214            if ( constraints != null ) {
215                sb.append( "Constraints: " + constraints.toXML() );
216            } else {
217                sb.append( "Constraints: none" );
218            }
219            return sb.toString();
220        }
221    }