001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/owsrequestvalidator/GeneralPolicyValidator.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.owsrequestvalidator;
037    
038    import java.util.Arrays;
039    import java.util.List;
040    import java.util.Map;
041    
042    import org.deegree.framework.util.StringTools;
043    import org.deegree.i18n.Messages;
044    import org.deegree.ogcwebservices.InvalidParameterValueException;
045    import org.deegree.security.UnauthorizedException;
046    import org.deegree.security.drm.model.User;
047    import org.deegree.security.owsproxy.Condition;
048    import org.deegree.security.owsproxy.OperationParameter;
049    
050    /**
051     * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
052     * @author last edited by: $Author: mschneider $
053     *
054     * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $
055     */
056    
057    public class GeneralPolicyValidator {
058    
059        // known condition parameter
060        private static final String GETCONTENTLENGTH = "getContentLength";
061    
062        private static final String POSTCONTENTLENGTH = "postContentLength";
063    
064        private static final String HTTPHEADER = "httpHeader";
065    
066        private static final String REQUESTTYPE = "requestType";
067    
068        // message strings
069        // TODO: read from resource bundle
070        private static final String contentLengthMESSAGE1 = "contentLength condition isn't defined";
071    
072        private static final String contentLengthMESSAGE2 = "contentLength exceeds defined maximum length";
073    
074        private Condition generalCondition = null;
075    
076        /**
077         * @param generalCondition
078         */
079        public GeneralPolicyValidator( Condition generalCondition ) {
080            this.generalCondition = generalCondition;
081        }
082    
083        /**
084         * validates if the passed length of a request content doesn't exceeds the defined maximum length. If the
085         * OperationParameter indicates that the condition is coupled to specific user rights, these rights will be read
086         * from the rights management system
087         *
088         * @param contentLength
089         * @throws InvalidParameterValueException
090         *
091         */
092        public void validateGetContentLength( int contentLength )
093                                throws InvalidParameterValueException {
094    
095            OperationParameter op = generalCondition.getOperationParameter( GETCONTENTLENGTH );
096            if ( op == null ) {
097                // if no policy for a value is defined the condition
098                // never will be fullfilled --> rights are granted not limited
099                throw new InvalidParameterValueException( contentLengthMESSAGE1 );
100            }
101    
102            if ( op.isAny() ) {
103                return;
104            }
105    
106            int compareValue = op.getFirstAsInt();
107            if ( op.isUserCoupled() ) {
108                // TODO
109                // get compareValue from the rights management system
110            }
111            if ( compareValue < contentLength ) {
112                throw new InvalidParameterValueException( contentLengthMESSAGE2 );
113            }
114        }
115    
116        /**
117         * validates if the passed length of a request content doesn't exceeds the defined maximum length. If the
118         * OperationParameter indicates that the condition is coupled to specific user rights, these rights will be read
119         * from the rights management system
120         *
121         * @param contentLength
122         * @throws InvalidParameterValueException
123         */
124        public void validatePostContentLength( int contentLength )
125                                throws InvalidParameterValueException {
126            OperationParameter op = generalCondition.getOperationParameter( POSTCONTENTLENGTH );
127            if ( op == null ) {
128                // if no policy for a value is defined the condition
129                // never will be fulfilled --> rights are granted not limited
130                throw new InvalidParameterValueException( contentLengthMESSAGE1 );
131            }
132    
133            if ( op.isAny() ) {
134                return;
135            }
136    
137            int compareValue = op.getFirstAsInt();
138            if ( op.isUserCoupled() ) {
139                // TODO
140                // get compareValue from the rights management system
141            }
142            if ( compareValue < contentLength ) {
143                throw new InvalidParameterValueException( contentLengthMESSAGE2 + ": " + contentLength );
144            }
145        }
146    
147        /**
148         * @param headerFields
149         * @param user
150         * @throws InvalidParameterValueException
151         * @throws UnauthorizedException
152         */
153        public void validateHeader( Map<String, Object> headerFields, User user )
154                                throws InvalidParameterValueException, UnauthorizedException {
155            OperationParameter op = generalCondition.getOperationParameter( HTTPHEADER );
156            if ( op == null ) {
157                // if no policy for a value is defined the condition
158                // never will be fullfilled --> rights are granted, not limited
159                throw new InvalidParameterValueException( contentLengthMESSAGE1 );
160            }
161    
162            if ( op.isUserCoupled() && user == null ) {
163                String s = Messages.getMessage( "OWSPROXY_NO_ANONYMOUS_ACCESS" );
164                throw new UnauthorizedException( s );
165            }
166            // TODO
167    
168        }
169    
170        /**
171         * validates if the current request type (e.g. POST, GET ...) is granted to be performed
172         *
173         * @param type
174         * @throws InvalidParameterValueException
175         */
176        public void validateRequestMethod( String type )
177                                throws InvalidParameterValueException {
178            OperationParameter op = generalCondition.getOperationParameter( REQUESTTYPE );
179            if ( op == null ) {
180                // if no policy for a value is defined the condition
181                // never will be fullfilled --> rights are granted not limited
182                throw new InvalidParameterValueException( contentLengthMESSAGE1 );
183            }
184    
185            if ( op.isAny() ) {
186                return;
187            }
188    
189            String[] tmp = StringTools.toArray( op.getFirstAsString(), ",", true );
190            List<String> compareValue = Arrays.asList( tmp );
191            if ( op.isUserCoupled() ) {
192                // TODO
193                // get compareValue from the rights management system
194            }
195            if ( !compareValue.contains( type ) ) {
196                throw new InvalidParameterValueException( contentLengthMESSAGE2 );
197            }
198        }
199    
200    }