001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/owsrequestvalidator/wfs/AbstractWFSRequestValidator.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.owsrequestvalidator.wfs;
037    
038    import java.io.IOException;
039    import java.io.StringReader;
040    import java.util.List;
041    
042    import org.deegree.framework.log.ILogger;
043    import org.deegree.framework.log.LoggerFactory;
044    import org.deegree.framework.xml.XMLFragment;
045    import org.deegree.i18n.Messages;
046    import org.deegree.model.filterencoding.AbstractFilter;
047    import org.deegree.model.filterencoding.ComplexFilter;
048    import org.deegree.model.filterencoding.FilterConstructionException;
049    import org.deegree.model.filterencoding.Literal;
050    import org.deegree.model.filterencoding.LogicalOperation;
051    import org.deegree.model.filterencoding.Operation;
052    import org.deegree.model.filterencoding.OperationDefines;
053    import org.deegree.model.filterencoding.PropertyIsCOMPOperation;
054    import org.deegree.model.filterencoding.PropertyName;
055    import org.deegree.ogcwebservices.InvalidParameterValueException;
056    import org.deegree.security.owsproxy.Condition;
057    import org.deegree.security.owsproxy.OperationParameter;
058    import org.deegree.security.owsrequestvalidator.Policy;
059    import org.deegree.security.owsrequestvalidator.RequestValidator;
060    import org.xml.sax.SAXException;
061    
062    /**
063     *
064     *
065     * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
066     * @author last edited by: $Author: mschneider $
067     *
068     * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $
069     */
070    abstract class AbstractWFSRequestValidator extends RequestValidator {
071    
072        private static final ILogger LOG = LoggerFactory.getLogger( AbstractWFSRequestValidator.class );
073    
074        // known condition parameter
075        private static final String FEATURETYPES = "featureTypes";
076    
077        private static final String PROPERTY_INSTANCEFILTER = "instanceFilter";
078    
079        /**
080         * @param policy
081         */
082        public AbstractWFSRequestValidator( Policy policy ) {
083            super( policy );
084        }
085    
086        /**
087         * validates if the requested info featuretypes are valid against the policy/condition. If the
088         * passed user <> null this is checked against the user- and rights-management system/repository
089         *
090         * @param condition
091         * @param featureTypes
092         * @throws InvalidParameterValueException
093         */
094        protected void validateFeatureTypes( Condition condition, String[] featureTypes )
095                                throws InvalidParameterValueException {
096    
097            OperationParameter op = condition.getOperationParameter( FEATURETYPES );
098    
099            if ( op == null ) {
100                LOG.logWarning( "Did you forget to add a featureTypes parameter to the precondition?" );
101                return;
102            }
103    
104            // version is valid because no restrictions are made
105            if ( op.isAny() )
106                return;
107    
108            List<String> validLayers = op.getValues();
109            if ( op.isUserCoupled() ) {
110                userCoupled = true;
111            } else {
112                for ( int i = 0; i < featureTypes.length; i++ ) {
113                    LOG.logDebug( "validating feature type: ", featureTypes[i] );
114                    if ( !validLayers.contains( featureTypes[i] ) ) {
115                        String s = Messages.getMessage( "OWSPROXY_NOT_ALLOWED_FEATURETYPE", "access", featureTypes[i] );
116                        throw new InvalidParameterValueException( s );
117                    }
118                }
119            }
120        }
121    
122        /**
123         *
124         * @param operation
125         * @return the filter defined for the given operation or <code>null</code> if no such filter
126         *         is defined.
127         * @throws IOException
128         * @throws SAXException
129         * @throws FilterConstructionException
130         */
131        protected ComplexFilter extractInstanceFilter( Operation operation )
132                                throws SAXException, IOException, FilterConstructionException {
133            ComplexFilter filter = null;
134            if ( operation.getOperatorId() == OperationDefines.AND ) {
135                List<Operation> arguments = ( (LogicalOperation) operation ).getArguments();
136                for ( int i = 0; i < arguments.size(); i++ ) {
137                    Operation op = arguments.get( i );
138                    if ( op.getOperatorId() == OperationDefines.PROPERTYISEQUALTO ) {
139                        PropertyName pn = (PropertyName) ( (PropertyIsCOMPOperation) op ).getFirstExpression();
140                        if ( PROPERTY_INSTANCEFILTER.equals( pn.getValue().getAsString() ) ) {
141                            Literal literal = (Literal) ( (PropertyIsCOMPOperation) op ).getSecondExpression();
142                            StringReader sr = new StringReader( literal.getValue() );
143                            XMLFragment xml = new XMLFragment( sr, XMLFragment.DEFAULT_URL );
144                            filter = (ComplexFilter) AbstractFilter.buildFromDOM( xml.getRootElement(), false );
145                        }
146                    }
147                }
148            } else if ( operation.getOperatorId() == OperationDefines.PROPERTYISEQUALTO ) {
149                PropertyName pn = (PropertyName) ( (PropertyIsCOMPOperation) operation ).getFirstExpression();
150                if ( PROPERTY_INSTANCEFILTER.equals( pn.getValue().getAsString() ) ) {
151                    Literal literal = (Literal) ( (PropertyIsCOMPOperation) operation ).getSecondExpression();
152                    StringReader sr = new StringReader( literal.getValue() );
153                    XMLFragment xml = new XMLFragment( sr, XMLFragment.DEFAULT_URL );
154                    filter = (ComplexFilter) AbstractFilter.buildFromDOM( xml.getRootElement(), false );
155                }
156            }
157            return filter;
158        }
159    }