001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/owsrequestvalidator/wms/GetFeatureInfoRequestValidator.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.owsrequestvalidator.wms;
037    
038    import static org.deegree.security.drm.model.RightType.GETFEATUREINFO;
039    
040    import java.util.List;
041    
042    import org.deegree.datatypes.QualifiedName;
043    import org.deegree.datatypes.Types;
044    import org.deegree.model.feature.Feature;
045    import org.deegree.model.feature.FeatureFactory;
046    import org.deegree.model.feature.FeatureProperty;
047    import org.deegree.model.feature.schema.FeatureType;
048    import org.deegree.model.feature.schema.PropertyType;
049    import org.deegree.ogcwebservices.InvalidParameterValueException;
050    import org.deegree.ogcwebservices.OGCWebServiceRequest;
051    import org.deegree.ogcwebservices.wms.operation.GetFeatureInfo;
052    import org.deegree.ogcwebservices.wms.operation.GetMap;
053    import org.deegree.security.UnauthorizedException;
054    import org.deegree.security.drm.model.User;
055    import org.deegree.security.owsproxy.Condition;
056    import org.deegree.security.owsproxy.OperationParameter;
057    import org.deegree.security.owsproxy.Request;
058    import org.deegree.security.owsrequestvalidator.Messages;
059    import org.deegree.security.owsrequestvalidator.Policy;
060    import org.deegree.security.owsrequestvalidator.RequestValidator;
061    
062    /**
063     * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
064     * @author last edited by: $Author: mschneider $
065     *
066     * @version 1.1, $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $
067     *
068     * @since 1.1
069     */
070    
071    class GetFeatureInfoRequestValidator extends RequestValidator {
072    
073        // known condition parameter
074        private static final String INFOLAYERS = "featureInfoLayers";
075    
076        private static final String INFOFORMAT = "infoFormat";
077    
078        private static final String FEATURECOUNT = "maxFeatureCount";
079    
080        private static final String INVALIDCLICKPOINT = Messages.getString( "GetFeatureInfoRequestValidator.INVALIDCLICKPOINT" );
081    
082        private static final String INVALIDLAYER = Messages.getString( "GetFeatureInfoRequestValidator.INVALIDLAYER" );
083    
084        private static final String INVALIDFORMAT = Messages.getString( "GetFeatureInfoRequestValidator.INVALIDFORMAT" );
085    
086        private static final String INAVLIDFEATURECOUNT = Messages.getString( "GetFeatureInfoRequestValidator.INAVLIDFEATURECOUNT" );
087    
088        private static FeatureType gfiFT = null;
089    
090        static {
091            if ( gfiFT == null ) {
092                gfiFT = GetFeatureInfoRequestValidator.createFeatureType();
093            }
094        }
095    
096        /**
097         * @param policy
098         */
099        public GetFeatureInfoRequestValidator( Policy policy ) {
100            super( policy );
101        }
102    
103        /**
104         * validates the incoming GetFeatureInfo request against the policy assigned to a validator
105         *
106         * @param request
107         *            request to validate
108         * @param user
109         *            name of the user who likes to perform the request (can be null)
110         */
111        @Override
112        public void validateRequest( OGCWebServiceRequest request, User user )
113                                throws InvalidParameterValueException, UnauthorizedException {
114    
115            userCoupled = false;
116            Request req = policy.getRequest( "WMS", "GetFeatureInfo" );
117            // request is valid because no restrictions are made
118            if ( req.isAny() || req.getPreConditions().isAny() ) {
119                return;
120            }
121            Condition condition = req.getPreConditions();
122    
123            GetFeatureInfo wmsreq = (GetFeatureInfo) request;
124    
125            // validate the GetMap request contained in the
126            // GetFeatureInfo request
127            GetMapRequestValidator gmrv = new GetMapRequestValidator( policy );
128            GetMap gmr = wmsreq.getGetMapRequestCopy();
129            gmrv.validateRequest( gmr, user );
130    
131            validateXY( gmr, wmsreq );
132            validateInfoLayers( condition, wmsreq.getQueryLayers() );
133            validateInfoFormat( condition, wmsreq.getInfoFormat() );
134            validateFeatureCount( condition, wmsreq.getFeatureCount() );
135    
136            if ( userCoupled ) {
137                validateAgainstRightsDB( wmsreq, user );
138            }
139    
140        }
141    
142        /**
143         * validates the click point (x,y coordinate) to be located within the map image that has been base of the
144         * GetFeatureInfo request
145         *
146         * @param gmr
147         * @param gfir
148         * @throws InvalidParameterValueException
149         */
150        private void validateXY( GetMap gmr, GetFeatureInfo gfir )
151                                throws InvalidParameterValueException {
152    
153            int x = gfir.getClickPoint().x;
154            int y = gfir.getClickPoint().y;
155    
156            int width = gmr.getWidth();
157            int height = gmr.getHeight();
158    
159            if ( x < 0 || x >= width || y < 0 || y >= height ) {
160                throw new InvalidParameterValueException( INVALIDCLICKPOINT );
161            }
162    
163        }
164    
165        /**
166         * validates if the requested info layers layers are valid against the policy/condition. If the passed user <>null
167         * this is checked against the user- and rights-management system/repository
168         *
169         * @param condition
170         * @param layers
171         * @throws InvalidParameterValueException
172         */
173        private void validateInfoLayers( Condition condition, String[] layers )
174                                throws InvalidParameterValueException {
175    
176            OperationParameter op = condition.getOperationParameter( INFOLAYERS );
177    
178            // version is valid because no restrictions are made
179            if ( op.isAny() )
180                return;
181    
182            List<String> validLayers = op.getValues();
183            if ( op.isUserCoupled() ) {
184                userCoupled = true;
185            } else {
186                for ( int i = 0; i < layers.length; i++ ) {
187                    if ( !validLayers.contains( layers[i] ) ) {
188                        throw new InvalidParameterValueException( INVALIDLAYER + layers[i] );
189                    }
190                }
191            }
192        }
193    
194        /**
195         * checks if the passed format is valid against the format defined in the policy. If <tt>user</ff> != <tt>null</tt>
196         * format will be compared against the user/rights repository
197         *
198         * @param condition
199         *            condition containing the definition of the valid format
200         * @param format
201         * @throws InvalidParameterValueException
202         */
203        private void validateInfoFormat( Condition condition, String format )
204                                throws InvalidParameterValueException {
205    
206            OperationParameter op = condition.getOperationParameter( INFOFORMAT );
207    
208            // version is valid because no restrictions are made
209            if ( op.isAny() ) {
210                return;
211            }
212    
213            List<String> list = op.getValues();
214            if ( op.isUserCoupled() ) {
215                userCoupled = true;
216            } else {
217                if ( !list.contains( format ) ) {
218                    throw new InvalidParameterValueException( INVALIDFORMAT + format );
219                }
220            }
221    
222        }
223    
224        /**
225         * checks if the passed featureCount is valid against the featureCount defined in the policy and if it is greater
226         * zero. If <tt>user</ff> != <tt>null</tt> featureCount will be compared against the user/rights repository
227         *
228         * @param condition
229         * @param featureCount
230         * @throws InvalidParameterValueException
231         */
232        private void validateFeatureCount( Condition condition, int featureCount )
233                                throws InvalidParameterValueException {
234    
235            OperationParameter op = condition.getOperationParameter( FEATURECOUNT );
236    
237            // version is valid because no restrictions are made
238            if ( op.isAny() )
239                return;
240    
241            if ( op.isUserCoupled() ) {
242                userCoupled = true;
243            } else {
244                if ( featureCount < 1 || featureCount > op.getFirstAsInt() ) {
245                    throw new InvalidParameterValueException( INAVLIDFEATURECOUNT + featureCount );
246                }
247            }
248        }
249    
250        /**
251         * validates the passed WMS GetMap request against a User- and Rights-Management DB.
252         *
253         * @param wmsreq
254         * @param user
255         * @throws InvalidParameterValueException
256         */
257        private void validateAgainstRightsDB( GetFeatureInfo wmsreq, User user )
258                                throws InvalidParameterValueException, UnauthorizedException {
259    
260            if ( user == null ) {
261                throw new UnauthorizedException( "no access to anonymous user" );
262            }
263    
264            // create feature that describes the map request
265            FeatureProperty[] fps = new FeatureProperty[6];
266            fps[0] = FeatureFactory.createFeatureProperty( new QualifiedName( "version" ), wmsreq.getVersion() );
267            Integer x = new Integer( wmsreq.getClickPoint().x );
268            fps[1] = FeatureFactory.createFeatureProperty( new QualifiedName( "x" ), x );
269            Integer y = new Integer( wmsreq.getClickPoint().y );
270            fps[2] = FeatureFactory.createFeatureProperty( new QualifiedName( "y" ), y );
271            fps[3] = FeatureFactory.createFeatureProperty( new QualifiedName( "infoformat" ), wmsreq.getInfoFormat() );
272            fps[4] = FeatureFactory.createFeatureProperty( new QualifiedName( "exceptions" ), wmsreq.getExceptions() );
273            Integer fc = new Integer( wmsreq.getFeatureCount() );
274            fps[5] = FeatureFactory.createFeatureProperty( new QualifiedName( "featurecount" ), fc );
275    
276            Feature feature = FeatureFactory.createFeature( "id", gfiFT, fps );
277            String[] layer = wmsreq.getQueryLayers();
278            for ( int i = 0; i < layer.length; i++ ) {
279                if ( securityConfig.getProxiedUrl() == null ) {
280                    handleUserCoupledRules( user, feature, layer[i], "Layer", GETFEATUREINFO );
281                } else {
282                    handleUserCoupledRules( user, feature, "[" + securityConfig.getProxiedUrl() + "]:" + layer[i], "Layer",
283                                            GETFEATUREINFO );
284                }
285            }
286        }
287    
288        private static FeatureType createFeatureType() {
289            PropertyType[] ftps = new PropertyType[6];
290            ftps[0] = FeatureFactory.createSimplePropertyType( new QualifiedName( "version" ), Types.INTEGER, false );
291            ftps[1] = FeatureFactory.createSimplePropertyType( new QualifiedName( "x" ), Types.INTEGER, false );
292            ftps[2] = FeatureFactory.createSimplePropertyType( new QualifiedName( "y" ), Types.INTEGER, false );
293            ftps[3] = FeatureFactory.createSimplePropertyType( new QualifiedName( "infoformat" ), Types.VARCHAR, false );
294            ftps[4] = FeatureFactory.createSimplePropertyType( new QualifiedName( "exceptions" ), Types.VARCHAR, false );
295            ftps[5] = FeatureFactory.createSimplePropertyType( new QualifiedName( "featurecount" ), Types.INTEGER, false );
296    
297            return FeatureFactory.createFeatureType( "GetFeatureInfo", false, ftps );
298        }
299    
300    }