001    // $HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/tools/security/DRMAccess.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    
037    package org.deegree.tools.security;
038    
039    import java.io.FileNotFoundException;
040    import java.io.IOException;
041    import java.io.InputStream;
042    import java.io.RandomAccessFile;
043    import java.io.StringReader;
044    import java.util.ArrayList;
045    import java.util.Arrays;
046    import java.util.Iterator;
047    import java.util.List;
048    import java.util.Properties;
049    
050    import org.deegree.framework.util.BootLogger;
051    import org.deegree.framework.util.StringTools;
052    import org.deegree.framework.xml.XMLTools;
053    import org.deegree.model.filterencoding.AbstractFilter;
054    import org.deegree.model.filterencoding.Filter;
055    import org.deegree.security.GeneralSecurityException;
056    import org.deegree.security.drm.SecurityAccess;
057    import org.deegree.security.drm.SecurityAccessManager;
058    import org.deegree.security.drm.SecurityTransaction;
059    import org.deegree.security.drm.WrongCredentialsException;
060    import org.deegree.security.drm.model.Group;
061    import org.deegree.security.drm.model.Right;
062    import org.deegree.security.drm.model.RightSet;
063    import org.deegree.security.drm.model.RightType;
064    import org.deegree.security.drm.model.Role;
065    import org.deegree.security.drm.model.SecuredObject;
066    import org.deegree.security.drm.model.User;
067    import org.w3c.dom.Document;
068    
069    /**
070     * tool class to handle deegree sercurity administration using commandline calls:
071     *
072     * <pre>
073     *   general definitions:
074     *   -driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)
075     *   -logon jdbc:odbc:security logon to database (e.g. ODBC name)
076     *   -user user name (optional)
077     *   -password users password (optional)
078     *
079     *   possible actions:
080     *   -action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)
081     *   defines the action be performed. possible actions are listed inn brackets.
082     *
083     *   action = addUser -&gt; adds a user to the right management
084     *   -name users login name
085     *   -password users password
086     *   -firstName the first name of the user
087     *   -lastName the last name of the user
088     *   -emal email address of the user
089     *
090     *   action = removeUser -&gt; removes a user to the right management
091     *   -name users login name
092     *
093     *   action = addGroup -&gt; adds a group to the right management system
094     *   -name name of the group
095     *   -title title of the group
096     *
097     *   action = removeGroup -&gt; removes a group to the right management
098     *   -name groups login name
099     *
100     *   action = addRole -&gt; adds a role to the right management system
101     *   -name name of the role
102     *
103     *   action = addUserToGroup -&gt; adds a user to a named group
104     *   -userName name of the user
105     *   -groupName name of the group
106     *
107     *   action = addUserToGroup -&gt; assignes a group with a role
108     *   -groupName name of the group
109     *   -roleName name of the role
110     *
111     *   action = addSecuredObject -&gt; adds a new secured object to the right management system
112     *   -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
113     *   -soName name of the secured object
114     *   -soTitle title of the secured object
115     *
116     *   action = removeSecuredObject -&gt; removes a new secured object from the right management system
117     *   -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
118     *   -soName name of the secured object
119     *
120     *   action = assignRights -&gt; assigns rights on a named secured object to a role
121     *   -constraints comma seperated list of absolut pathes to filter encoding files
122     *   -rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints
123     *   -soName name of the secured object
124     *   -soType type of the secured object
125     *   -role name of the role the rights shall be given to
126     *
127     *   action = removeRights removes rights on a named secured object to a role
128     *   -rights comma seperated list of rights to remove.
129     *   -soName name of the secured object
130     *   -soType type of the secured object
131     *   -role name of the role the rights shall be given to
132     *
133     *   action = clean -&gt; cleans the complete right management system database by deleting all entries!
134     * </pre>
135     *
136     *
137     * @version $Revision: 18197 $
138     * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
139     * @author last edited by: $Author: apoth $
140     *
141     * @version $Revision: 18197 $, $Date: 2009-06-19 13:32:15 +0200 (Fr, 19 Jun 2009) $
142     */
143    public class DRMAccess {
144    
145        private static String secAdminPassword = "JOSE67";
146    
147        private SecurityAccessManager manager;
148    
149        private SecurityTransaction transaction;
150    
151        static private Properties prop = new Properties();
152    
153        /**
154         * Initialization done at class loading time.
155         */
156        static {
157            try {
158                String fileName = "sec.properties";
159                InputStream is = DRMAccess.class.getResourceAsStream( fileName );
160                if ( is == null ) {
161                    BootLogger.log( "Error while initializing " + DRMAccess.class.getName() + " : "
162                                    + " default message file: '" + fileName + " not found." );
163                }
164                is = DRMAccess.class.getResourceAsStream( fileName );
165                prop.load( is );
166                is.close();
167    
168                // override messages using file "/sec.properties"
169                fileName = "/sec.properties";
170                overrideMessages( fileName, prop );
171    
172            } catch ( IOException e ) {
173                BootLogger.logError( "Error while initializing " + DRMAccess.class.getName() + " : " + e.getMessage(), e );
174            }
175        }
176    
177        /**
178         * @throws IOException
179         */
180        public DRMAccess() throws IOException {
181            secAdminPassword = prop.getProperty( "adminpass" );
182        }
183    
184        private static void overrideMessages( String propertiesFile, Properties props )
185                                throws IOException {
186            InputStream is = DRMAccess.class.getResourceAsStream( propertiesFile );
187            if ( is != null ) {
188                // override default messages
189                Properties overrideProps = new Properties();
190                overrideProps.load( is );
191                is.close();
192                Iterator<?> iter = overrideProps.keySet().iterator();
193                while ( iter.hasNext() ) {
194                    String key = (String) iter.next();
195                    props.put( key, overrideProps.get( key ) );
196                }
197            }
198        }
199    
200        /**
201         * @param driver
202         * @param logon
203         * @param user
204         * @param password
205         * @throws Exception
206         */
207        protected void setUp( String driver, String logon, String user, String password )
208                                throws Exception {
209            Properties properties = new Properties();
210            properties.setProperty( "driver", driver );
211            properties.setProperty( "url", logon );
212            if ( user == null )
213                user = "";
214            properties.setProperty( "user", user );
215            if ( password == null )
216                password = "";
217            properties.setProperty( "password", password );
218            try {
219                manager = SecurityAccessManager.getInstance();
220            } catch ( GeneralSecurityException e ) {
221                try {
222                    System.out.println( properties );
223                    SecurityAccessManager.initialize( "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000 );
224                    manager = SecurityAccessManager.getInstance();
225    
226                } catch ( GeneralSecurityException e1 ) {
227                    e1.printStackTrace();
228                }
229            }
230        }
231    
232        /**
233         *
234         */
235        public void GetUsers() {
236            try {
237                User user = manager.getUserByName( "SEC_ADMIN" );
238                user.authenticate( DRMAccess.secAdminPassword );
239                transaction = manager.acquireTransaction( user );
240                User[] users = transaction.getAllUsers();
241                for ( int i = 0; i < users.length; i++ ) {
242                    System.out.println( "User " + i + ": " + users[i].getName() );
243                }
244            } catch ( Exception e ) {
245                e.printStackTrace();
246            }
247        }
248    
249        /**
250         *
251         * @param name
252         * @param password
253         * @param firstName
254         * @param lastName
255         * @param email
256         */
257        public void addUser( String name, String password, String firstName, String lastName, String email ) {
258            try {
259                User user = manager.getUserByName( "SEC_ADMIN" );
260                user.authenticate( DRMAccess.secAdminPassword );
261                transaction = manager.acquireTransaction( user );
262                transaction.registerUser( name, password, firstName, lastName, email );
263    
264                manager.commitTransaction( transaction );
265            } catch ( Exception e ) {
266                e.printStackTrace();
267                try {
268                    manager.abortTransaction( transaction );
269                } catch ( GeneralSecurityException me ) {
270                    me.printStackTrace();
271                }
272    
273            }
274        }
275    
276        /**
277         *
278         * @param name
279         */
280        public void removeUser( String name ) {
281            try {
282                User user = manager.getUserByName( "SEC_ADMIN" );
283                user.authenticate( DRMAccess.secAdminPassword );
284                transaction = manager.acquireTransaction( user );
285                user = transaction.getUserByName( name );
286                transaction.deregisterUser( user );
287                manager.commitTransaction( transaction );
288            } catch ( Exception e ) {
289                e.printStackTrace();
290            }
291        }
292    
293        /**
294         *
295         * @param name
296         * @param password
297         * @return the user
298         */
299        public User login( String name, String password ) {
300            User user = null;
301            try {
302                user = manager.getUserByName( "SEC_ADMIN" );
303                user.authenticate( DRMAccess.secAdminPassword );
304                transaction = manager.acquireTransaction( user );
305                user = transaction.getUserByName( name );
306                try {
307                    user.authenticate( password );
308                } catch ( WrongCredentialsException e ) {
309                    System.out.println( "failed." );
310                }
311            } catch ( Exception e ) {
312                e.printStackTrace();
313                try {
314                    manager.abortTransaction( transaction );
315                } catch ( GeneralSecurityException me ) {
316                    me.printStackTrace();
317                }
318            }
319            return user;
320        }
321    
322        /**
323         *
324         * @param name
325         * @param title
326         * @return the group
327         */
328        public Group addGroup( String name, String title ) {
329            Group humans = null;
330            try {
331                User user = manager.getUserByName( "SEC_ADMIN" );
332                user.authenticate( DRMAccess.secAdminPassword );
333                transaction = manager.acquireTransaction( user );
334    
335                humans = transaction.registerGroup( name, title );
336                manager.commitTransaction( transaction );
337            } catch ( Exception e ) {
338                e.printStackTrace();
339                try {
340                    manager.abortTransaction( transaction );
341                } catch ( GeneralSecurityException me ) {
342                    me.printStackTrace();
343                }
344            }
345            return humans;
346        }
347    
348        /**
349         *
350         * @param name
351         */
352        public void removeGroup( String name ) {
353    
354            try {
355                User user = manager.getUserByName( "SEC_ADMIN" );
356                user.authenticate( DRMAccess.secAdminPassword );
357                transaction = manager.acquireTransaction( user );
358    
359                Group group = transaction.getGroupByName( name );
360                transaction.deregisterGroup( group );
361                manager.commitTransaction( transaction );
362            } catch ( Exception e ) {
363                e.printStackTrace();
364                try {
365                    manager.abortTransaction( transaction );
366                } catch ( GeneralSecurityException me ) {
367                    me.printStackTrace();
368                }
369            }
370        }
371    
372        /**
373         *
374         * @param name
375         * @return the role
376         */
377        public Role addRole( String name ) {
378            Role role = null;
379            try {
380                User user = manager.getUserByName( "SEC_ADMIN" );
381                user.authenticate( DRMAccess.secAdminPassword );
382                transaction = manager.acquireTransaction( user );
383    
384                role = transaction.registerRole( name );
385                manager.commitTransaction( transaction );
386            } catch ( Exception e ) {
387                e.printStackTrace();
388                try {
389                    manager.abortTransaction( transaction );
390                } catch ( GeneralSecurityException me ) {
391                    me.printStackTrace();
392                }
393            }
394            return role;
395        }
396    
397        /**
398         *
399         * @param name
400         */
401        public void removeRole( String name ) {
402    
403            try {
404                User user = manager.getUserByName( "SEC_ADMIN" );
405                user.authenticate( DRMAccess.secAdminPassword );
406                transaction = manager.acquireTransaction( user );
407    
408                Role role = transaction.getRoleByName( name );
409                transaction.deregisterRole( role );
410                manager.commitTransaction( transaction );
411            } catch ( Exception e ) {
412                e.printStackTrace();
413                try {
414                    manager.abortTransaction( transaction );
415                } catch ( GeneralSecurityException me ) {
416                    me.printStackTrace();
417                }
418            }
419    
420        }
421    
422        /**
423         * @param userName
424         * @param group
425         */
426        public void setGroupMemberships( String userName, String group ) {
427    
428            try {
429                User user = manager.getUserByName( "SEC_ADMIN" );
430                user.authenticate( DRMAccess.secAdminPassword );
431                transaction = manager.acquireTransaction( user );
432    
433                User jon = transaction.getUserByName( userName );
434                Group humans = transaction.getGroupByName( group );
435                User[] users = humans.getUsers( transaction );
436                List<User> list = Arrays.asList( users );
437                ArrayList<User> aList = new ArrayList<User>( list );
438                aList.add( jon );
439                users = aList.toArray( new User[aList.size()] );
440                transaction.setUsersInGroup( humans, users );
441    
442                manager.commitTransaction( transaction );
443            } catch ( Exception e ) {
444                e.printStackTrace();
445                try {
446                    manager.abortTransaction( transaction );
447                } catch ( GeneralSecurityException me ) {
448                    me.printStackTrace();
449                }
450    
451            }
452        }
453    
454        /**
455         *
456         * @param role
457         * @param group
458         */
459        public void setRoleAssociation( String role, String group ) {
460            try {
461                User user = manager.getUserByName( "SEC_ADMIN" );
462                user.authenticate( DRMAccess.secAdminPassword );
463                transaction = manager.acquireTransaction( user );
464    
465                Group humans = transaction.getGroupByName( group );
466                Role canOpener = transaction.getRoleByName( role );
467                Group[] groups = canOpener.getGroups( transaction );
468                List<Group> list = Arrays.asList( groups );
469                ArrayList<Group> aList = new ArrayList<Group>( list );
470                aList.add( humans );
471                groups = aList.toArray( new Group[aList.size()] );
472                transaction.setGroupsWithRole( canOpener, groups );
473                manager.commitTransaction( transaction );
474            } catch ( Exception e ) {
475                e.printStackTrace();
476                try {
477                    manager.abortTransaction( transaction );
478                } catch ( GeneralSecurityException me ) {
479                    me.printStackTrace();
480                }
481    
482            }
483        }
484    
485        /**
486         *
487         * @param role
488         * @param user
489         */
490        public void setUserRoleAssociation( String role, String user ) {
491            try {
492                User u = manager.getUserByName( "SEC_ADMIN" );
493                u.authenticate( DRMAccess.secAdminPassword );
494                transaction = manager.acquireTransaction( u );
495                User us = transaction.getUserByName( user );
496                Role canOpener = transaction.getRoleByName( role );
497                transaction.setUsersWithRole( canOpener, new User[] { us } );
498                manager.commitTransaction( transaction );
499            } catch ( Exception e ) {
500                e.printStackTrace();
501                try {
502                    manager.abortTransaction( transaction );
503                } catch ( GeneralSecurityException me ) {
504                    me.printStackTrace();
505                }
506    
507            }
508        }
509    
510        /**
511         *
512         * @param type
513         * @param name
514         * @param title
515         */
516        public void addSecuredObject( String type, String name, String title ) {
517            try {
518                User user = manager.getUserByName( "SEC_ADMIN" );
519                user.authenticate( DRMAccess.secAdminPassword );
520                transaction = manager.acquireTransaction( user );
521                transaction.registerSecuredObject( type, name, title );
522                manager.commitTransaction( transaction );
523            } catch ( Exception e ) {
524                e.printStackTrace();
525                try {
526                    manager.abortTransaction( transaction );
527                } catch ( GeneralSecurityException me ) {
528                    me.printStackTrace();
529                }
530    
531            }
532        }
533    
534        /**
535         *
536         * @param type
537         * @param name
538         */
539        public void removeSecuredObject( String type, String name ) {
540            try {
541                User user = manager.getUserByName( "SEC_ADMIN" );
542                user.authenticate( DRMAccess.secAdminPassword );
543                transaction = manager.acquireTransaction( user );
544                SecuredObject so = transaction.getSecuredObjectByName( name, type );
545                transaction.deregisterSecuredObject( so );
546                manager.commitTransaction( transaction );
547            } catch ( Exception e ) {
548                e.printStackTrace();
549                try {
550                    manager.abortTransaction( transaction );
551                } catch ( GeneralSecurityException me ) {
552                    me.printStackTrace();
553                }
554    
555            }
556        }
557    
558        /**
559         *
560         * @param filter
561         * @param secObj
562         * @param soType
563         * @param role
564         * @param rights
565         */
566        public void assignRights( String[] filter, String secObj, String soType, String role, String[] rights ) {
567            try {
568                User user = manager.getUserByName( "SEC_ADMIN" );
569                user.authenticate( DRMAccess.secAdminPassword );
570                transaction = manager.acquireTransaction( user );
571    
572                SecuredObject so = transaction.getSecuredObjectByName( secObj, soType );
573    
574                Right[] rs = new Right[rights.length];
575                for ( int i = 0; i < rs.length; i++ ) {
576                    Filter constraints = null;
577                    if ( filter[i] != null ) {
578                        Document doc = XMLTools.parse( new StringReader( filter[i] ) );
579                        constraints = AbstractFilter.buildFromDOM( doc.getDocumentElement(), false );
580                    }
581                    if ( rights[i].equalsIgnoreCase( "getmap" ) ) {
582                        rs[i] = new Right( so, RightType.GETMAP, constraints );
583                    } else if ( rights[i].equalsIgnoreCase( "getmap_response" ) ) {
584                        rs[i] = new Right( so, RightType.GETMAP_RESPONSE, constraints );
585                    } else if ( rights[i].equalsIgnoreCase( "getfeatureinfo" ) ) {
586                        rs[i] = new Right( so, RightType.GETFEATUREINFO, constraints );
587                    } else if ( rights[i].equalsIgnoreCase( "getfeatureinfo_response" ) ) {
588                        rs[i] = new Right( so, RightType.GETFEATUREINFO_RESPONSE, constraints );
589                    } else if ( rights[i].equalsIgnoreCase( "getlegendgraphic" ) ) {
590                        rs[i] = new Right( so, RightType.GETLEGENDGRAPHIC, constraints );
591                    } else if ( rights[i].equalsIgnoreCase( "getlegendgraphic_response" ) ) {
592                        rs[i] = new Right( so, RightType.GETLEGENDGRAPHIC_RESPONSE, constraints );
593                    } else if ( rights[i].equalsIgnoreCase( "getfeature" ) ) {
594                        rs[i] = new Right( so, RightType.GETFEATURE, constraints );
595                    } else if ( rights[i].equalsIgnoreCase( "getfeature_response" ) ) {
596                        rs[i] = new Right( so, RightType.GETFEATURE_RESPONSE, constraints );
597                    } else if ( rights[i].equalsIgnoreCase( "describefeaturetype" ) ) {
598                        rs[i] = new Right( so, RightType.DESCRIBEFEATURETYPE, constraints );
599                    } else if ( rights[i].equalsIgnoreCase( "describefeaturetype_response" ) ) {
600                        rs[i] = new Right( so, RightType.DESCRIBEFEATURETYPE_RESPONSE, constraints );
601                    } else if ( rights[i].equalsIgnoreCase( "getcoverage" ) ) {
602                        rs[i] = new Right( so, RightType.GETCOVERAGE, constraints );
603                    } else if ( rights[i].equalsIgnoreCase( "getcoverage_response" ) ) {
604                        rs[i] = new Right( so, RightType.GETCOVERAGE_RESPONSE, constraints );
605                    } else if ( rights[i].equalsIgnoreCase( "describecoverage" ) ) {
606                        rs[i] = new Right( so, RightType.DESCRIBECOVERAGE, constraints );
607                    } else if ( rights[i].equalsIgnoreCase( "describecoverage_response" ) ) {
608                        rs[i] = new Right( so, RightType.DESCRIBECOVERAGE_RESPONSE, constraints );
609                    } else if ( rights[i].equalsIgnoreCase( "getrecords" ) ) {
610                        rs[i] = new Right( so, RightType.GETRECORDS, constraints );
611                    } else if ( rights[i].equalsIgnoreCase( "getrecords_response" ) ) {
612                        rs[i] = new Right( so, RightType.GETRECORDS_RESPONSE, constraints );
613                    } else if ( rights[i].equalsIgnoreCase( "getrecordbyid" ) ) {
614                        rs[i] = new Right( so, RightType.GETRECORDBYID, constraints );
615                    } else if ( rights[i].equalsIgnoreCase( "getrecordbyid_response" ) ) {
616                        rs[i] = new Right( so, RightType.GETRECORDBYID_RESPONSE, constraints );
617                    } else if ( rights[i].equalsIgnoreCase( "describerecordtype" ) ) {
618                        rs[i] = new Right( so, RightType.DESCRIBERECORDTYPE, constraints );
619                    } else if ( rights[i].equalsIgnoreCase( "describerecordtype_response" ) ) {
620                        rs[i] = new Right( so, RightType.DESCRIBERECORDTYPE_RESPONSE, constraints );
621                    } else if ( rights[i].equalsIgnoreCase( "delete" ) ) {
622                        rs[i] = new Right( so, RightType.DELETE, constraints );
623                    } else if ( rights[i].equalsIgnoreCase( "delete_response" ) ) {
624                        rs[i] = new Right( so, RightType.DELETE_RESPONSE, constraints );
625                    } else if ( rights[i].equalsIgnoreCase( "update" ) ) {
626                        rs[i] = new Right( so, RightType.UPDATE, constraints );
627                    } else if ( rights[i].equalsIgnoreCase( "update_response" ) ) {
628                        rs[i] = new Right( so, RightType.UPDATE_RESPONSE, constraints );
629                    } else if ( rights[i].equalsIgnoreCase( "insert" ) ) {
630                        rs[i] = new Right( so, RightType.INSERT, constraints );
631                    } else if ( rights[i].equalsIgnoreCase( "insert_response" ) ) {
632                        rs[i] = new Right( so, RightType.INSERT_RESPONSE, constraints );
633                    } else if ( rights[i].equalsIgnoreCase( "GetRepositoryItem" ) ) {
634                        rs[i] = new Right( so, RightType.GETREPOSITORYITEM, constraints );
635                    } else if ( rights[i].equalsIgnoreCase( "GetRepositoryItem_response" ) ) {
636                        rs[i] = new Right( so, RightType.GETREPOSITORYITEM_RESPONSE, constraints );
637                    } else {
638                        System.out.println( "unknown right: " + rights[i] );
639                    }
640                }
641    
642                transaction.addRights( so, transaction.getRoleByName( role ), rs );
643                manager.commitTransaction( transaction );
644            } catch ( Exception e ) {
645                e.printStackTrace();
646                try {
647                    manager.abortTransaction( transaction );
648                } catch ( GeneralSecurityException me ) {
649                    me.printStackTrace();
650                }
651            }
652        }
653    
654        /**
655         * @param secObj
656         * @param soType
657         * @param role
658         * @param rights
659         */
660        public void removeRights( String secObj, String soType, String role, String[] rights ) {
661            try {
662                User user = manager.getUserByName( "SEC_ADMIN" );
663                user.authenticate( DRMAccess.secAdminPassword );
664                transaction = manager.acquireTransaction( user );
665    
666                SecuredObject so = transaction.getSecuredObjectByName( secObj, soType );
667    
668                RightType[] rs = new RightType[rights.length];
669                for ( int i = 0; i < rs.length; i++ ) {
670                    rs[i] = transaction.getRightByName( rights[i] );
671                }
672    
673                transaction.removeRights( so, transaction.getRoleByName( role ), rs );
674                manager.commitTransaction( transaction );
675            } catch ( Exception e ) {
676                e.printStackTrace();
677                try {
678                    manager.abortTransaction( transaction );
679                } catch ( GeneralSecurityException me ) {
680                    me.printStackTrace();
681                }
682            }
683        }
684    
685        /**
686         *
687         */
688        public void clean() {
689            try {
690                User user = manager.getUserByName( "SEC_ADMIN" );
691                user.authenticate( DRMAccess.secAdminPassword );
692                transaction = manager.acquireTransaction( user );
693                transaction.clean();
694                manager.commitTransaction( transaction );
695            } catch ( Exception e ) {
696                e.printStackTrace();
697            }
698        }
699    
700        /**
701         * @param user
702         * @param password
703         * @param securedObject
704         * @param type
705         * @param right
706         */
707        public void hasRight( String user, String password, String securedObject, String type, String right ) {
708            try {
709                SecurityAccessManager sam = SecurityAccessManager.getInstance();
710                User usr = sam.getUserByName( user );
711                usr.authenticate( password );
712                SecurityAccess access = sam.acquireAccess( usr );
713                SecuredObject secObj = access.getSecuredObjectByName( securedObject, type );
714                if ( !usr.hasRight( access, right, secObj ) ) {
715                    System.out.println( "You try to access a feature/resource on a "
716                                        + "securedObject you are not allowed to: " + securedObject );
717                } else {
718                    System.out.println( "the user '" + user + "' has the requested right" );
719                }
720            } catch ( WrongCredentialsException e ) {
721                e.printStackTrace();
722            } catch ( GeneralSecurityException e ) {
723                e.printStackTrace();
724            }
725        }
726    
727        private String fillString( String begin, int length ) {
728            StringBuffer sb = new StringBuffer();
729            for ( int i = 0; i < length - begin.length(); i++ ) {
730                sb.append( ' ' );
731            }
732            return begin + sb;
733        }
734    
735        /**
736         * @param userName
737         * @param secObjectType
738         */
739        public void printRights( String userName, String secObjectType ) {
740            try {
741                User secAdminUser = manager.getUserByName( "SEC_ADMIN" );
742                secAdminUser.authenticate( DRMAccess.secAdminPassword );
743                SecurityAccess access = manager.acquireAccess( secAdminUser );
744    
745                User user = access.getUserByName( userName );
746                SecuredObject[] secObjects = access.getAllSecuredObjects( secObjectType );
747                Role[] roles = user.getRoles( access );
748    
749                System.out.println( "ROLE                    SEC_OBJECT                RIGHT            CONSTRAINTS\n" );
750                for ( int i = 0; i < roles.length; i++ ) {
751                    String roleString = fillString( roles[i].getName(), 24 );
752                    for ( int j = 0; j < secObjects.length; j++ ) {
753                        String secObjectString = fillString( secObjects[j].getName(), 26 );
754                        RightSet rightSet = roles[i].getRights( access, secObjects[j] );
755                        Right[] rights = rightSet.toArray( secObjects[j] );
756                        for ( int k = 0; k < rights.length; k++ ) {
757                            String rightString = fillString( rights[k].getType().getName(), 16 );
758                            Filter filter = rights[k].getConstraints();
759                            String constraintsString = " 0";
760                            if ( filter != null ) {
761                                constraintsString = " 1";
762                            }
763                            System.out.println( roleString + secObjectString + rightString + constraintsString );
764                        }
765                    }
766                }
767            } catch ( Exception e ) {
768                e.printStackTrace();
769            }
770        }
771    
772        /**
773         *
774         *
775         */
776        private static void printHelp() {
777            System.out.println( "general definitions:" );
778            System.out.println( "-driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)" );
779            System.out.println( "-logon jdbc:odbc:security logon to database (e.g. ODBC name)" );
780            System.out.println( "-user user name (optional)" );
781            System.out.println( "-pw users password (optional)" );
782            System.out.println();
783            System.out.println( "possible actions:" );
784            System.out.println( "-action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)" );
785            System.out.println( "defines the action be performed. possible actions are listed inn brackets." );
786            System.out.println();
787            System.out.println( "action = addUser -> adds a user to the right management" );
788            System.out.println( "-name users login name" );
789            System.out.println( "-password users password" );
790            System.out.println( "-firstName the first name of the user" );
791            System.out.println( "-lastName the last name of the user" );
792            System.out.println( "-emal email address of the user" );
793            System.out.println();
794            System.out.println( "action = removeUser -> removes a user to the right management" );
795            System.out.println( "-name users login name" );
796            System.out.println();
797            System.out.println( "action = addGroup -> adds a group to the right management system" );
798            System.out.println( "-name name of the group" );
799            System.out.println( "-title title of the group" );
800            System.out.println();
801            System.out.println( "action = removeGroup -> removes a group to the right management" );
802            System.out.println( "-name groups login name" );
803            System.out.println();
804            System.out.println( "action = addRole -> adds a role to the right management system" );
805            System.out.println( "-name name of the role" );
806            System.out.println();
807            System.out.println( "action = addUserToGroup -> adds a user to a named group" );
808            System.out.println( "-userName name of the user" );
809            System.out.println( "-groupName name of the group" );
810            System.out.println();
811            System.out.println( "action = addUserToGroup -> assignes a group with a role" );
812            System.out.println( "-groupName name of the group" );
813            System.out.println( "-roleName name of the role" );
814            System.out.println();
815            System.out.println( "action = addSecuredObject -> adds a new secured object to the right management system" );
816            System.out.println( "-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)" );
817            System.out.println( "-soName name of the secured object" );
818            System.out.println( "-soTitle title of the secured object" );
819            System.out.println();
820            System.out.println( "action = removeSecuredObject -> removes a new secured object from the right management system" );
821            System.out.println( "-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)" );
822            System.out.println( "-soName name of the secured object" );
823            System.out.println();
824            System.out.println( "action = assignRights -> assigns rights on a named secured object to a role" );
825            System.out.println( "-constraints comma seperated list of absolut pathes to filter encoding files" );
826            System.out.println( "-rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints" );
827            System.out.println( "-soName name of the secured object" );
828            System.out.println( "-soType type of the secured object" );
829            System.out.println( "-role name of the role the rights shall be given to" );
830            System.out.println();
831            System.out.println( "action = removeRights removes rights on a named secured object to a role" );
832            System.out.println( "-rights comma seperated list of rights to remove." );
833            System.out.println( "-soName name of the secured object" );
834            System.out.println( "-soType type of the secured object" );
835            System.out.println( "-role name of the role the rights shall be given to" );
836            System.out.println();
837            System.out.println( "action = printRights -> print roles and associated rights of a user" );
838            System.out.println( "-userName name of the user" );
839            System.out.println( "-soType type of the secured object" );
840            System.out.println();
841            System.out.println( "action = clean -> cleans the complete right management system "
842                                + "database by deleting all entries!" );
843        }
844    
845        /**
846         * @param args
847         */
848        public static void main( String[] args ) {
849            try {
850                Properties map = new Properties();
851    
852                for ( int i = 0; i < args.length; i += 2 ) {
853                    if ( args.length >= i + 2 ) {
854                        map.put( args[i], args[i + 1] );
855                    } else {
856                        map.put( args[i], "" );
857                    }
858                }
859    
860                if ( map.containsKey( "-help" ) || map.containsKey( "-h" ) || map.containsKey( "-?" ) ) {
861                    printHelp();
862                }
863    
864                String driver = map.getProperty( "-driver" );
865                String logon = map.getProperty( "-logon" );
866                String user = map.getProperty( "-user" );
867                String password = map.getProperty( "-pw" );
868    
869                DRMAccess sac = new DRMAccess();
870                sac.setUp( driver, logon, user, password );
871    
872                String action = map.getProperty( "-action" );
873    
874                if ( action.equals( "addUser" ) ) {
875                    sac.addUser( map.getProperty( "-name" ), map.getProperty( "-password" ),
876                                 map.getProperty( "-firstName" ), map.getProperty( "-lastName" ),
877                                 map.getProperty( "-email" ) );
878                } else if ( action.equals( "removeUser" ) ) {
879                    sac.removeUser( map.getProperty( "-name" ) );
880                } else if ( action.equals( "addGroup" ) ) {
881                    sac.addGroup( map.getProperty( "-name" ), map.getProperty( "-title" ) );
882                } else if ( action.equals( "removeGroup" ) ) {
883                    sac.removeGroup( map.getProperty( "-name" ) );
884                } else if ( action.equals( "addRole" ) ) {
885                    sac.addRole( map.getProperty( "-name" ) );
886                } else if ( action.equals( "removeRole" ) ) {
887                    sac.removeRole( map.getProperty( "-name" ) );
888                } else if ( action.equals( "addUserToGroup" ) ) {
889                    sac.setGroupMemberships( map.getProperty( "-userName" ), map.getProperty( "-groupName" ) );
890                } else if ( action.equals( "assignRoleWithGroup" ) ) {
891                    sac.setRoleAssociation( map.getProperty( "-roleName" ), map.getProperty( "-groupName" ) );
892                } else if ( action.equals( "assignRoleWithUser" ) ) {
893                    sac.setUserRoleAssociation( map.getProperty( "-roleName" ), map.getProperty( "-userName" ) );
894                } else if ( action.equals( "addSecuredObject" ) ) {
895                    sac.addSecuredObject( map.getProperty( "-soType" ), map.getProperty( "-soName" ),
896                                          map.getProperty( "-soTitle" ) );
897                } else if ( action.equals( "removeSecuredObject" ) ) {
898                    sac.removeSecuredObject( map.getProperty( "-soType" ), map.getProperty( "-soName" ) );
899                } else if ( action.equals( "assignRights" ) ) {
900                    String[] filter = StringTools.toArray( map.getProperty( "-constraints" ), ",;:", false );
901                    for ( int i = 0; i < filter.length; i++ ) {
902                        if ( filter[i] != null && !filter[i].trim().equals( "-" ) && !filter[i].trim().equals( "." ) ) {
903                            RandomAccessFile raf = new RandomAccessFile( filter[i], "r" );
904                            long l = raf.length();
905                            byte[] b = new byte[(int) l];
906                            raf.read( b );
907                            raf.close();
908                            filter[i] = new String( b );
909                        } else {
910                            filter[i] = null;
911                        }
912                    }
913                    String[] rights = StringTools.toArray( map.getProperty( "-rights" ), ",:;", false );
914                    sac.assignRights( filter, map.getProperty( "-soName" ), map.getProperty( "-soType" ),
915                                      map.getProperty( "-role" ), rights );
916                } else if ( action.equals( "removeRights" ) ) {
917                    String[] rights = StringTools.toArray( map.getProperty( "-rights" ), ",", false );
918                    sac.removeRights( map.getProperty( "-soName" ), map.getProperty( "-soType" ),
919                                      map.getProperty( "-role" ), rights );
920                } else if ( action.equals( "hasRight" ) ) {
921                    sac.hasRight( map.getProperty( "-userName" ), map.getProperty( "-password" ),
922                                  map.getProperty( "-soName" ), map.getProperty( "-soType" ), map.getProperty( "-right" ) );
923                } else if ( action.equals( "clean" ) ) {
924                    sac.clean();
925                } else if ( action.equals( "printRights" ) ) {
926                    sac.printRights( map.getProperty( "-userName" ), map.getProperty( "-soType" ) );
927                }
928    
929                try {
930                    Thread.sleep( 100 );
931                } catch ( Exception e ) {
932                    // just waiting
933                }
934                System.out.println( "finished" );
935                System.exit( 0 );
936            } catch ( FileNotFoundException e ) {
937                e.printStackTrace();
938            } catch ( IOException e ) {
939                e.printStackTrace();
940            } catch ( Exception e ) {
941                e.printStackTrace();
942            }
943        }
944    }