001 // $HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/tools/security/DRMAccess.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036
037 package org.deegree.tools.security;
038
039 import java.io.FileNotFoundException;
040 import java.io.IOException;
041 import java.io.InputStream;
042 import java.io.RandomAccessFile;
043 import java.io.StringReader;
044 import java.util.ArrayList;
045 import java.util.Arrays;
046 import java.util.Iterator;
047 import java.util.List;
048 import java.util.Properties;
049
050 import org.deegree.framework.util.BootLogger;
051 import org.deegree.framework.util.StringTools;
052 import org.deegree.framework.xml.XMLTools;
053 import org.deegree.model.filterencoding.AbstractFilter;
054 import org.deegree.model.filterencoding.Filter;
055 import org.deegree.security.GeneralSecurityException;
056 import org.deegree.security.drm.SecurityAccess;
057 import org.deegree.security.drm.SecurityAccessManager;
058 import org.deegree.security.drm.SecurityTransaction;
059 import org.deegree.security.drm.WrongCredentialsException;
060 import org.deegree.security.drm.model.Group;
061 import org.deegree.security.drm.model.Right;
062 import org.deegree.security.drm.model.RightSet;
063 import org.deegree.security.drm.model.RightType;
064 import org.deegree.security.drm.model.Role;
065 import org.deegree.security.drm.model.SecuredObject;
066 import org.deegree.security.drm.model.User;
067 import org.w3c.dom.Document;
068
069 /**
070 * tool class to handle deegree sercurity administration using commandline calls:
071 *
072 * <pre>
073 * general definitions:
074 * -driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)
075 * -logon jdbc:odbc:security logon to database (e.g. ODBC name)
076 * -user user name (optional)
077 * -password users password (optional)
078 *
079 * possible actions:
080 * -action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)
081 * defines the action be performed. possible actions are listed inn brackets.
082 *
083 * action = addUser -> adds a user to the right management
084 * -name users login name
085 * -password users password
086 * -firstName the first name of the user
087 * -lastName the last name of the user
088 * -emal email address of the user
089 *
090 * action = removeUser -> removes a user to the right management
091 * -name users login name
092 *
093 * action = addGroup -> adds a group to the right management system
094 * -name name of the group
095 * -title title of the group
096 *
097 * action = removeGroup -> removes a group to the right management
098 * -name groups login name
099 *
100 * action = addRole -> adds a role to the right management system
101 * -name name of the role
102 *
103 * action = addUserToGroup -> adds a user to a named group
104 * -userName name of the user
105 * -groupName name of the group
106 *
107 * action = addUserToGroup -> assignes a group with a role
108 * -groupName name of the group
109 * -roleName name of the role
110 *
111 * action = addSecuredObject -> adds a new secured object to the right management system
112 * -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
113 * -soName name of the secured object
114 * -soTitle title of the secured object
115 *
116 * action = removeSecuredObject -> removes a new secured object from the right management system
117 * -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
118 * -soName name of the secured object
119 *
120 * action = assignRights -> assigns rights on a named secured object to a role
121 * -constraints comma seperated list of absolut pathes to filter encoding files
122 * -rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints
123 * -soName name of the secured object
124 * -soType type of the secured object
125 * -role name of the role the rights shall be given to
126 *
127 * action = removeRights removes rights on a named secured object to a role
128 * -rights comma seperated list of rights to remove.
129 * -soName name of the secured object
130 * -soType type of the secured object
131 * -role name of the role the rights shall be given to
132 *
133 * action = clean -> cleans the complete right management system database by deleting all entries!
134 * </pre>
135 *
136 *
137 * @version $Revision: 18197 $
138 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
139 * @author last edited by: $Author: apoth $
140 *
141 * @version $Revision: 18197 $, $Date: 2009-06-19 13:32:15 +0200 (Fr, 19 Jun 2009) $
142 */
143 public class DRMAccess {
144
145 private static String secAdminPassword = "JOSE67";
146
147 private SecurityAccessManager manager;
148
149 private SecurityTransaction transaction;
150
151 static private Properties prop = new Properties();
152
153 /**
154 * Initialization done at class loading time.
155 */
156 static {
157 try {
158 String fileName = "sec.properties";
159 InputStream is = DRMAccess.class.getResourceAsStream( fileName );
160 if ( is == null ) {
161 BootLogger.log( "Error while initializing " + DRMAccess.class.getName() + " : "
162 + " default message file: '" + fileName + " not found." );
163 }
164 is = DRMAccess.class.getResourceAsStream( fileName );
165 prop.load( is );
166 is.close();
167
168 // override messages using file "/sec.properties"
169 fileName = "/sec.properties";
170 overrideMessages( fileName, prop );
171
172 } catch ( IOException e ) {
173 BootLogger.logError( "Error while initializing " + DRMAccess.class.getName() + " : " + e.getMessage(), e );
174 }
175 }
176
177 /**
178 * @throws IOException
179 */
180 public DRMAccess() throws IOException {
181 secAdminPassword = prop.getProperty( "adminpass" );
182 }
183
184 private static void overrideMessages( String propertiesFile, Properties props )
185 throws IOException {
186 InputStream is = DRMAccess.class.getResourceAsStream( propertiesFile );
187 if ( is != null ) {
188 // override default messages
189 Properties overrideProps = new Properties();
190 overrideProps.load( is );
191 is.close();
192 Iterator<?> iter = overrideProps.keySet().iterator();
193 while ( iter.hasNext() ) {
194 String key = (String) iter.next();
195 props.put( key, overrideProps.get( key ) );
196 }
197 }
198 }
199
200 /**
201 * @param driver
202 * @param logon
203 * @param user
204 * @param password
205 * @throws Exception
206 */
207 protected void setUp( String driver, String logon, String user, String password )
208 throws Exception {
209 Properties properties = new Properties();
210 properties.setProperty( "driver", driver );
211 properties.setProperty( "url", logon );
212 if ( user == null )
213 user = "";
214 properties.setProperty( "user", user );
215 if ( password == null )
216 password = "";
217 properties.setProperty( "password", password );
218 try {
219 manager = SecurityAccessManager.getInstance();
220 } catch ( GeneralSecurityException e ) {
221 try {
222 System.out.println( properties );
223 SecurityAccessManager.initialize( "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000 );
224 manager = SecurityAccessManager.getInstance();
225
226 } catch ( GeneralSecurityException e1 ) {
227 e1.printStackTrace();
228 }
229 }
230 }
231
232 /**
233 *
234 */
235 public void GetUsers() {
236 try {
237 User user = manager.getUserByName( "SEC_ADMIN" );
238 user.authenticate( DRMAccess.secAdminPassword );
239 transaction = manager.acquireTransaction( user );
240 User[] users = transaction.getAllUsers();
241 for ( int i = 0; i < users.length; i++ ) {
242 System.out.println( "User " + i + ": " + users[i].getName() );
243 }
244 } catch ( Exception e ) {
245 e.printStackTrace();
246 }
247 }
248
249 /**
250 *
251 * @param name
252 * @param password
253 * @param firstName
254 * @param lastName
255 * @param email
256 */
257 public void addUser( String name, String password, String firstName, String lastName, String email ) {
258 try {
259 User user = manager.getUserByName( "SEC_ADMIN" );
260 user.authenticate( DRMAccess.secAdminPassword );
261 transaction = manager.acquireTransaction( user );
262 transaction.registerUser( name, password, firstName, lastName, email );
263
264 manager.commitTransaction( transaction );
265 } catch ( Exception e ) {
266 e.printStackTrace();
267 try {
268 manager.abortTransaction( transaction );
269 } catch ( GeneralSecurityException me ) {
270 me.printStackTrace();
271 }
272
273 }
274 }
275
276 /**
277 *
278 * @param name
279 */
280 public void removeUser( String name ) {
281 try {
282 User user = manager.getUserByName( "SEC_ADMIN" );
283 user.authenticate( DRMAccess.secAdminPassword );
284 transaction = manager.acquireTransaction( user );
285 user = transaction.getUserByName( name );
286 transaction.deregisterUser( user );
287 manager.commitTransaction( transaction );
288 } catch ( Exception e ) {
289 e.printStackTrace();
290 }
291 }
292
293 /**
294 *
295 * @param name
296 * @param password
297 * @return the user
298 */
299 public User login( String name, String password ) {
300 User user = null;
301 try {
302 user = manager.getUserByName( "SEC_ADMIN" );
303 user.authenticate( DRMAccess.secAdminPassword );
304 transaction = manager.acquireTransaction( user );
305 user = transaction.getUserByName( name );
306 try {
307 user.authenticate( password );
308 } catch ( WrongCredentialsException e ) {
309 System.out.println( "failed." );
310 }
311 } catch ( Exception e ) {
312 e.printStackTrace();
313 try {
314 manager.abortTransaction( transaction );
315 } catch ( GeneralSecurityException me ) {
316 me.printStackTrace();
317 }
318 }
319 return user;
320 }
321
322 /**
323 *
324 * @param name
325 * @param title
326 * @return the group
327 */
328 public Group addGroup( String name, String title ) {
329 Group humans = null;
330 try {
331 User user = manager.getUserByName( "SEC_ADMIN" );
332 user.authenticate( DRMAccess.secAdminPassword );
333 transaction = manager.acquireTransaction( user );
334
335 humans = transaction.registerGroup( name, title );
336 manager.commitTransaction( transaction );
337 } catch ( Exception e ) {
338 e.printStackTrace();
339 try {
340 manager.abortTransaction( transaction );
341 } catch ( GeneralSecurityException me ) {
342 me.printStackTrace();
343 }
344 }
345 return humans;
346 }
347
348 /**
349 *
350 * @param name
351 */
352 public void removeGroup( String name ) {
353
354 try {
355 User user = manager.getUserByName( "SEC_ADMIN" );
356 user.authenticate( DRMAccess.secAdminPassword );
357 transaction = manager.acquireTransaction( user );
358
359 Group group = transaction.getGroupByName( name );
360 transaction.deregisterGroup( group );
361 manager.commitTransaction( transaction );
362 } catch ( Exception e ) {
363 e.printStackTrace();
364 try {
365 manager.abortTransaction( transaction );
366 } catch ( GeneralSecurityException me ) {
367 me.printStackTrace();
368 }
369 }
370 }
371
372 /**
373 *
374 * @param name
375 * @return the role
376 */
377 public Role addRole( String name ) {
378 Role role = null;
379 try {
380 User user = manager.getUserByName( "SEC_ADMIN" );
381 user.authenticate( DRMAccess.secAdminPassword );
382 transaction = manager.acquireTransaction( user );
383
384 role = transaction.registerRole( name );
385 manager.commitTransaction( transaction );
386 } catch ( Exception e ) {
387 e.printStackTrace();
388 try {
389 manager.abortTransaction( transaction );
390 } catch ( GeneralSecurityException me ) {
391 me.printStackTrace();
392 }
393 }
394 return role;
395 }
396
397 /**
398 *
399 * @param name
400 */
401 public void removeRole( String name ) {
402
403 try {
404 User user = manager.getUserByName( "SEC_ADMIN" );
405 user.authenticate( DRMAccess.secAdminPassword );
406 transaction = manager.acquireTransaction( user );
407
408 Role role = transaction.getRoleByName( name );
409 transaction.deregisterRole( role );
410 manager.commitTransaction( transaction );
411 } catch ( Exception e ) {
412 e.printStackTrace();
413 try {
414 manager.abortTransaction( transaction );
415 } catch ( GeneralSecurityException me ) {
416 me.printStackTrace();
417 }
418 }
419
420 }
421
422 /**
423 * @param userName
424 * @param group
425 */
426 public void setGroupMemberships( String userName, String group ) {
427
428 try {
429 User user = manager.getUserByName( "SEC_ADMIN" );
430 user.authenticate( DRMAccess.secAdminPassword );
431 transaction = manager.acquireTransaction( user );
432
433 User jon = transaction.getUserByName( userName );
434 Group humans = transaction.getGroupByName( group );
435 User[] users = humans.getUsers( transaction );
436 List<User> list = Arrays.asList( users );
437 ArrayList<User> aList = new ArrayList<User>( list );
438 aList.add( jon );
439 users = aList.toArray( new User[aList.size()] );
440 transaction.setUsersInGroup( humans, users );
441
442 manager.commitTransaction( transaction );
443 } catch ( Exception e ) {
444 e.printStackTrace();
445 try {
446 manager.abortTransaction( transaction );
447 } catch ( GeneralSecurityException me ) {
448 me.printStackTrace();
449 }
450
451 }
452 }
453
454 /**
455 *
456 * @param role
457 * @param group
458 */
459 public void setRoleAssociation( String role, String group ) {
460 try {
461 User user = manager.getUserByName( "SEC_ADMIN" );
462 user.authenticate( DRMAccess.secAdminPassword );
463 transaction = manager.acquireTransaction( user );
464
465 Group humans = transaction.getGroupByName( group );
466 Role canOpener = transaction.getRoleByName( role );
467 Group[] groups = canOpener.getGroups( transaction );
468 List<Group> list = Arrays.asList( groups );
469 ArrayList<Group> aList = new ArrayList<Group>( list );
470 aList.add( humans );
471 groups = aList.toArray( new Group[aList.size()] );
472 transaction.setGroupsWithRole( canOpener, groups );
473 manager.commitTransaction( transaction );
474 } catch ( Exception e ) {
475 e.printStackTrace();
476 try {
477 manager.abortTransaction( transaction );
478 } catch ( GeneralSecurityException me ) {
479 me.printStackTrace();
480 }
481
482 }
483 }
484
485 /**
486 *
487 * @param role
488 * @param user
489 */
490 public void setUserRoleAssociation( String role, String user ) {
491 try {
492 User u = manager.getUserByName( "SEC_ADMIN" );
493 u.authenticate( DRMAccess.secAdminPassword );
494 transaction = manager.acquireTransaction( u );
495 User us = transaction.getUserByName( user );
496 Role canOpener = transaction.getRoleByName( role );
497 transaction.setUsersWithRole( canOpener, new User[] { us } );
498 manager.commitTransaction( transaction );
499 } catch ( Exception e ) {
500 e.printStackTrace();
501 try {
502 manager.abortTransaction( transaction );
503 } catch ( GeneralSecurityException me ) {
504 me.printStackTrace();
505 }
506
507 }
508 }
509
510 /**
511 *
512 * @param type
513 * @param name
514 * @param title
515 */
516 public void addSecuredObject( String type, String name, String title ) {
517 try {
518 User user = manager.getUserByName( "SEC_ADMIN" );
519 user.authenticate( DRMAccess.secAdminPassword );
520 transaction = manager.acquireTransaction( user );
521 transaction.registerSecuredObject( type, name, title );
522 manager.commitTransaction( transaction );
523 } catch ( Exception e ) {
524 e.printStackTrace();
525 try {
526 manager.abortTransaction( transaction );
527 } catch ( GeneralSecurityException me ) {
528 me.printStackTrace();
529 }
530
531 }
532 }
533
534 /**
535 *
536 * @param type
537 * @param name
538 */
539 public void removeSecuredObject( String type, String name ) {
540 try {
541 User user = manager.getUserByName( "SEC_ADMIN" );
542 user.authenticate( DRMAccess.secAdminPassword );
543 transaction = manager.acquireTransaction( user );
544 SecuredObject so = transaction.getSecuredObjectByName( name, type );
545 transaction.deregisterSecuredObject( so );
546 manager.commitTransaction( transaction );
547 } catch ( Exception e ) {
548 e.printStackTrace();
549 try {
550 manager.abortTransaction( transaction );
551 } catch ( GeneralSecurityException me ) {
552 me.printStackTrace();
553 }
554
555 }
556 }
557
558 /**
559 *
560 * @param filter
561 * @param secObj
562 * @param soType
563 * @param role
564 * @param rights
565 */
566 public void assignRights( String[] filter, String secObj, String soType, String role, String[] rights ) {
567 try {
568 User user = manager.getUserByName( "SEC_ADMIN" );
569 user.authenticate( DRMAccess.secAdminPassword );
570 transaction = manager.acquireTransaction( user );
571
572 SecuredObject so = transaction.getSecuredObjectByName( secObj, soType );
573
574 Right[] rs = new Right[rights.length];
575 for ( int i = 0; i < rs.length; i++ ) {
576 Filter constraints = null;
577 if ( filter[i] != null ) {
578 Document doc = XMLTools.parse( new StringReader( filter[i] ) );
579 constraints = AbstractFilter.buildFromDOM( doc.getDocumentElement(), false );
580 }
581 if ( rights[i].equalsIgnoreCase( "getmap" ) ) {
582 rs[i] = new Right( so, RightType.GETMAP, constraints );
583 } else if ( rights[i].equalsIgnoreCase( "getmap_response" ) ) {
584 rs[i] = new Right( so, RightType.GETMAP_RESPONSE, constraints );
585 } else if ( rights[i].equalsIgnoreCase( "getfeatureinfo" ) ) {
586 rs[i] = new Right( so, RightType.GETFEATUREINFO, constraints );
587 } else if ( rights[i].equalsIgnoreCase( "getfeatureinfo_response" ) ) {
588 rs[i] = new Right( so, RightType.GETFEATUREINFO_RESPONSE, constraints );
589 } else if ( rights[i].equalsIgnoreCase( "getlegendgraphic" ) ) {
590 rs[i] = new Right( so, RightType.GETLEGENDGRAPHIC, constraints );
591 } else if ( rights[i].equalsIgnoreCase( "getlegendgraphic_response" ) ) {
592 rs[i] = new Right( so, RightType.GETLEGENDGRAPHIC_RESPONSE, constraints );
593 } else if ( rights[i].equalsIgnoreCase( "getfeature" ) ) {
594 rs[i] = new Right( so, RightType.GETFEATURE, constraints );
595 } else if ( rights[i].equalsIgnoreCase( "getfeature_response" ) ) {
596 rs[i] = new Right( so, RightType.GETFEATURE_RESPONSE, constraints );
597 } else if ( rights[i].equalsIgnoreCase( "describefeaturetype" ) ) {
598 rs[i] = new Right( so, RightType.DESCRIBEFEATURETYPE, constraints );
599 } else if ( rights[i].equalsIgnoreCase( "describefeaturetype_response" ) ) {
600 rs[i] = new Right( so, RightType.DESCRIBEFEATURETYPE_RESPONSE, constraints );
601 } else if ( rights[i].equalsIgnoreCase( "getcoverage" ) ) {
602 rs[i] = new Right( so, RightType.GETCOVERAGE, constraints );
603 } else if ( rights[i].equalsIgnoreCase( "getcoverage_response" ) ) {
604 rs[i] = new Right( so, RightType.GETCOVERAGE_RESPONSE, constraints );
605 } else if ( rights[i].equalsIgnoreCase( "describecoverage" ) ) {
606 rs[i] = new Right( so, RightType.DESCRIBECOVERAGE, constraints );
607 } else if ( rights[i].equalsIgnoreCase( "describecoverage_response" ) ) {
608 rs[i] = new Right( so, RightType.DESCRIBECOVERAGE_RESPONSE, constraints );
609 } else if ( rights[i].equalsIgnoreCase( "getrecords" ) ) {
610 rs[i] = new Right( so, RightType.GETRECORDS, constraints );
611 } else if ( rights[i].equalsIgnoreCase( "getrecords_response" ) ) {
612 rs[i] = new Right( so, RightType.GETRECORDS_RESPONSE, constraints );
613 } else if ( rights[i].equalsIgnoreCase( "getrecordbyid" ) ) {
614 rs[i] = new Right( so, RightType.GETRECORDBYID, constraints );
615 } else if ( rights[i].equalsIgnoreCase( "getrecordbyid_response" ) ) {
616 rs[i] = new Right( so, RightType.GETRECORDBYID_RESPONSE, constraints );
617 } else if ( rights[i].equalsIgnoreCase( "describerecordtype" ) ) {
618 rs[i] = new Right( so, RightType.DESCRIBERECORDTYPE, constraints );
619 } else if ( rights[i].equalsIgnoreCase( "describerecordtype_response" ) ) {
620 rs[i] = new Right( so, RightType.DESCRIBERECORDTYPE_RESPONSE, constraints );
621 } else if ( rights[i].equalsIgnoreCase( "delete" ) ) {
622 rs[i] = new Right( so, RightType.DELETE, constraints );
623 } else if ( rights[i].equalsIgnoreCase( "delete_response" ) ) {
624 rs[i] = new Right( so, RightType.DELETE_RESPONSE, constraints );
625 } else if ( rights[i].equalsIgnoreCase( "update" ) ) {
626 rs[i] = new Right( so, RightType.UPDATE, constraints );
627 } else if ( rights[i].equalsIgnoreCase( "update_response" ) ) {
628 rs[i] = new Right( so, RightType.UPDATE_RESPONSE, constraints );
629 } else if ( rights[i].equalsIgnoreCase( "insert" ) ) {
630 rs[i] = new Right( so, RightType.INSERT, constraints );
631 } else if ( rights[i].equalsIgnoreCase( "insert_response" ) ) {
632 rs[i] = new Right( so, RightType.INSERT_RESPONSE, constraints );
633 } else if ( rights[i].equalsIgnoreCase( "GetRepositoryItem" ) ) {
634 rs[i] = new Right( so, RightType.GETREPOSITORYITEM, constraints );
635 } else if ( rights[i].equalsIgnoreCase( "GetRepositoryItem_response" ) ) {
636 rs[i] = new Right( so, RightType.GETREPOSITORYITEM_RESPONSE, constraints );
637 } else {
638 System.out.println( "unknown right: " + rights[i] );
639 }
640 }
641
642 transaction.addRights( so, transaction.getRoleByName( role ), rs );
643 manager.commitTransaction( transaction );
644 } catch ( Exception e ) {
645 e.printStackTrace();
646 try {
647 manager.abortTransaction( transaction );
648 } catch ( GeneralSecurityException me ) {
649 me.printStackTrace();
650 }
651 }
652 }
653
654 /**
655 * @param secObj
656 * @param soType
657 * @param role
658 * @param rights
659 */
660 public void removeRights( String secObj, String soType, String role, String[] rights ) {
661 try {
662 User user = manager.getUserByName( "SEC_ADMIN" );
663 user.authenticate( DRMAccess.secAdminPassword );
664 transaction = manager.acquireTransaction( user );
665
666 SecuredObject so = transaction.getSecuredObjectByName( secObj, soType );
667
668 RightType[] rs = new RightType[rights.length];
669 for ( int i = 0; i < rs.length; i++ ) {
670 rs[i] = transaction.getRightByName( rights[i] );
671 }
672
673 transaction.removeRights( so, transaction.getRoleByName( role ), rs );
674 manager.commitTransaction( transaction );
675 } catch ( Exception e ) {
676 e.printStackTrace();
677 try {
678 manager.abortTransaction( transaction );
679 } catch ( GeneralSecurityException me ) {
680 me.printStackTrace();
681 }
682 }
683 }
684
685 /**
686 *
687 */
688 public void clean() {
689 try {
690 User user = manager.getUserByName( "SEC_ADMIN" );
691 user.authenticate( DRMAccess.secAdminPassword );
692 transaction = manager.acquireTransaction( user );
693 transaction.clean();
694 manager.commitTransaction( transaction );
695 } catch ( Exception e ) {
696 e.printStackTrace();
697 }
698 }
699
700 /**
701 * @param user
702 * @param password
703 * @param securedObject
704 * @param type
705 * @param right
706 */
707 public void hasRight( String user, String password, String securedObject, String type, String right ) {
708 try {
709 SecurityAccessManager sam = SecurityAccessManager.getInstance();
710 User usr = sam.getUserByName( user );
711 usr.authenticate( password );
712 SecurityAccess access = sam.acquireAccess( usr );
713 SecuredObject secObj = access.getSecuredObjectByName( securedObject, type );
714 if ( !usr.hasRight( access, right, secObj ) ) {
715 System.out.println( "You try to access a feature/resource on a "
716 + "securedObject you are not allowed to: " + securedObject );
717 } else {
718 System.out.println( "the user '" + user + "' has the requested right" );
719 }
720 } catch ( WrongCredentialsException e ) {
721 e.printStackTrace();
722 } catch ( GeneralSecurityException e ) {
723 e.printStackTrace();
724 }
725 }
726
727 private String fillString( String begin, int length ) {
728 StringBuffer sb = new StringBuffer();
729 for ( int i = 0; i < length - begin.length(); i++ ) {
730 sb.append( ' ' );
731 }
732 return begin + sb;
733 }
734
735 /**
736 * @param userName
737 * @param secObjectType
738 */
739 public void printRights( String userName, String secObjectType ) {
740 try {
741 User secAdminUser = manager.getUserByName( "SEC_ADMIN" );
742 secAdminUser.authenticate( DRMAccess.secAdminPassword );
743 SecurityAccess access = manager.acquireAccess( secAdminUser );
744
745 User user = access.getUserByName( userName );
746 SecuredObject[] secObjects = access.getAllSecuredObjects( secObjectType );
747 Role[] roles = user.getRoles( access );
748
749 System.out.println( "ROLE SEC_OBJECT RIGHT CONSTRAINTS\n" );
750 for ( int i = 0; i < roles.length; i++ ) {
751 String roleString = fillString( roles[i].getName(), 24 );
752 for ( int j = 0; j < secObjects.length; j++ ) {
753 String secObjectString = fillString( secObjects[j].getName(), 26 );
754 RightSet rightSet = roles[i].getRights( access, secObjects[j] );
755 Right[] rights = rightSet.toArray( secObjects[j] );
756 for ( int k = 0; k < rights.length; k++ ) {
757 String rightString = fillString( rights[k].getType().getName(), 16 );
758 Filter filter = rights[k].getConstraints();
759 String constraintsString = " 0";
760 if ( filter != null ) {
761 constraintsString = " 1";
762 }
763 System.out.println( roleString + secObjectString + rightString + constraintsString );
764 }
765 }
766 }
767 } catch ( Exception e ) {
768 e.printStackTrace();
769 }
770 }
771
772 /**
773 *
774 *
775 */
776 private static void printHelp() {
777 System.out.println( "general definitions:" );
778 System.out.println( "-driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)" );
779 System.out.println( "-logon jdbc:odbc:security logon to database (e.g. ODBC name)" );
780 System.out.println( "-user user name (optional)" );
781 System.out.println( "-pw users password (optional)" );
782 System.out.println();
783 System.out.println( "possible actions:" );
784 System.out.println( "-action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)" );
785 System.out.println( "defines the action be performed. possible actions are listed inn brackets." );
786 System.out.println();
787 System.out.println( "action = addUser -> adds a user to the right management" );
788 System.out.println( "-name users login name" );
789 System.out.println( "-password users password" );
790 System.out.println( "-firstName the first name of the user" );
791 System.out.println( "-lastName the last name of the user" );
792 System.out.println( "-emal email address of the user" );
793 System.out.println();
794 System.out.println( "action = removeUser -> removes a user to the right management" );
795 System.out.println( "-name users login name" );
796 System.out.println();
797 System.out.println( "action = addGroup -> adds a group to the right management system" );
798 System.out.println( "-name name of the group" );
799 System.out.println( "-title title of the group" );
800 System.out.println();
801 System.out.println( "action = removeGroup -> removes a group to the right management" );
802 System.out.println( "-name groups login name" );
803 System.out.println();
804 System.out.println( "action = addRole -> adds a role to the right management system" );
805 System.out.println( "-name name of the role" );
806 System.out.println();
807 System.out.println( "action = addUserToGroup -> adds a user to a named group" );
808 System.out.println( "-userName name of the user" );
809 System.out.println( "-groupName name of the group" );
810 System.out.println();
811 System.out.println( "action = addUserToGroup -> assignes a group with a role" );
812 System.out.println( "-groupName name of the group" );
813 System.out.println( "-roleName name of the role" );
814 System.out.println();
815 System.out.println( "action = addSecuredObject -> adds a new secured object to the right management system" );
816 System.out.println( "-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)" );
817 System.out.println( "-soName name of the secured object" );
818 System.out.println( "-soTitle title of the secured object" );
819 System.out.println();
820 System.out.println( "action = removeSecuredObject -> removes a new secured object from the right management system" );
821 System.out.println( "-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)" );
822 System.out.println( "-soName name of the secured object" );
823 System.out.println();
824 System.out.println( "action = assignRights -> assigns rights on a named secured object to a role" );
825 System.out.println( "-constraints comma seperated list of absolut pathes to filter encoding files" );
826 System.out.println( "-rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints" );
827 System.out.println( "-soName name of the secured object" );
828 System.out.println( "-soType type of the secured object" );
829 System.out.println( "-role name of the role the rights shall be given to" );
830 System.out.println();
831 System.out.println( "action = removeRights removes rights on a named secured object to a role" );
832 System.out.println( "-rights comma seperated list of rights to remove." );
833 System.out.println( "-soName name of the secured object" );
834 System.out.println( "-soType type of the secured object" );
835 System.out.println( "-role name of the role the rights shall be given to" );
836 System.out.println();
837 System.out.println( "action = printRights -> print roles and associated rights of a user" );
838 System.out.println( "-userName name of the user" );
839 System.out.println( "-soType type of the secured object" );
840 System.out.println();
841 System.out.println( "action = clean -> cleans the complete right management system "
842 + "database by deleting all entries!" );
843 }
844
845 /**
846 * @param args
847 */
848 public static void main( String[] args ) {
849 try {
850 Properties map = new Properties();
851
852 for ( int i = 0; i < args.length; i += 2 ) {
853 if ( args.length >= i + 2 ) {
854 map.put( args[i], args[i + 1] );
855 } else {
856 map.put( args[i], "" );
857 }
858 }
859
860 if ( map.containsKey( "-help" ) || map.containsKey( "-h" ) || map.containsKey( "-?" ) ) {
861 printHelp();
862 }
863
864 String driver = map.getProperty( "-driver" );
865 String logon = map.getProperty( "-logon" );
866 String user = map.getProperty( "-user" );
867 String password = map.getProperty( "-pw" );
868
869 DRMAccess sac = new DRMAccess();
870 sac.setUp( driver, logon, user, password );
871
872 String action = map.getProperty( "-action" );
873
874 if ( action.equals( "addUser" ) ) {
875 sac.addUser( map.getProperty( "-name" ), map.getProperty( "-password" ),
876 map.getProperty( "-firstName" ), map.getProperty( "-lastName" ),
877 map.getProperty( "-email" ) );
878 } else if ( action.equals( "removeUser" ) ) {
879 sac.removeUser( map.getProperty( "-name" ) );
880 } else if ( action.equals( "addGroup" ) ) {
881 sac.addGroup( map.getProperty( "-name" ), map.getProperty( "-title" ) );
882 } else if ( action.equals( "removeGroup" ) ) {
883 sac.removeGroup( map.getProperty( "-name" ) );
884 } else if ( action.equals( "addRole" ) ) {
885 sac.addRole( map.getProperty( "-name" ) );
886 } else if ( action.equals( "removeRole" ) ) {
887 sac.removeRole( map.getProperty( "-name" ) );
888 } else if ( action.equals( "addUserToGroup" ) ) {
889 sac.setGroupMemberships( map.getProperty( "-userName" ), map.getProperty( "-groupName" ) );
890 } else if ( action.equals( "assignRoleWithGroup" ) ) {
891 sac.setRoleAssociation( map.getProperty( "-roleName" ), map.getProperty( "-groupName" ) );
892 } else if ( action.equals( "assignRoleWithUser" ) ) {
893 sac.setUserRoleAssociation( map.getProperty( "-roleName" ), map.getProperty( "-userName" ) );
894 } else if ( action.equals( "addSecuredObject" ) ) {
895 sac.addSecuredObject( map.getProperty( "-soType" ), map.getProperty( "-soName" ),
896 map.getProperty( "-soTitle" ) );
897 } else if ( action.equals( "removeSecuredObject" ) ) {
898 sac.removeSecuredObject( map.getProperty( "-soType" ), map.getProperty( "-soName" ) );
899 } else if ( action.equals( "assignRights" ) ) {
900 String[] filter = StringTools.toArray( map.getProperty( "-constraints" ), ",;:", false );
901 for ( int i = 0; i < filter.length; i++ ) {
902 if ( filter[i] != null && !filter[i].trim().equals( "-" ) && !filter[i].trim().equals( "." ) ) {
903 RandomAccessFile raf = new RandomAccessFile( filter[i], "r" );
904 long l = raf.length();
905 byte[] b = new byte[(int) l];
906 raf.read( b );
907 raf.close();
908 filter[i] = new String( b );
909 } else {
910 filter[i] = null;
911 }
912 }
913 String[] rights = StringTools.toArray( map.getProperty( "-rights" ), ",:;", false );
914 sac.assignRights( filter, map.getProperty( "-soName" ), map.getProperty( "-soType" ),
915 map.getProperty( "-role" ), rights );
916 } else if ( action.equals( "removeRights" ) ) {
917 String[] rights = StringTools.toArray( map.getProperty( "-rights" ), ",", false );
918 sac.removeRights( map.getProperty( "-soName" ), map.getProperty( "-soType" ),
919 map.getProperty( "-role" ), rights );
920 } else if ( action.equals( "hasRight" ) ) {
921 sac.hasRight( map.getProperty( "-userName" ), map.getProperty( "-password" ),
922 map.getProperty( "-soName" ), map.getProperty( "-soType" ), map.getProperty( "-right" ) );
923 } else if ( action.equals( "clean" ) ) {
924 sac.clean();
925 } else if ( action.equals( "printRights" ) ) {
926 sac.printRights( map.getProperty( "-userName" ), map.getProperty( "-soType" ) );
927 }
928
929 try {
930 Thread.sleep( 100 );
931 } catch ( Exception e ) {
932 // just waiting
933 }
934 System.out.println( "finished" );
935 System.exit( 0 );
936 } catch ( FileNotFoundException e ) {
937 e.printStackTrace();
938 } catch ( IOException e ) {
939 e.printStackTrace();
940 } catch ( Exception e ) {
941 e.printStackTrace();
942 }
943 }
944 }