001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/security/control/GetSessionIDListener.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.portal.standard.security.control;
037    
038    import java.io.File;
039    import java.io.IOException;
040    import java.io.InputStream;
041    import java.util.Properties;
042    
043    import javax.servlet.http.HttpServletRequest;
044    import javax.servlet.http.HttpSession;
045    
046    import org.deegree.enterprise.control.AbstractListener;
047    import org.deegree.enterprise.control.FormEvent;
048    import org.deegree.enterprise.control.RPCMethodCall;
049    import org.deegree.enterprise.control.RPCStruct;
050    import org.deegree.enterprise.control.RPCWebEvent;
051    import org.deegree.framework.log.ILogger;
052    import org.deegree.framework.log.LoggerFactory;
053    import org.deegree.i18n.Messages;
054    
055    /**
056     * Listener to retrieve the (deegree managed) sessionID of a user.
057     *
058     * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
059     * @author last edited by: $Author: mschneider $
060     *
061     * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $
062     */
063    public class GetSessionIDListener extends AbstractListener {
064    
065        private static final ILogger LOG = LoggerFactory.getLogger( GetSessionIDListener.class );
066    
067        private static String userDir = "WEB-INF/conf/igeoportal/users/";
068    
069        /**
070         * performs a login request. the passed event contains a RPC method call containing user name
071         * and password.
072         *
073         * @param event
074         */
075        @Override
076        public void actionPerformed( FormEvent event ) {
077    
078            RPCWebEvent re = (RPCWebEvent) event;
079    
080            if ( !validateRequest( re ) ) {
081                gotoErrorPage( Messages.getMessage( "IGEO_STD_SEC_MISSING_USER" ) );
082                return;
083            }
084    
085            try {
086                // write request parameter into session to reconstruct the search form
087                HttpSession session = ( (HttpServletRequest) this.getRequest() ).getSession( true );
088                getRequest().setAttribute( "SESSIONID", session.getAttribute( "SESSIONID" ) );
089                getRequest().setAttribute( "STARTCONTEXT", getUsersStartContext( re ) );
090            } catch ( IOException e ) {
091                gotoErrorPage( Messages.getMessage( "IGEO_STD_SEC_ERROR_STARTCONTEXT" ) );
092                LOG.logError( e.getMessage(), e );
093            }
094        }
095    
096        /**
097         * validates the passed event to be valid agaist the requirements of the listener (contains user
098         * name )
099         *
100         * @param event
101         * @return boolean
102         */
103        private boolean validateRequest( RPCWebEvent event ) {
104            RPCMethodCall mc = event.getRPCMethodCall();
105            if ( mc.getParameters().length == 0 ) {
106                return false;
107            }
108            RPCStruct struct = (RPCStruct) mc.getParameters()[0].getValue();
109            if ( struct.getMember( "user" ) == null ) {
110                return false;
111            }
112    
113            return true;
114        }
115    
116        /**
117         * returns the name of the users start context. If the user does not own an individual start
118         * context the name of the default start context for all users will be returned.
119         *
120         * @param event
121         * @return String
122         * @throws IOException
123         */
124        private String getUsersStartContext( RPCWebEvent event )
125                                throws IOException {
126            RPCMethodCall mc = event.getRPCMethodCall();
127            RPCStruct struct = (RPCStruct) mc.getParameters()[0].getValue();
128            String userName = (String) struct.getMember( "user" ).getValue();
129    
130            StringBuffer dir = new StringBuffer( "users/" );
131    
132            StringBuffer sb = new StringBuffer( 300 );
133            sb.append( getHomePath() ).append( userDir ).append( userName );
134            sb.append( "/context.properties" );
135            File file = new File( sb.toString() );
136    
137            if ( !file.exists() ) {
138                sb.delete( 0, sb.length() );
139                sb.append( getHomePath() ).append( userDir ).append( "context.properties" );
140                file = new File( sb.toString() );
141            } else {
142                dir.append( userName ).append( '/' );
143            }
144    
145            Properties prop = new Properties();
146            InputStream is = file.toURL().openStream();
147            prop.load( is );
148            is.close();
149    
150            return dir.append( prop.getProperty( "STARTCONTEXT" ) ).toString();
151        }
152    
153    }