001    //$HeadURL: svn+ssh://developername@svn.wald.intevation.org/deegree/base/trunk/resources/eclipse/files_template.xml $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005     - Department of Geography, University of Bonn -
006     and
007     - lat/lon GmbH -
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035     ----------------------------------------------------------------------------*/
036    package org.deegree.portal.cataloguemanager.servlet;
037    
038    import java.io.IOException;
039    import java.net.URI;
040    
041    import javax.servlet.Filter;
042    import javax.servlet.FilterChain;
043    import javax.servlet.FilterConfig;
044    import javax.servlet.ServletException;
045    import javax.servlet.ServletRequest;
046    import javax.servlet.ServletResponse;
047    import javax.servlet.http.HttpServletRequest;
048    
049    import org.deegree.datatypes.QualifiedName;
050    import org.deegree.enterprise.servlet.ServletRequestWrapper;
051    import org.deegree.framework.log.ILogger;
052    import org.deegree.framework.log.LoggerFactory;
053    import org.deegree.framework.xml.XMLFragment;
054    import org.deegree.model.filterencoding.ComplexFilter;
055    import org.deegree.model.filterencoding.Expression;
056    import org.deegree.model.filterencoding.Operation;
057    import org.deegree.model.filterencoding.OperationDefines;
058    import org.deegree.model.filterencoding.PropertyIsNullOperation;
059    import org.deegree.model.filterencoding.PropertyName;
060    import org.deegree.ogcwebservices.OGCRequestFactory;
061    import org.deegree.ogcwebservices.OGCWebServiceException;
062    import org.deegree.ogcwebservices.OGCWebServiceRequest;
063    import org.deegree.ogcwebservices.csw.discovery.GetRecords;
064    import org.deegree.ogcwebservices.csw.discovery.Query;
065    import org.deegree.ogcwebservices.csw.discovery.XMLFactory;
066    import org.deegree.ogcwebservices.csw.manager.Transaction;
067    
068    /**
069     * TODO add class documentation here
070     * 
071     * @author <a href="mailto:name@deegree.org">Andreas Poth</a>
072     * @author last edited by: $Author: admin $
073     * 
074     * @version $Revision: $, $Date: $
075     */
076    public class SimpleCSWFilter implements Filter {
077    
078        private static ILogger LOG = LoggerFactory.getLogger( SimpleCSWFilter.class );
079    
080        /*
081         * (non-Javadoc)
082         * 
083         * @see javax.servlet.Filter#destroy()
084         */
085        public void destroy() {
086            // TODO Auto-generated method stub
087        }
088    
089        /*
090         * (non-Javadoc)
091         * 
092         * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
093         */
094        public void init( FilterConfig config )
095                                throws ServletException {
096            // TODO Auto-generated method stub
097        }
098    
099        /*
100         * (non-Javadoc)
101         * 
102         * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
103         * javax.servlet.FilterChain)
104         */
105        public void doFilter( ServletRequest req, ServletResponse res, FilterChain chain )
106                                throws IOException, ServletException {
107    
108            String userName = null;
109            if ( ( (HttpServletRequest) req ).getUserPrincipal() != null ) {
110                userName = ( (HttpServletRequest) req ).getUserPrincipal().getName();
111            }
112            LOG.logInfo( "user name: ", userName );
113            if ( "cmEditor".equals( userName ) || "cmAdmin".equals( userName ) ) {
114                chain.doFilter( req, res );
115            } else {
116                ServletRequestWrapper requestWrapper = null;
117    
118                if ( req instanceof ServletRequestWrapper ) {
119                    LOG.logDebug( "OWSProxySerlvetFilter: the incoming request is actually an org.deegree.enterprise.servlet.RequestWrapper, so not creating new instance." );
120                    requestWrapper = (ServletRequestWrapper) req;
121                } else {
122                    requestWrapper = new ServletRequestWrapper( (HttpServletRequest) req );
123                }
124                LOG.logDebug( "ConfigurableOWSProxyServletFilter: GetContentype(): " + requestWrapper.getContentType() );
125    
126                OGCWebServiceRequest owsReq = null;
127                try {
128                    owsReq = OGCRequestFactory.create( requestWrapper );
129                } catch ( OGCWebServiceException e ) {
130                    LOG.logError( "OWSProxyServletFilter: Couln't create an OGCWebserviceRequest because: "
131                                  + e.getMessage(), e );
132                    throw new ServletException( e.getMessage() );
133                }
134                if ( owsReq instanceof Transaction ) {
135                    throw new ServletException( "user: " + userName + " is not allowed to perform CSW transactions" );
136                } else if ( owsReq instanceof GetRecords && !"cmUser".equals( userName ) && !"cmEditor".equals( userName )
137                            && !"cmAdmin".equals( userName ) ) {
138                    //owsReq = addFilter( (GetRecords) owsReq );
139                }
140    
141                try {
142                    XMLFragment doc = null;
143                    if ( owsReq instanceof Transaction ) {
144                        doc = org.deegree.ogcwebservices.csw.manager.XMLFactory.export( (Transaction) owsReq );
145                    } else if ( owsReq instanceof GetRecords ) {
146                        doc = XMLFactory.exportWithVersion( (GetRecords) owsReq );
147                    }
148                    if ( doc != null ) {
149                        requestWrapper.setInputStreamAsByteArray( doc.getAsString().getBytes() );
150                    }
151                } catch ( Exception e ) {
152                    throw new ServletException( e );
153                }
154                chain.doFilter( requestWrapper, res );
155            }
156        }
157    
158        private GetRecords addFilter( GetRecords casreq ) {
159            Query query = casreq.getQuery();
160            ComplexFilter qFilter = (ComplexFilter) query.getContraint();
161            QualifiedName qn = new QualifiedName( "AccessConstraints",
162                                                  URI.create( "http://www.opengis.net/cat/csw/apiso/1.0" ) );
163            Expression exp1 = new PropertyName( qn );
164    
165            Operation op = new PropertyIsNullOperation( (PropertyName) exp1 );
166            org.deegree.model.filterencoding.Filter filter = new ComplexFilter( op );
167            if ( qFilter instanceof ComplexFilter ) {
168                filter = new ComplexFilter( qFilter, (ComplexFilter) filter, OperationDefines.AND );
169            }
170    
171            // substitue query by a new one using the re-created filter
172            query = new Query( query.getElementSetName(), query.getElementSetNameTypeNamesList(),
173                               query.getElementSetNameVariables(), query.getElementNamesAsPropertyPaths(), filter,
174                               query.getSortProperties(), query.getTypeNamesAsList(), query.getDeclaredTypeNameVariables() );
175    
176            casreq.setQuery( query );
177    
178            // if ( LOG.getLevel() == ILogger.LOG_DEBUG ) {
179            // try {
180            // XMLFactory.export( casreq ).prettyPrint( System.out );
181            // } catch ( Exception e ) {
182            // }
183            // }
184            try {
185                XMLFactory.export( casreq ).prettyPrint( System.out );
186            } catch ( Exception e ) {
187            }
188            return casreq;
189        }
190    }