001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/security/control/InitServiceRightsEditorListener.java $ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.portal.standard.security.control; 037 038 import java.util.LinkedList; 039 import java.util.ListIterator; 040 041 import javax.servlet.ServletRequest; 042 043 import org.deegree.enterprise.control.AbstractListener; 044 import org.deegree.enterprise.control.FormEvent; 045 import org.deegree.enterprise.control.RPCException; 046 import org.deegree.enterprise.control.RPCMethodCall; 047 import org.deegree.enterprise.control.RPCParameter; 048 import org.deegree.enterprise.control.RPCWebEvent; 049 import org.deegree.framework.log.ILogger; 050 import org.deegree.framework.log.LoggerFactory; 051 import org.deegree.i18n.Messages; 052 import org.deegree.security.GeneralSecurityException; 053 import org.deegree.security.drm.SecurityAccess; 054 import org.deegree.security.drm.model.RightType; 055 import org.deegree.security.drm.model.Role; 056 import org.deegree.security.drm.model.Service; 057 import org.deegree.security.drm.model.User; 058 059 /** 060 * This <code>Listener</code> reacts on RPC-EditRole events, extracts the submitted role-id and passes the role + known 061 * securable objects on the JSP. 062 * <p> 063 * Access constraints: 064 * <ul> 065 * <li>only users that have the 'SEC_ADMIN'-role are allowed</li> 066 * </ul> 067 * 068 * @author <a href="mschneider@lat-lon.de">Markus Schneider</a> 069 * @author last edited by: $Author: aschmitz $ 070 * 071 * @version $Revision: 25490 $, $Date: 2010-07-26 11:47:34 +0200 (Mo, 26 Jul 2010) $ 072 */ 073 public class InitServiceRightsEditorListener extends AbstractListener { 074 075 private static final ILogger LOG = LoggerFactory.getLogger( InitServiceRightsEditorListener.class ); 076 077 @Override 078 public void actionPerformed( FormEvent event ) { 079 ServletRequest request = getRequest(); 080 try { 081 // perform access check 082 SecurityAccess access = SecurityHelper.acquireAccess( this ); 083 SecurityHelper.checkForAdminRole( access ); 084 User user = access.getUser(); 085 086 RPCWebEvent ev = (RPCWebEvent) event; 087 RPCMethodCall rpcCall = ev.getRPCMethodCall(); 088 RPCParameter[] params = rpcCall.getParameters(); 089 090 if ( params.length != 1 ) { 091 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_PARAM_NUM" ) ); 092 } 093 if ( params[0].getType() != String.class ) { 094 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_STRING" ) ); 095 } 096 int roleId = -1; 097 try { 098 roleId = Integer.parseInt( (String) params[0].getValue() ); 099 } catch ( NumberFormatException e ) { 100 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_ROLE_VALUE" ) ); 101 } 102 103 // get Role to be edited 104 Role role = access.getRoleById( roleId ); 105 106 // check if user has the right to update the role 107 if ( !user.hasRight( access, RightType.UPDATE, role ) ) { 108 throw new GeneralSecurityException( Messages.getMessage( "IGEO_STD_SEC_MISSING_RIGHT", role.getName() ) ); 109 } 110 111 LinkedList<Service> services = access.getRolesServices( role ); 112 LinkedList<Service> otherServices = access.getAllServices(); 113 ListIterator<Service> iter = otherServices.listIterator(); 114 while ( iter.hasNext() ) { 115 Service s = iter.next(); 116 if ( services.contains( s ) ) { 117 iter.remove(); 118 } 119 } 120 request.setAttribute( "SELECTED_SERVICES", services ); 121 request.setAttribute( "AVAILABLE_SERVICES", otherServices ); 122 request.setAttribute( "ROLE", role ); 123 } catch ( RPCException e ) { 124 LOG.logError( e.getMessage(), e ); 125 request.setAttribute( "SOURCE", this.getClass().getName() ); 126 request.setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_RIGHTSEDITOR_REQUEST", 127 e.getMessage() ) ); 128 setNextPage( "error.jsp" ); 129 } catch ( GeneralSecurityException e ) { 130 LOG.logError( e.getMessage(), e ); 131 request.setAttribute( "SOURCE", this.getClass().getName() ); 132 request.setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_ERROR_RIGHTSEDITOR", e.getMessage() ) ); 133 setNextPage( "error.jsp" ); 134 } catch ( Exception e ) { 135 LOG.logError( e.getMessage(), e ); 136 } 137 138 } 139 140 }