001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/security/control/StoreServicesRightsListener.java $ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.portal.standard.security.control; 037 038 import java.util.ArrayList; 039 import java.util.List; 040 041 import org.deegree.enterprise.control.AbstractListener; 042 import org.deegree.enterprise.control.FormEvent; 043 import org.deegree.enterprise.control.RPCException; 044 import org.deegree.enterprise.control.RPCMethodCall; 045 import org.deegree.enterprise.control.RPCParameter; 046 import org.deegree.enterprise.control.RPCWebEvent; 047 import org.deegree.framework.log.ILogger; 048 import org.deegree.framework.log.LoggerFactory; 049 import org.deegree.i18n.Messages; 050 import org.deegree.security.GeneralSecurityException; 051 import org.deegree.security.drm.SecurityAccessManager; 052 import org.deegree.security.drm.SecurityTransaction; 053 import org.deegree.security.drm.model.Role; 054 import org.deegree.security.drm.model.User; 055 056 /** 057 * This <code>Listener</code> reacts on RPC-StoreRights events. 058 * 059 * Access constraints: 060 * <ul> 061 * <li>only users that have the 'SEC_ADMIN'-role are allowed</li> 062 * </ul> 063 * 064 * @author <a href="mschneider@lat-lon.de">Markus Schneider </a> 065 * @author last edited by: $Author: aschmitz $ 066 * 067 * @version $Revision: 25490 $, $Date: 2010-07-26 11:47:34 +0200 (Mo, 26 Jul 2010) $ 068 */ 069 public class StoreServicesRightsListener extends AbstractListener { 070 071 private static final ILogger LOG = LoggerFactory.getLogger( StoreServicesRightsListener.class ); 072 073 @Override 074 public void actionPerformed( FormEvent event ) { 075 076 // the Role for which the rights are to be set 077 int roleId = -1; 078 079 List<Integer> selectedServices = null; 080 081 SecurityAccessManager manager = null; 082 SecurityTransaction transaction = null; 083 084 try { 085 RPCWebEvent ev = (RPCWebEvent) event; 086 RPCMethodCall rpcCall = ev.getRPCMethodCall(); 087 RPCParameter[] params = rpcCall.getParameters(); 088 089 // validates the incoming method call and extracts the roleID 090 roleId = validate( params ); 091 092 RPCParameter[] selected = (RPCParameter[]) params[1].getValue(); 093 selectedServices = new ArrayList<Integer>( selected.length ); 094 095 for ( int i = 0; i < selected.length; ++i ) { 096 try { 097 selectedServices.add( Integer.parseInt( (String) selected[i].getValue() ) ); 098 } catch ( NumberFormatException e ) { 099 throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_ROLE_PARAM" ) ); 100 } 101 } 102 103 transaction = SecurityHelper.acquireTransaction( this ); 104 SecurityHelper.checkForAdminRole( transaction ); 105 106 manager = SecurityAccessManager.getInstance(); 107 User user = transaction.getUser(); 108 Role role = transaction.getRoleById( roleId ); 109 110 // perform access check 111 if ( !user.hasRight( transaction, "update", role ) ) { 112 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 113 String s = Messages.getMessage( "IGEO_STD_STORERIGHTS_MISSING_RIGHTS", role.getName() ); 114 getRequest().setAttribute( "MESSAGE", s ); 115 setNextPage( "error.jsp" ); 116 return; 117 } 118 119 transaction.setServicesRights( selectedServices, role ); 120 121 manager.commitTransaction( transaction ); 122 transaction = null; 123 String s = Messages.getMessage( "IGEO_STD_STORESERVICESRIGHTS_SUCCESS", role.getID() ); 124 getRequest().setAttribute( "MESSAGE", s ); 125 } catch ( RPCException e ) { 126 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 127 String s = Messages.getMessage( "IGEO_STD_STORERIGHTS_INVALID_REQ", e.getMessage() ); 128 getRequest().setAttribute( "MESSAGE", s ); 129 setNextPage( "error.jsp" ); 130 LOG.logDebug( e.getMessage(), e ); 131 } catch ( GeneralSecurityException e ) { 132 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 133 String s = Messages.getMessage( "IGEO_STD_STORERIGHTS_ERROR", e.getMessage() ); 134 getRequest().setAttribute( "MESSAGE", s ); 135 setNextPage( "error.jsp" ); 136 LOG.logDebug( e.getMessage(), e ); 137 } finally { 138 if ( manager != null && transaction != null ) { 139 try { 140 manager.abortTransaction( transaction ); 141 } catch ( GeneralSecurityException e ) { 142 LOG.logDebug( e.getMessage(), e ); 143 } 144 } 145 } 146 147 } 148 149 private int validate( RPCParameter[] params ) 150 throws RPCException { 151 152 if ( params.length != 2 ) { 153 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_PARAMS_NUM", "2" ) ); 154 } 155 156 if ( !( params[0].getValue() instanceof String ) ) { 157 throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_FIRST_PARAM" ) ); 158 } 159 160 // extract role-id 161 int roleId = -1; 162 try { 163 roleId = Integer.parseInt( (String) params[0].getValue() ); 164 } catch ( NumberFormatException e ) { 165 throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_ROLE_PARAM" ) ); 166 } 167 168 // extract Layer rights 169 if ( !( params[1].getValue() instanceof RPCParameter[] ) ) { 170 throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_SECOND_PARAM" ) ); 171 } 172 return roleId; 173 } 174 175 }