001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/security/control/StoreServicesRightsListener.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005     Department of Geography, University of Bonn
006     and
007     lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035     ----------------------------------------------------------------------------*/
036    package org.deegree.portal.standard.security.control;
037    
038    import java.util.ArrayList;
039    import java.util.List;
040    
041    import org.deegree.enterprise.control.AbstractListener;
042    import org.deegree.enterprise.control.FormEvent;
043    import org.deegree.enterprise.control.RPCException;
044    import org.deegree.enterprise.control.RPCMethodCall;
045    import org.deegree.enterprise.control.RPCParameter;
046    import org.deegree.enterprise.control.RPCWebEvent;
047    import org.deegree.framework.log.ILogger;
048    import org.deegree.framework.log.LoggerFactory;
049    import org.deegree.i18n.Messages;
050    import org.deegree.security.GeneralSecurityException;
051    import org.deegree.security.drm.SecurityAccessManager;
052    import org.deegree.security.drm.SecurityTransaction;
053    import org.deegree.security.drm.model.Role;
054    import org.deegree.security.drm.model.User;
055    
056    /**
057     * This <code>Listener</code> reacts on RPC-StoreRights events.
058     * 
059     * Access constraints:
060     * <ul>
061     * <li>only users that have the 'SEC_ADMIN'-role are allowed</li>
062     * </ul>
063     * 
064     * @author <a href="mschneider@lat-lon.de">Markus Schneider </a>
065     * @author last edited by: $Author: aschmitz $
066     * 
067     * @version $Revision: 25490 $, $Date: 2010-07-26 11:47:34 +0200 (Mo, 26 Jul 2010) $
068     */
069    public class StoreServicesRightsListener extends AbstractListener {
070    
071        private static final ILogger LOG = LoggerFactory.getLogger( StoreServicesRightsListener.class );
072    
073        @Override
074        public void actionPerformed( FormEvent event ) {
075    
076            // the Role for which the rights are to be set
077            int roleId = -1;
078    
079            List<Integer> selectedServices = null;
080    
081            SecurityAccessManager manager = null;
082            SecurityTransaction transaction = null;
083    
084            try {
085                RPCWebEvent ev = (RPCWebEvent) event;
086                RPCMethodCall rpcCall = ev.getRPCMethodCall();
087                RPCParameter[] params = rpcCall.getParameters();
088    
089                // validates the incoming method call and extracts the roleID
090                roleId = validate( params );
091    
092                RPCParameter[] selected = (RPCParameter[]) params[1].getValue();
093                selectedServices = new ArrayList<Integer>( selected.length );
094    
095                for ( int i = 0; i < selected.length; ++i ) {
096                    try {
097                        selectedServices.add( Integer.parseInt( (String) selected[i].getValue() ) );
098                    } catch ( NumberFormatException e ) {
099                        throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_ROLE_PARAM" ) );
100                    }
101                }
102    
103                transaction = SecurityHelper.acquireTransaction( this );
104                SecurityHelper.checkForAdminRole( transaction );
105    
106                manager = SecurityAccessManager.getInstance();
107                User user = transaction.getUser();
108                Role role = transaction.getRoleById( roleId );
109    
110                // perform access check
111                if ( !user.hasRight( transaction, "update", role ) ) {
112                    getRequest().setAttribute( "SOURCE", this.getClass().getName() );
113                    String s = Messages.getMessage( "IGEO_STD_STORERIGHTS_MISSING_RIGHTS", role.getName() );
114                    getRequest().setAttribute( "MESSAGE", s );
115                    setNextPage( "error.jsp" );
116                    return;
117                }
118    
119                transaction.setServicesRights( selectedServices, role );
120    
121                manager.commitTransaction( transaction );
122                transaction = null;
123                String s = Messages.getMessage( "IGEO_STD_STORESERVICESRIGHTS_SUCCESS", role.getID() );
124                getRequest().setAttribute( "MESSAGE", s );
125            } catch ( RPCException e ) {
126                getRequest().setAttribute( "SOURCE", this.getClass().getName() );
127                String s = Messages.getMessage( "IGEO_STD_STORERIGHTS_INVALID_REQ", e.getMessage() );
128                getRequest().setAttribute( "MESSAGE", s );
129                setNextPage( "error.jsp" );
130                LOG.logDebug( e.getMessage(), e );
131            } catch ( GeneralSecurityException e ) {
132                getRequest().setAttribute( "SOURCE", this.getClass().getName() );
133                String s = Messages.getMessage( "IGEO_STD_STORERIGHTS_ERROR", e.getMessage() );
134                getRequest().setAttribute( "MESSAGE", s );
135                setNextPage( "error.jsp" );
136                LOG.logDebug( e.getMessage(), e );
137            } finally {
138                if ( manager != null && transaction != null ) {
139                    try {
140                        manager.abortTransaction( transaction );
141                    } catch ( GeneralSecurityException e ) {
142                        LOG.logDebug( e.getMessage(), e );
143                    }
144                }
145            }
146    
147        }
148    
149        private int validate( RPCParameter[] params )
150                                throws RPCException {
151    
152            if ( params.length != 2 ) {
153                throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_PARAMS_NUM", "2" ) );
154            }
155    
156            if ( !( params[0].getValue() instanceof String ) ) {
157                throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_FIRST_PARAM" ) );
158            }
159    
160            // extract role-id
161            int roleId = -1;
162            try {
163                roleId = Integer.parseInt( (String) params[0].getValue() );
164            } catch ( NumberFormatException e ) {
165                throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_ROLE_PARAM" ) );
166            }
167    
168            // extract Layer rights
169            if ( !( params[1].getValue() instanceof RPCParameter[] ) ) {
170                throw new RPCException( Messages.getMessage( "IGEO_STD_STORERIGHTS_SECOND_PARAM" ) );
171            }
172            return roleId;
173        }
174    
175    }