001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/security/control/GetSessionIDListener.java $ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.portal.standard.security.control; 037 038 import java.io.File; 039 import java.io.IOException; 040 import java.io.InputStream; 041 import java.util.Properties; 042 043 import javax.servlet.http.HttpServletRequest; 044 import javax.servlet.http.HttpSession; 045 046 import org.deegree.enterprise.control.AbstractListener; 047 import org.deegree.enterprise.control.FormEvent; 048 import org.deegree.enterprise.control.RPCMethodCall; 049 import org.deegree.enterprise.control.RPCStruct; 050 import org.deegree.enterprise.control.RPCWebEvent; 051 import org.deegree.framework.log.ILogger; 052 import org.deegree.framework.log.LoggerFactory; 053 import org.deegree.i18n.Messages; 054 055 /** 056 * Listener to retrieve the (deegree managed) sessionID of a user. 057 * 058 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a> 059 * @author last edited by: $Author: mschneider $ 060 * 061 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $ 062 */ 063 public class GetSessionIDListener extends AbstractListener { 064 065 private static final ILogger LOG = LoggerFactory.getLogger( GetSessionIDListener.class ); 066 067 private static String userDir = "WEB-INF/conf/igeoportal/users/"; 068 069 /** 070 * performs a login request. the passed event contains a RPC method call containing user name 071 * and password. 072 * 073 * @param event 074 */ 075 @Override 076 public void actionPerformed( FormEvent event ) { 077 078 RPCWebEvent re = (RPCWebEvent) event; 079 080 if ( !validateRequest( re ) ) { 081 gotoErrorPage( Messages.getMessage( "IGEO_STD_SEC_MISSING_USER" ) ); 082 return; 083 } 084 085 try { 086 // write request parameter into session to reconstruct the search form 087 HttpSession session = ( (HttpServletRequest) this.getRequest() ).getSession( true ); 088 getRequest().setAttribute( "SESSIONID", session.getAttribute( "SESSIONID" ) ); 089 getRequest().setAttribute( "STARTCONTEXT", getUsersStartContext( re ) ); 090 } catch ( IOException e ) { 091 gotoErrorPage( Messages.getMessage( "IGEO_STD_SEC_ERROR_STARTCONTEXT" ) ); 092 LOG.logError( e.getMessage(), e ); 093 } 094 } 095 096 /** 097 * validates the passed event to be valid agaist the requirements of the listener (contains user 098 * name ) 099 * 100 * @param event 101 * @return boolean 102 */ 103 private boolean validateRequest( RPCWebEvent event ) { 104 RPCMethodCall mc = event.getRPCMethodCall(); 105 if ( mc.getParameters().length == 0 ) { 106 return false; 107 } 108 RPCStruct struct = (RPCStruct) mc.getParameters()[0].getValue(); 109 if ( struct.getMember( "user" ) == null ) { 110 return false; 111 } 112 113 return true; 114 } 115 116 /** 117 * returns the name of the users start context. If the user does not own an individual start 118 * context the name of the default start context for all users will be returned. 119 * 120 * @param event 121 * @return String 122 * @throws IOException 123 */ 124 private String getUsersStartContext( RPCWebEvent event ) 125 throws IOException { 126 RPCMethodCall mc = event.getRPCMethodCall(); 127 RPCStruct struct = (RPCStruct) mc.getParameters()[0].getValue(); 128 String userName = (String) struct.getMember( "user" ).getValue(); 129 130 StringBuffer dir = new StringBuffer( "users/" ); 131 132 StringBuffer sb = new StringBuffer( 300 ); 133 sb.append( getHomePath() ).append( userDir ).append( userName ); 134 sb.append( "/context.properties" ); 135 File file = new File( sb.toString() ); 136 137 if ( !file.exists() ) { 138 sb.delete( 0, sb.length() ); 139 sb.append( getHomePath() ).append( userDir ).append( "context.properties" ); 140 file = new File( sb.toString() ); 141 } else { 142 dir.append( userName ).append( '/' ); 143 } 144 145 Properties prop = new Properties(); 146 InputStream is = file.toURL().openStream(); 147 prop.load( is ); 148 is.close(); 149 150 return dir.append( prop.getProperty( "STARTCONTEXT" ) ).toString(); 151 } 152 153 }