001 //$HeadURL: http://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/model/Right.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.drm.model;
037
038 import org.deegree.framework.log.ILogger;
039 import org.deegree.framework.log.LoggerFactory;
040 import org.deegree.model.feature.Feature;
041 import org.deegree.model.filterencoding.ComplexFilter;
042 import org.deegree.model.filterencoding.Filter;
043 import org.deegree.model.filterencoding.FilterEvaluationException;
044 import org.deegree.model.filterencoding.OperationDefines;
045 import org.deegree.security.GeneralSecurityException;
046
047 /**
048 * A <code>Right</code> instance encapsulates a <code>SecurableObject</code>, a
049 * <code>RightType</code> and optional constraints which restrict it's applicability.
050 * <p>
051 * For example, one instance of a <code>RightSet</code> may be the 'access'-Right to a geographic
052 * dataset restricted to a certain area and weekdays. The situation (requested area and current
053 * time) is coded as a <code>Feature</code> object.
054 *
055 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
056 * @version $Revision: 29076 $
057 */
058
059 public class Right {
060
061 private ILogger LOG = LoggerFactory.getLogger( Right.class );
062
063 private SecurableObject object;
064
065 private RightType type;
066
067 private Filter constraints;
068
069 /**
070 * Creates a new <code>Right</code> -instance (with no constraints).
071 *
072 * @param object
073 * @param type
074 */
075 public Right( SecurableObject object, RightType type ) {
076 this.object = object;
077 this.type = type;
078 }
079
080 /**
081 * Creates a new <code>Right</code> -instance.
082 *
083 * @param object
084 * @param type
085 * @param constraints
086 * null means that no constraints are defined
087 */
088 public Right( SecurableObject object, RightType type, Filter constraints ) {
089 this( object, type );
090 this.constraints = constraints;
091 }
092
093 /**
094 * @return the associated <code>SecurableObject</code>.
095 */
096 public SecurableObject getSecurableObject() {
097 return object;
098 }
099
100 /**
101 * @return the associated <code>RightType</code>.
102 *
103 */
104 public RightType getType() {
105 return type;
106 }
107
108 /**
109 * Returns the restrictions (the parameters) of this <code>Right</code>.
110 *
111 * @return null, if no constraints are defined
112 *
113 */
114 public Filter getConstraints() {
115 return constraints;
116 }
117
118 /**
119 * @return the disjunctive combination of the instance and the submitted <code>Right</code>,
120 * so that the new <code>Right</code> has the permissions of both instances.
121 *
122 * @param that
123 * @throws GeneralSecurityException
124 */
125 public Right merge( Right that )
126 throws GeneralSecurityException {
127 Right combinedRight = null;
128
129 if ( !this.object.equals( that.object ) ) {
130 throw new GeneralSecurityException( "Trying to merge right on securable object '" + this.object.id
131 + "' and on object '" + that.object.id
132 + "', but only rights on the same object may be merged." );
133 }
134 if ( this.type.getID() != that.type.getID() ) {
135 throw new GeneralSecurityException( "Trying to merge right of type '" + this.type.getName()
136 + "' and right of type '" + that.type.getName()
137 + "', but only rights of the same type may be merged." );
138 }
139
140 // check if any of the rights has no constraints
141 if ( this.constraints == null && that.constraints == null ) {
142 combinedRight = new Right( object, type, null );
143 } else if ( this.constraints == null && that.constraints != null ) {
144 combinedRight = new Right( object, type, that.constraints );
145 } else if ( this.constraints != null && that.constraints == null ) {
146 combinedRight = new Right( object, type, this.constraints );
147 } else if ( that.constraints == null ) {
148 combinedRight = that;
149 } else {
150 Filter combinedConstraints = new ComplexFilter( (ComplexFilter) this.constraints,
151 (ComplexFilter) that.constraints, OperationDefines.OR );
152 combinedRight = new Right( object, type, combinedConstraints );
153
154 }
155 return combinedRight;
156 }
157
158 /**
159 * @return true if the <code>Right</code> applies on the given <code>SecurableObject</code>
160 * and in a concrete situation (the situation is represented by the given
161 * <code>Feature</code>).
162 *
163 * @param object
164 * @param situation
165 * @throws GeneralSecurityException
166 */
167 public boolean applies( SecurableObject object, Feature situation )
168 throws GeneralSecurityException {
169 boolean applies = false;
170 if ( object.equals( this.object ) ) {
171 try {
172 if ( constraints != null ) {
173 if ( LOG.getLevel() == ILogger.LOG_DEBUG ) {
174 LOG.logDebug( "constraints", constraints.to110XML() );
175 }
176 applies = constraints.evaluate( situation );
177 } else {
178 LOG.logDebug( "no constraints" );
179 applies = true;
180 }
181 } catch ( FilterEvaluationException e ) {
182 LOG.logError( e.getMessage(), e );
183 throw new GeneralSecurityException( "Error evaluating parameters (filter expression): "
184 + e.getMessage() );
185 }
186 }
187 LOG.logDebug( "situation", situation );
188 LOG.logDebug( "object", object );
189 LOG.logDebug( applies ? "The right applies." : "The right does not apply." );
190
191 return applies;
192 }
193
194 /**
195 * @return true if the <code>Right</code> applies on the given <code>SecurableObject</code>
196 * and in unrestricted manner (w/o constraints).
197 *
198 * @param object
199 */
200 public boolean applies( SecurableObject object ) {
201 boolean applies = false;
202 if ( object.equals( this.object ) ) {
203 if ( constraints == null ) {
204 applies = true;
205 }
206 }
207 return applies;
208 }
209
210 @Override
211 public String toString() {
212 StringBuffer sb = new StringBuffer( "Id: " ).append( type.getID() ).append( ", Name: " ).append( type.getName() ).append(
213 ", " );
214 if ( constraints != null ) {
215 sb.append( "Constraints: " + constraints.to110XML() );
216 } else {
217 sb.append( "Constraints: none" );
218 }
219 return sb.toString();
220 }
221 }