/**
   * Loads the deegree SecurityAccesManager if no instance is present jet.
   *
   * @throws GeneralSecurityException if the no instance of the deegree securitymanager could be
   *     touched.
   */
  private void initializeSecurityAccessManager() throws GeneralSecurityException {

    if (databaseInfo == null) {
      LOG.logError(Messages.getMessage("WASS_ERROR_SECURITYACCESSMANAGER_NO_DBINFO"));
      return;
    }
    Properties properties = new Properties();
    properties.setProperty("driver", databaseInfo.getDriver());
    properties.setProperty("url", databaseInfo.getURL());
    properties.setProperty("user", databaseInfo.getUser());
    properties.setProperty("password", databaseInfo.getPassword());
    try {
      securityAccessManager = SecurityAccessManager.getInstance();
    } catch (GeneralSecurityException gse) {
      try {
        SecurityAccessManager.initialize(
            "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000);
        securityAccessManager = SecurityAccessManager.getInstance();
      } catch (GeneralSecurityException gse2) {
        LOG.logError(Messages.getMessage("WASS_ERROR_SECURITYACCESSMANAGER"));
        LOG.logError(gse2.getLocalizedMessage(), gse2);
        throw new GeneralSecurityException(getMessage("WASS_ERROR_SECURITYACCESSMANAGER"));
      }
    }
  }
  @Override
  public void actionPerformed(FormEvent event) {

    ServletRequest request = getRequest();
    try {
      // perform access check
      SecurityAccess access = acquireAccess(this);
      if (access == null) {
        getRequest().setAttribute("SOURCE", this.getClass().getName());
        getRequest().setAttribute("MESSAGE", get("IGEO_STD_SEC_ERROR_UNAUTHORIZED_ACCESS"));
        setNextPage("error.jsp");
        return;
      }
      checkForAdminRole(access);

      LinkedList<Service> services = access.getAllServices();
      request.setAttribute("SERVICES", services);
    } catch (GeneralSecurityException e) {
      getRequest().setAttribute("SOURCE", this.getClass().getName());
      getRequest()
          .setAttribute("MESSAGE", get("IGEO_STD_SEC_FAIL_INIT_SERVICES_EDITOR", e.getMessage()));
      setNextPage("error.jsp");
      LOG.logError(e.getMessage(), e);
    } catch (Exception e) {
      LOG.logError(get("IGEO_STD_SEC_ERROR_UNKNOWN", stackTraceToString(e)));
      getRequest().setAttribute("SOURCE", this.getClass().getName());
      getRequest()
          .setAttribute("MESSAGE", get("IGEO_STD_SEC_FAIL_INIT_SERVICES_EDITOR", e.getMessage()));
      setNextPage("error.jsp");
    }
  }
Example #3
0
  /** Returns a <code>String</code> representation of this object. */
  public String toString(SecurityAccess securityAccess) {
    StringBuffer sb = new StringBuffer("Name: ").append(name);

    try {
      sb.append(", Users (Members): [");
      User[] users = getUsers(securityAccess);
      for (int i = 0; i < users.length; i++) {
        sb.append(users[i].getName());
        if (i != users.length - 1) {
          sb.append(", ");
        }
      }
      sb.append("]");

      sb.append(", Groups (Members): [");
      Group[] groups = getGroups(securityAccess);
      for (int i = 0; i < groups.length; i++) {
        sb.append(groups[i].getName());
        if (i != groups.length - 1) {
          sb.append(", ");
        }
      }
      sb.append("]");

      sb.append(", Roles: [");
      Role[] roles = getRoles(securityAccess);
      for (int i = 0; i < roles.length; i++) {
        sb.append(roles[i].getName());
        if (i != roles.length - 1) {
          sb.append(", ");
        }
      }
      sb.append("]");
    } catch (GeneralSecurityException e) {
      e.printStackTrace();
    }
    return sb.toString();
  }
  @Override
  public void actionPerformed(FormEvent event) {

    // the Role for which the rights are to be set
    int roleId = -1;
    // array of ints, ids of Layers (SecuredObjects) for which
    // the Role has access rights
    int[] layers = null;
    // corresponding maps of key (PropertyName) / value-pairs that
    // constitute access constraints
    Map<String, Object>[] layerConstraints = null;

    SecurityAccessManager manager = null;
    SecurityTransaction transaction = null;

    try {
      RPCWebEvent ev = (RPCWebEvent) event;
      RPCMethodCall rpcCall = ev.getRPCMethodCall();
      RPCParameter[] params = rpcCall.getParameters();

      // validates the incomming method call and extracts the roleID
      roleId = validate(params);

      RPCParameter[] layerParams = (RPCParameter[]) params[1].getValue();
      layers = new int[layerParams.length];
      layerConstraints = new Map[layerParams.length];
      extractLayerValues(layers, layerConstraints, layerParams);

      // extract FeatureType rights
      if (!(params[2].getValue() instanceof RPCParameter[])) {
        throw new RPCException(Messages.getMessage("IGEO_STD_STORERIGHTS_THIRD_PARAM"));
      }

      // array of ints, ids of FeatureTypes (SecuredObjects) for which
      // the Role has access rights
      FeatureTypeRight[] featureTypes = extractFeatureTypeValues(params);

      transaction = SecurityHelper.acquireTransaction(this);
      SecurityHelper.checkForAdminRole(transaction);

      manager = SecurityAccessManager.getInstance();
      User user = transaction.getUser();
      Role role = transaction.getRoleById(roleId);

      // perform access check
      if (!user.hasRight(transaction, "update", role)) {
        getRequest().setAttribute("SOURCE", this.getClass().getName());
        String s = Messages.getMessage("IGEO_STD_STORERIGHTS_MISSING_RIGHTS", role.getName());
        getRequest().setAttribute("MESSAGE", s);
        setNextPage("error.jsp");
        return;
      }

      // set/delete access rights for Layers
      SecuredObject[] presentLayers = transaction.getAllSecuredObjects(ClientHelper.TYPE_LAYER);
      setAccessRightsForLayers(layers, layerConstraints, transaction, role, presentLayers);

      // set/delete access rights for FeatureTypes
      SecuredObject[] presentFeatureTypes =
          transaction.getAllSecuredObjects(ClientHelper.TYPE_FEATURETYPE);
      setAccessRightsForFeatureTypes(featureTypes, transaction, role, presentFeatureTypes);

      manager.commitTransaction(transaction);
      transaction = null;
      String s = Messages.getMessage("IGEO_STD_STORERIGHTS_SUCCESS", role.getID());
      getRequest().setAttribute("MESSAGE", s);
    } catch (RPCException e) {
      getRequest().setAttribute("SOURCE", this.getClass().getName());
      String s = Messages.getMessage("IGEO_STD_STORERIGHTS_INVALID_REQ", e.getMessage());
      getRequest().setAttribute("MESSAGE", s);
      setNextPage("error.jsp");
      LOG.logDebug(e.getMessage(), e);
    } catch (GeneralSecurityException e) {
      getRequest().setAttribute("SOURCE", this.getClass().getName());
      String s = Messages.getMessage("IGEO_STD_STORERIGHTS_ERROR", e.getMessage());
      getRequest().setAttribute("MESSAGE", s);
      setNextPage("error.jsp");
      LOG.logDebug(e.getMessage(), e);
    } finally {
      if (manager != null && transaction != null) {
        try {
          manager.abortTransaction(transaction);
        } catch (GeneralSecurityException e) {
          LOG.logDebug(e.getMessage(), e);
        }
      }
    }
  }