/* * (non-Javadoc) * * @see org.deegree.security.AbstractAuthentication#authenticate(java.util.Map) */ public User authenticate(Map<String, String> params) throws WrongCredentialsException { String tmp = initParams.get(INIT_PARAM_PATTERN); List<String> patterns = StringTools.toList(tmp, ",;", true); String ipAddress = params.get(AUTH_PARAM_IPADDRESS); if (ipAddress != null) { for (String p : patterns) { if (ipAddress.matches(p)) { User usr = null; try { SecurityAccessManager sam = SecurityAccessManager.getInstance(); // use matching pattern as username and password usr = sam.getUserByName(p); usr.authenticate(null); } catch (Exception e) { LOG.logError(e.getMessage()); String msg = Messages.getMessage("OWSPROXY_USER_AUTH_ERROR", ipAddress); throw new WrongCredentialsException(msg); } return usr; } } throw new WrongCredentialsException( Messages.getMessage("OWSPROXY_USER_AUTH_ERROR", ipAddress)); } return null; }
/** * Loads the deegree SecurityAccesManager if no instance is present jet. * * @throws GeneralSecurityException if the no instance of the deegree securitymanager could be * touched. */ private void initializeSecurityAccessManager() throws GeneralSecurityException { if (databaseInfo == null) { LOG.logError(Messages.getMessage("WASS_ERROR_SECURITYACCESSMANAGER_NO_DBINFO")); return; } Properties properties = new Properties(); properties.setProperty("driver", databaseInfo.getDriver()); properties.setProperty("url", databaseInfo.getURL()); properties.setProperty("user", databaseInfo.getUser()); properties.setProperty("password", databaseInfo.getPassword()); try { securityAccessManager = SecurityAccessManager.getInstance(); } catch (GeneralSecurityException gse) { try { SecurityAccessManager.initialize( "org.deegree.security.drm.SQLRegistry", properties, 60 * 1000); securityAccessManager = SecurityAccessManager.getInstance(); } catch (GeneralSecurityException gse2) { LOG.logError(Messages.getMessage("WASS_ERROR_SECURITYACCESSMANAGER")); LOG.logError(gse2.getLocalizedMessage(), gse2); throw new GeneralSecurityException(getMessage("WASS_ERROR_SECURITYACCESSMANAGER")); } } }
/* * (non-Javadoc) * * @see org.deegree.security.AbstractAuthentication#authenticate(java.util.Map, * javax.servlet.http.HttpServletRequest) */ public User authenticate(Map<String, String> params, HttpServletRequest request) throws WrongCredentialsException { String sessionID = params.get(AUTH_PARAM_SESSIONID); User usr = null; if (sessionID != null) { String[] user = new String[3]; String urlStr = initParams.get(INIT_PARAM_WAS); urlStr = urlStr.replaceFirst("\\[SESSIONID\\]", sessionID); LOG.logDebug("request WAS for user information: " + urlStr); Document doc = null; try { URL url = new URL(urlStr); XMLFragment xml = new XMLFragment(url); doc = xml.getRootElement().getOwnerDocument(); user[0] = XMLTools.getNodeAsString(doc, "/User/UserName", nsContext, null); user[1] = XMLTools.getNodeAsString(doc, "/User/Password", nsContext, null); } catch (Exception e) { LOG.logError(e.getMessage(), e); throw new WrongCredentialsException(Messages.getMessage("OWSProxyServletFilter.WASACCESS")); } if (user[0] != null) { try { SecurityAccessManager sam = SecurityAccessManager.getInstance(); usr = sam.getUserByName(user[0]); usr.authenticate(user[1]); } catch (Exception e) { throw new WrongCredentialsException( Messages.getMessage("OWSPROXY_USER_AUTH_ERROR", user[0])); } } else { String msg = "undefined error"; try { msg = XMLTools.getNodeAsString(doc, "//ServiceException", nsContext, "general error"); } catch (Exception e) { // should never happen } throw new WrongCredentialsException(msg); } } return usr; }
@Override public void actionPerformed(FormEvent event) { // the Role for which the rights are to be set int roleId = -1; // array of ints, ids of Layers (SecuredObjects) for which // the Role has access rights int[] layers = null; // corresponding maps of key (PropertyName) / value-pairs that // constitute access constraints Map<String, Object>[] layerConstraints = null; SecurityAccessManager manager = null; SecurityTransaction transaction = null; try { RPCWebEvent ev = (RPCWebEvent) event; RPCMethodCall rpcCall = ev.getRPCMethodCall(); RPCParameter[] params = rpcCall.getParameters(); // validates the incomming method call and extracts the roleID roleId = validate(params); RPCParameter[] layerParams = (RPCParameter[]) params[1].getValue(); layers = new int[layerParams.length]; layerConstraints = new Map[layerParams.length]; extractLayerValues(layers, layerConstraints, layerParams); // extract FeatureType rights if (!(params[2].getValue() instanceof RPCParameter[])) { throw new RPCException(Messages.getMessage("IGEO_STD_STORERIGHTS_THIRD_PARAM")); } // array of ints, ids of FeatureTypes (SecuredObjects) for which // the Role has access rights FeatureTypeRight[] featureTypes = extractFeatureTypeValues(params); transaction = SecurityHelper.acquireTransaction(this); SecurityHelper.checkForAdminRole(transaction); manager = SecurityAccessManager.getInstance(); User user = transaction.getUser(); Role role = transaction.getRoleById(roleId); // perform access check if (!user.hasRight(transaction, "update", role)) { getRequest().setAttribute("SOURCE", this.getClass().getName()); String s = Messages.getMessage("IGEO_STD_STORERIGHTS_MISSING_RIGHTS", role.getName()); getRequest().setAttribute("MESSAGE", s); setNextPage("error.jsp"); return; } // set/delete access rights for Layers SecuredObject[] presentLayers = transaction.getAllSecuredObjects(ClientHelper.TYPE_LAYER); setAccessRightsForLayers(layers, layerConstraints, transaction, role, presentLayers); // set/delete access rights for FeatureTypes SecuredObject[] presentFeatureTypes = transaction.getAllSecuredObjects(ClientHelper.TYPE_FEATURETYPE); setAccessRightsForFeatureTypes(featureTypes, transaction, role, presentFeatureTypes); manager.commitTransaction(transaction); transaction = null; String s = Messages.getMessage("IGEO_STD_STORERIGHTS_SUCCESS", role.getID()); getRequest().setAttribute("MESSAGE", s); } catch (RPCException e) { getRequest().setAttribute("SOURCE", this.getClass().getName()); String s = Messages.getMessage("IGEO_STD_STORERIGHTS_INVALID_REQ", e.getMessage()); getRequest().setAttribute("MESSAGE", s); setNextPage("error.jsp"); LOG.logDebug(e.getMessage(), e); } catch (GeneralSecurityException e) { getRequest().setAttribute("SOURCE", this.getClass().getName()); String s = Messages.getMessage("IGEO_STD_STORERIGHTS_ERROR", e.getMessage()); getRequest().setAttribute("MESSAGE", s); setNextPage("error.jsp"); LOG.logDebug(e.getMessage(), e); } finally { if (manager != null && transaction != null) { try { manager.abortTransaction(transaction); } catch (GeneralSecurityException e) { LOG.logDebug(e.getMessage(), e); } } } }