001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/model/Right.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042: ---------------------------------------------------------------------------*/
043: package org.deegree.security.drm.model;
044:
045: import org.deegree.framework.log.ILogger;
046: import org.deegree.framework.log.LoggerFactory;
047: import org.deegree.model.feature.Feature;
048: import org.deegree.model.filterencoding.ComplexFilter;
049: import org.deegree.model.filterencoding.Filter;
050: import org.deegree.model.filterencoding.FilterEvaluationException;
051: import org.deegree.model.filterencoding.OperationDefines;
052: import org.deegree.security.GeneralSecurityException;
053:
054: /**
055: * A <code>Right</code> instance encapsulates a <code>SecurableObject</code>, a
056: * <code>RightType</code> and optional constraints which restrict it's applicability.
057: * <p>
058: * For example, one instance of a <code>RightSet</code> may be the 'access'-Right to a geographic
059: * dataset restricted to a certain area and weekdays. The situation (requested area and current
060: * time) is coded as a <code>Feature</code> object.
061: *
062: * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
063: * @version $Revision: 10496 $
064: */
065:
066: public class Right {
067:
068: private ILogger LOG = LoggerFactory.getLogger(Right.class);
069:
070: private SecurableObject object;
071:
072: private RightType type;
073:
074: private Filter constraints;
075:
076: /**
077: * Creates a new <code>Right</code> -instance (with no constraints).
078: *
079: * @param object
080: * @param type
081: */
082: public Right(SecurableObject object, RightType type) {
083: this .object = object;
084: this .type = type;
085: }
086:
087: /**
088: * Creates a new <code>Right</code> -instance.
089: *
090: * @param object
091: * @param type
092: * @param constraints
093: * null means that no constraints are defined
094: */
095: public Right(SecurableObject object, RightType type,
096: Filter constraints) {
097: this (object, type);
098: this .constraints = constraints;
099: }
100:
101: /**
102: * @return the associated <code>SecurableObject</code>.
103: */
104: public SecurableObject getSecurableObject() {
105: return object;
106: }
107:
108: /**
109: * @return the associated <code>RightType</code>.
110: *
111: */
112: public RightType getType() {
113: return type;
114: }
115:
116: /**
117: * Returns the restrictions (the parameters) of this <code>Right</code>.
118: *
119: * @return null, if no constraints are defined
120: *
121: */
122: public Filter getConstraints() {
123: return constraints;
124: }
125:
126: /**
127: * @return the disjunctive combination of the instance and the submitted <code>Right</code>,
128: * so that the new <code>Right</code> has the permissions of both instances.
129: *
130: * @param that
131: * @throws GeneralSecurityException
132: */
133: public Right merge(Right that) throws GeneralSecurityException {
134: Right combinedRight = null;
135:
136: if (!this .object.equals(that.object)) {
137: throw new GeneralSecurityException(
138: "Trying to merge right on securable object '"
139: + this .object.id
140: + "' and on object '"
141: + that.object.id
142: + "', but only rights on the same object may be merged.");
143: }
144: if (this .type.getID() != that.type.getID()) {
145: throw new GeneralSecurityException(
146: "Trying to merge right of type '"
147: + this .type.getName()
148: + "' and right of type '"
149: + that.type.getName()
150: + "', but only rights of the same type may be merged.");
151: }
152:
153: // check if any of the rights has no constraints
154: if (this .constraints == null && that.constraints == null) {
155: combinedRight = new Right(object, type, null);
156: } else if (this .constraints == null && that.constraints != null) {
157: combinedRight = new Right(object, type, that.constraints);
158: } else if (this .constraints != null && that.constraints == null) {
159: combinedRight = new Right(object, type, this .constraints);
160: } else if (that.constraints == null) {
161: combinedRight = that;
162: } else {
163: Filter combinedConstraints = new ComplexFilter(
164: (ComplexFilter) this .constraints,
165: (ComplexFilter) that.constraints,
166: OperationDefines.OR);
167: combinedRight = new Right(object, type, combinedConstraints);
168:
169: }
170: return combinedRight;
171: }
172:
173: /**
174: * @return true if the <code>Right</code> applies on the given <code>SecurableObject</code>
175: * and in a concrete situation (the situation is represented by the given
176: * <code>Feature</code>).
177: *
178: * @param object
179: * @param situation
180: * @throws GeneralSecurityException
181: */
182: public boolean applies(SecurableObject object, Feature situation)
183: throws GeneralSecurityException {
184: boolean applies = false;
185: if (object.equals(this .object)) {
186: try {
187: if (constraints != null) {
188: if (LOG.getLevel() == ILogger.LOG_DEBUG) {
189: LOG
190: .logDebug("constraints", constraints
191: .toXML());
192: }
193: applies = constraints.evaluate(situation);
194: } else {
195: LOG.logDebug("no constraints");
196: applies = true;
197: }
198: } catch (FilterEvaluationException e) {
199: LOG.logError(e.getMessage(), e);
200: throw new GeneralSecurityException(
201: "Error evaluating parameters (filter expression): "
202: + e.getMessage());
203: }
204: }
205: LOG.logDebug("situation", situation);
206: LOG.logDebug("object", object);
207: LOG.logDebug(applies ? "The right applies."
208: : "The right does not apply.");
209:
210: return applies;
211: }
212:
213: /**
214: * @return true if the <code>Right</code> applies on the given <code>SecurableObject</code>
215: * and in unrestricted manner (w/o constraints).
216: *
217: * @param object
218: */
219: public boolean applies(SecurableObject object) {
220: boolean applies = false;
221: if (object.equals(this .object)) {
222: if (constraints == null) {
223: applies = true;
224: }
225: }
226: return applies;
227: }
228:
229: @Override
230: public String toString() {
231: StringBuffer sb = new StringBuffer("Id: ").append(type.getID())
232: .append(", Name: ").append(type.getName()).append(", ");
233: if (constraints != null) {
234: sb.append("Constraints: " + constraints.toXML());
235: } else {
236: sb.append("Constraints: none");
237: }
238: return sb.toString();
239: }
240: }
|