0001: // $HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/tools/security/DRMAccess.java $
0002: /*---------------- FILE HEADER ------------------------------------------
0003:
0004: This file is part of deegree.
0005: Copyright (C) 2001-2008 by:
0006: EXSE, Department of Geography, University of Bonn
0007: http://www.giub.uni-bonn.de/deegree/
0008: lat/lon GmbH
0009: http://www.lat-lon.de
0010:
0011: This library is free software; you can redistribute it and/or
0012: modify it under the terms of the GNU Lesser General Public
0013: License as published by the Free Software Foundation; either
0014: version 2.1 of the License, or (at your option) any later version.
0015:
0016: This library is distributed in the hope that it will be useful,
0017: but WITHOUT ANY WARRANTY; without even the implied warranty of
0018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0019: Lesser General Public License for more details.
0020:
0021: You should have received a copy of the GNU Lesser General Public
0022: License along with this library; if not, write to the Free Software
0023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
0024:
0025: Contact:
0026:
0027: Andreas Poth
0028: lat/lon GmbH
0029: Aennchenstr. 19
0030: 53115 Bonn
0031: Germany
0032: E-Mail: poth@lat-lon.de
0033:
0034: Klaus Greve
0035: Department of Geography
0036: University of Bonn
0037: Meckenheimer Allee 166
0038: 53115 Bonn
0039: Germany
0040: E-Mail: klaus.greve@uni-bonn.de
0041:
0042: ---------------------------------------------------------------------------*/
0043:
0044: package org.deegree.tools.security;
0045:
0046: import java.io.FileNotFoundException;
0047: import java.io.IOException;
0048: import java.io.InputStream;
0049: import java.io.RandomAccessFile;
0050: import java.io.StringReader;
0051: import java.util.ArrayList;
0052: import java.util.Arrays;
0053: import java.util.List;
0054: import java.util.Properties;
0055:
0056: import org.deegree.framework.util.StringTools;
0057: import org.deegree.framework.xml.XMLTools;
0058: import org.deegree.model.filterencoding.AbstractFilter;
0059: import org.deegree.model.filterencoding.Filter;
0060: import org.deegree.security.GeneralSecurityException;
0061: import org.deegree.security.drm.SecurityAccess;
0062: import org.deegree.security.drm.SecurityAccessManager;
0063: import org.deegree.security.drm.SecurityTransaction;
0064: import org.deegree.security.drm.WrongCredentialsException;
0065: import org.deegree.security.drm.model.Group;
0066: import org.deegree.security.drm.model.Right;
0067: import org.deegree.security.drm.model.RightSet;
0068: import org.deegree.security.drm.model.RightType;
0069: import org.deegree.security.drm.model.Role;
0070: import org.deegree.security.drm.model.SecuredObject;
0071: import org.deegree.security.drm.model.User;
0072: import org.w3c.dom.Document;
0073:
0074: /**
0075: * tool class to handle deegree sercurity administration using commandline calls:
0076: *
0077: * <pre>
0078: * general definitions:
0079: * -driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)
0080: * -logon jdbc:odbc:security logon to database (e.g. ODBC name)
0081: * -user user name (optional)
0082: * -password users password (optional)
0083: *
0084: * possible actions:
0085: * -action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)
0086: * defines the action be performed. possible actions are listed inn brackets.
0087: *
0088: * action = addUser -> adds a user to the right management
0089: * -name users login name
0090: * -password users password
0091: * -firstName the first name of the user
0092: * -lastName the last name of the user
0093: * -emal email address of the user
0094: *
0095: * action = removeUser -> removes a user to the right management
0096: * -name users login name
0097: *
0098: * action = addGroup -> adds a group to the right management system
0099: * -name name of the group
0100: * -title title of the group
0101: *
0102: * action = removeGroup -> removes a group to the right management
0103: * -name groups login name
0104: *
0105: * action = addRole -> adds a role to the right management system
0106: * -name name of the role
0107: *
0108: * action = addUserToGroup -> adds a user to a named group
0109: * -userName name of the user
0110: * -groupName name of the group
0111: *
0112: * action = addUserToGroup -> assignes a group with a role
0113: * -groupName name of the group
0114: * -roleName name of the role
0115: *
0116: * action = addSecuredObject -> adds a new secured object to the right management system
0117: * -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
0118: * -soName name of the secured object
0119: * -soTitle title of the secured object
0120: *
0121: * action = removeSecuredObject -> removes a new secured object from the right management system
0122: * -soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)
0123: * -soName name of the secured object
0124: *
0125: * action = assignRights -> assigns rights on a named secured object to a role
0126: * -constraints comma seperated list of absolut pathes to filter encoding files
0127: * -rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints
0128: * -soName name of the secured object
0129: * -soType type of the secured object
0130: * -role name of the role the rights shall be given to
0131: *
0132: * action = removeRights removes rights on a named secured object to a role
0133: * -rights comma seperated list of rights to remove.
0134: * -soName name of the secured object
0135: * -soType type of the secured object
0136: * -role name of the role the rights shall be given to
0137: *
0138: * action = clean -> cleans the complete right management system database by deleting all entries!
0139: * </pre>
0140: *
0141: *
0142: * @version $Revision: 10529 $
0143: * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
0144: * @author last edited by: $Author: aschmitz $
0145: *
0146: * @version $Revision: 10529 $, $Date: 2008-03-10 01:24:04 -0700 (Mon, 10 Mar 2008) $
0147: */
0148: public class DRMAccess {
0149:
0150: private static String secAdminPassword = "JOSE67";
0151:
0152: private SecurityAccessManager manager;
0153:
0154: private SecurityTransaction transaction;
0155:
0156: /**
0157: * @throws IOException
0158: */
0159: public DRMAccess() throws IOException {
0160: InputStream is = DRMAccess.class
0161: .getResourceAsStream("sec.properties");
0162: Properties prop = new Properties();
0163: prop.load(is);
0164: is.close();
0165: secAdminPassword = prop.getProperty("adminpass");
0166: }
0167:
0168: /**
0169: * @param driver
0170: * @param logon
0171: * @param user
0172: * @param password
0173: * @throws Exception
0174: */
0175: protected void setUp(String driver, String logon, String user,
0176: String password) throws Exception {
0177: Properties properties = new Properties();
0178: properties.setProperty("driver", driver);
0179: properties.setProperty("url", logon);
0180: if (user == null)
0181: user = "";
0182: properties.setProperty("user", user);
0183: if (password == null)
0184: password = "";
0185: properties.setProperty("password", password);
0186: try {
0187: manager = SecurityAccessManager.getInstance();
0188: } catch (GeneralSecurityException e) {
0189: try {
0190: System.out.println(properties);
0191: SecurityAccessManager.initialize(
0192: "org.deegree.security.drm.SQLRegistry",
0193: properties, 60 * 1000);
0194: manager = SecurityAccessManager.getInstance();
0195:
0196: } catch (GeneralSecurityException e1) {
0197: e1.printStackTrace();
0198: }
0199: }
0200: }
0201:
0202: /**
0203: *
0204: */
0205: public void GetUsers() {
0206: try {
0207: User user = manager.getUserByName("SEC_ADMIN");
0208: user.authenticate(DRMAccess.secAdminPassword);
0209: transaction = manager.acquireTransaction(user);
0210: User[] users = transaction.getAllUsers();
0211: for (int i = 0; i < users.length; i++) {
0212: System.out.println("User " + i + ": "
0213: + users[i].getName());
0214: }
0215: } catch (Exception e) {
0216: e.printStackTrace();
0217: }
0218: }
0219:
0220: /**
0221: *
0222: * @param name
0223: * @param password
0224: * @param firstName
0225: * @param lastName
0226: * @param email
0227: */
0228: public void addUser(String name, String password, String firstName,
0229: String lastName, String email) {
0230: try {
0231: User user = manager.getUserByName("SEC_ADMIN");
0232: user.authenticate(DRMAccess.secAdminPassword);
0233: transaction = manager.acquireTransaction(user);
0234: transaction.registerUser(name, password, firstName,
0235: lastName, email);
0236:
0237: manager.commitTransaction(transaction);
0238: } catch (Exception e) {
0239: e.printStackTrace();
0240: try {
0241: manager.abortTransaction(transaction);
0242: } catch (GeneralSecurityException me) {
0243: me.printStackTrace();
0244: }
0245:
0246: }
0247: }
0248:
0249: /**
0250: *
0251: * @param name
0252: */
0253: public void removeUser(String name) {
0254: try {
0255: User user = manager.getUserByName("SEC_ADMIN");
0256: user.authenticate(DRMAccess.secAdminPassword);
0257: transaction = manager.acquireTransaction(user);
0258: user = transaction.getUserByName(name);
0259: transaction.deregisterUser(user);
0260: manager.commitTransaction(transaction);
0261: } catch (Exception e) {
0262: e.printStackTrace();
0263: }
0264: }
0265:
0266: /**
0267: *
0268: * @param name
0269: * @param password
0270: * @return the user
0271: */
0272: public User login(String name, String password) {
0273: User user = null;
0274: try {
0275: user = manager.getUserByName("SEC_ADMIN");
0276: user.authenticate(DRMAccess.secAdminPassword);
0277: transaction = manager.acquireTransaction(user);
0278: user = transaction.getUserByName(name);
0279: try {
0280: user.authenticate(password);
0281: } catch (WrongCredentialsException e) {
0282: System.out.println("failed.");
0283: }
0284: } catch (Exception e) {
0285: e.printStackTrace();
0286: try {
0287: manager.abortTransaction(transaction);
0288: } catch (GeneralSecurityException me) {
0289: me.printStackTrace();
0290: }
0291: }
0292: return user;
0293: }
0294:
0295: /**
0296: *
0297: * @param name
0298: * @param title
0299: * @return the group
0300: */
0301: public Group addGroup(String name, String title) {
0302: Group humans = null;
0303: try {
0304: User user = manager.getUserByName("SEC_ADMIN");
0305: user.authenticate(DRMAccess.secAdminPassword);
0306: transaction = manager.acquireTransaction(user);
0307:
0308: humans = transaction.registerGroup(name, title);
0309: manager.commitTransaction(transaction);
0310: } catch (Exception e) {
0311: e.printStackTrace();
0312: try {
0313: manager.abortTransaction(transaction);
0314: } catch (GeneralSecurityException me) {
0315: me.printStackTrace();
0316: }
0317: }
0318: return humans;
0319: }
0320:
0321: /**
0322: *
0323: * @param name
0324: */
0325: public void removeGroup(String name) {
0326:
0327: try {
0328: User user = manager.getUserByName("SEC_ADMIN");
0329: user.authenticate(DRMAccess.secAdminPassword);
0330: transaction = manager.acquireTransaction(user);
0331:
0332: Group group = transaction.getGroupByName(name);
0333: transaction.deregisterGroup(group);
0334: manager.commitTransaction(transaction);
0335: } catch (Exception e) {
0336: e.printStackTrace();
0337: try {
0338: manager.abortTransaction(transaction);
0339: } catch (GeneralSecurityException me) {
0340: me.printStackTrace();
0341: }
0342: }
0343: }
0344:
0345: /**
0346: *
0347: * @param name
0348: * @return the role
0349: */
0350: public Role addRole(String name) {
0351: Role role = null;
0352: try {
0353: User user = manager.getUserByName("SEC_ADMIN");
0354: user.authenticate(DRMAccess.secAdminPassword);
0355: transaction = manager.acquireTransaction(user);
0356:
0357: role = transaction.registerRole(name);
0358: manager.commitTransaction(transaction);
0359: } catch (Exception e) {
0360: e.printStackTrace();
0361: try {
0362: manager.abortTransaction(transaction);
0363: } catch (GeneralSecurityException me) {
0364: me.printStackTrace();
0365: }
0366: }
0367: return role;
0368: }
0369:
0370: /**
0371: *
0372: * @param name
0373: */
0374: public void removeRole(String name) {
0375:
0376: try {
0377: User user = manager.getUserByName("SEC_ADMIN");
0378: user.authenticate(DRMAccess.secAdminPassword);
0379: transaction = manager.acquireTransaction(user);
0380:
0381: Role role = transaction.getRoleByName(name);
0382: transaction.deregisterRole(role);
0383: manager.commitTransaction(transaction);
0384: } catch (Exception e) {
0385: e.printStackTrace();
0386: try {
0387: manager.abortTransaction(transaction);
0388: } catch (GeneralSecurityException me) {
0389: me.printStackTrace();
0390: }
0391: }
0392:
0393: }
0394:
0395: /**
0396: * @param userName
0397: * @param group
0398: */
0399: public void setGroupMemberships(String userName, String group) {
0400:
0401: try {
0402: User user = manager.getUserByName("SEC_ADMIN");
0403: user.authenticate(DRMAccess.secAdminPassword);
0404: transaction = manager.acquireTransaction(user);
0405:
0406: User jon = transaction.getUserByName(userName);
0407: Group humans = transaction.getGroupByName(group);
0408: User[] users = humans.getUsers(transaction);
0409: List<User> list = Arrays.asList(users);
0410: ArrayList<User> aList = new ArrayList<User>(list);
0411: aList.add(jon);
0412: users = aList.toArray(new User[aList.size()]);
0413: transaction.setUsersInGroup(humans, users);
0414:
0415: manager.commitTransaction(transaction);
0416: } catch (Exception e) {
0417: e.printStackTrace();
0418: try {
0419: manager.abortTransaction(transaction);
0420: } catch (GeneralSecurityException me) {
0421: me.printStackTrace();
0422: }
0423:
0424: }
0425: }
0426:
0427: /**
0428: *
0429: * @param role
0430: * @param group
0431: */
0432: public void setRoleAssociation(String role, String group) {
0433: try {
0434: User user = manager.getUserByName("SEC_ADMIN");
0435: user.authenticate(DRMAccess.secAdminPassword);
0436: transaction = manager.acquireTransaction(user);
0437:
0438: Group humans = transaction.getGroupByName(group);
0439: Role canOpener = transaction.getRoleByName(role);
0440: Group[] groups = canOpener.getGroups(transaction);
0441: List<Group> list = Arrays.asList(groups);
0442: ArrayList<Group> aList = new ArrayList<Group>(list);
0443: aList.add(humans);
0444: groups = aList.toArray(new Group[aList.size()]);
0445: transaction.setGroupsWithRole(canOpener, groups);
0446: manager.commitTransaction(transaction);
0447: } catch (Exception e) {
0448: e.printStackTrace();
0449: try {
0450: manager.abortTransaction(transaction);
0451: } catch (GeneralSecurityException me) {
0452: me.printStackTrace();
0453: }
0454:
0455: }
0456: }
0457:
0458: /**
0459: *
0460: * @param type
0461: * @param name
0462: * @param title
0463: */
0464: public void addSecuredObject(String type, String name, String title) {
0465: try {
0466: User user = manager.getUserByName("SEC_ADMIN");
0467: user.authenticate(DRMAccess.secAdminPassword);
0468: transaction = manager.acquireTransaction(user);
0469: transaction.registerSecuredObject(type, name, title);
0470: manager.commitTransaction(transaction);
0471: } catch (Exception e) {
0472: e.printStackTrace();
0473: try {
0474: manager.abortTransaction(transaction);
0475: } catch (GeneralSecurityException me) {
0476: me.printStackTrace();
0477: }
0478:
0479: }
0480: }
0481:
0482: /**
0483: *
0484: * @param type
0485: * @param name
0486: */
0487: public void removeSecuredObject(String type, String name) {
0488: try {
0489: User user = manager.getUserByName("SEC_ADMIN");
0490: user.authenticate(DRMAccess.secAdminPassword);
0491: transaction = manager.acquireTransaction(user);
0492: SecuredObject so = transaction.getSecuredObjectByName(name,
0493: type);
0494: transaction.deregisterSecuredObject(so);
0495: manager.commitTransaction(transaction);
0496: } catch (Exception e) {
0497: e.printStackTrace();
0498: try {
0499: manager.abortTransaction(transaction);
0500: } catch (GeneralSecurityException me) {
0501: me.printStackTrace();
0502: }
0503:
0504: }
0505: }
0506:
0507: /**
0508: *
0509: * @param filter
0510: * @param secObj
0511: * @param soType
0512: * @param role
0513: * @param rights
0514: */
0515: public void assignRights(String[] filter, String secObj,
0516: String soType, String role, String[] rights) {
0517: try {
0518: User user = manager.getUserByName("SEC_ADMIN");
0519: user.authenticate(DRMAccess.secAdminPassword);
0520: transaction = manager.acquireTransaction(user);
0521:
0522: SecuredObject so = transaction.getSecuredObjectByName(
0523: secObj, soType);
0524:
0525: Right[] rs = new Right[rights.length];
0526: for (int i = 0; i < rs.length; i++) {
0527: Filter constraints = null;
0528: if (filter[i] != null) {
0529: Document doc = XMLTools.parse(new StringReader(
0530: filter[i]));
0531: constraints = AbstractFilter.buildFromDOM(doc
0532: .getDocumentElement(), false);
0533: }
0534: if (rights[i].equalsIgnoreCase("getmap")) {
0535: rs[i] = new Right(so, RightType.GETMAP, constraints);
0536: } else if (rights[i]
0537: .equalsIgnoreCase("getmap_response")) {
0538: rs[i] = new Right(so, RightType.GETMAP_RESPONSE,
0539: constraints);
0540: } else if (rights[i].equalsIgnoreCase("getfeatureinfo")) {
0541: rs[i] = new Right(so, RightType.GETFEATUREINFO,
0542: constraints);
0543: } else if (rights[i]
0544: .equalsIgnoreCase("getfeatureinfo_response")) {
0545: rs[i] = new Right(so,
0546: RightType.GETFEATUREINFO_RESPONSE,
0547: constraints);
0548: } else if (rights[i]
0549: .equalsIgnoreCase("getlegendgraphic")) {
0550: rs[i] = new Right(so, RightType.GETLEGENDGRAPHIC,
0551: constraints);
0552: } else if (rights[i]
0553: .equalsIgnoreCase("getlegendgraphic_response")) {
0554: rs[i] = new Right(so,
0555: RightType.GETLEGENDGRAPHIC_RESPONSE,
0556: constraints);
0557: } else if (rights[i].equalsIgnoreCase("getfeature")) {
0558: rs[i] = new Right(so, RightType.GETFEATURE,
0559: constraints);
0560: } else if (rights[i]
0561: .equalsIgnoreCase("getfeature_response")) {
0562: rs[i] = new Right(so,
0563: RightType.GETFEATURE_RESPONSE, constraints);
0564: } else if (rights[i]
0565: .equalsIgnoreCase("describefeaturetype")) {
0566: rs[i] = new Right(so,
0567: RightType.DESCRIBEFEATURETYPE, constraints);
0568: } else if (rights[i]
0569: .equalsIgnoreCase("describefeaturetype_response")) {
0570: rs[i] = new Right(so,
0571: RightType.DESCRIBEFEATURETYPE_RESPONSE,
0572: constraints);
0573: } else if (rights[i].equalsIgnoreCase("getcoverage")) {
0574: rs[i] = new Right(so, RightType.GETCOVERAGE,
0575: constraints);
0576: } else if (rights[i]
0577: .equalsIgnoreCase("getcoverage_response")) {
0578: rs[i] = new Right(so,
0579: RightType.GETCOVERAGE_RESPONSE, constraints);
0580: } else if (rights[i]
0581: .equalsIgnoreCase("describecoverage")) {
0582: rs[i] = new Right(so, RightType.DESCRIBECOVERAGE,
0583: constraints);
0584: } else if (rights[i]
0585: .equalsIgnoreCase("describecoverage_response")) {
0586: rs[i] = new Right(so,
0587: RightType.DESCRIBECOVERAGE_RESPONSE,
0588: constraints);
0589: } else if (rights[i].equalsIgnoreCase("getrecords")) {
0590: rs[i] = new Right(so, RightType.GETRECORDS,
0591: constraints);
0592: } else if (rights[i]
0593: .equalsIgnoreCase("getrecords_response")) {
0594: rs[i] = new Right(so,
0595: RightType.GETRECORDS_RESPONSE, constraints);
0596: } else if (rights[i].equalsIgnoreCase("getrecordbyid")) {
0597: rs[i] = new Right(so, RightType.GETRECORDBYID,
0598: constraints);
0599: } else if (rights[i]
0600: .equalsIgnoreCase("getrecordbyid_response")) {
0601: rs[i] = new Right(so,
0602: RightType.GETRECORDBYID_RESPONSE,
0603: constraints);
0604: } else if (rights[i]
0605: .equalsIgnoreCase("describerecordtype")) {
0606: rs[i] = new Right(so, RightType.DESCRIBERECORDTYPE,
0607: constraints);
0608: } else if (rights[i]
0609: .equalsIgnoreCase("describerecordtype_response")) {
0610: rs[i] = new Right(so,
0611: RightType.DESCRIBERECORDTYPE_RESPONSE,
0612: constraints);
0613: } else if (rights[i].equalsIgnoreCase("delete")) {
0614: rs[i] = new Right(so, RightType.DELETE, constraints);
0615: } else if (rights[i]
0616: .equalsIgnoreCase("delete_response")) {
0617: rs[i] = new Right(so, RightType.DELETE_RESPONSE,
0618: constraints);
0619: } else if (rights[i].equalsIgnoreCase("update")) {
0620: rs[i] = new Right(so, RightType.UPDATE, constraints);
0621: } else if (rights[i]
0622: .equalsIgnoreCase("update_response")) {
0623: rs[i] = new Right(so, RightType.UPDATE_RESPONSE,
0624: constraints);
0625: } else if (rights[i].equalsIgnoreCase("insert")) {
0626: rs[i] = new Right(so, RightType.INSERT, constraints);
0627: } else if (rights[i]
0628: .equalsIgnoreCase("insert_response")) {
0629: rs[i] = new Right(so, RightType.INSERT_RESPONSE,
0630: constraints);
0631: } else if (rights[i]
0632: .equalsIgnoreCase("GetRepositoryItem")) {
0633: rs[i] = new Right(so, RightType.GETREPOSITORYITEM,
0634: constraints);
0635: } else if (rights[i]
0636: .equalsIgnoreCase("GetRepositoryItem_response")) {
0637: rs[i] = new Right(so,
0638: RightType.GETREPOSITORYITEM_RESPONSE,
0639: constraints);
0640: } else {
0641: System.out.println("unknown right: " + rights[i]);
0642: }
0643: }
0644:
0645: transaction.addRights(so, transaction.getRoleByName(role),
0646: rs);
0647: manager.commitTransaction(transaction);
0648: } catch (Exception e) {
0649: e.printStackTrace();
0650: try {
0651: manager.abortTransaction(transaction);
0652: } catch (GeneralSecurityException me) {
0653: me.printStackTrace();
0654: }
0655: }
0656: }
0657:
0658: /**
0659: * @param secObj
0660: * @param soType
0661: * @param role
0662: * @param rights
0663: */
0664: public void removeRights(String secObj, String soType, String role,
0665: String[] rights) {
0666: try {
0667: User user = manager.getUserByName("SEC_ADMIN");
0668: user.authenticate(DRMAccess.secAdminPassword);
0669: transaction = manager.acquireTransaction(user);
0670:
0671: SecuredObject so = transaction.getSecuredObjectByName(
0672: secObj, soType);
0673:
0674: RightType[] rs = new RightType[rights.length];
0675: for (int i = 0; i < rs.length; i++) {
0676: rs[i] = transaction.getRightByName(rights[i]);
0677: }
0678:
0679: transaction.removeRights(so, transaction
0680: .getRoleByName(role), rs);
0681: manager.commitTransaction(transaction);
0682: } catch (Exception e) {
0683: e.printStackTrace();
0684: try {
0685: manager.abortTransaction(transaction);
0686: } catch (GeneralSecurityException me) {
0687: me.printStackTrace();
0688: }
0689: }
0690: }
0691:
0692: /**
0693: *
0694: */
0695: public void clean() {
0696: try {
0697: User user = manager.getUserByName("SEC_ADMIN");
0698: user.authenticate(DRMAccess.secAdminPassword);
0699: transaction = manager.acquireTransaction(user);
0700: transaction.clean();
0701: manager.commitTransaction(transaction);
0702: } catch (Exception e) {
0703: e.printStackTrace();
0704: }
0705: }
0706:
0707: /**
0708: * @param user
0709: * @param password
0710: * @param securedObject
0711: * @param type
0712: * @param right
0713: */
0714: public void hasRight(String user, String password,
0715: String securedObject, String type, String right) {
0716: try {
0717: SecurityAccessManager sam = SecurityAccessManager
0718: .getInstance();
0719: User usr = sam.getUserByName(user);
0720: usr.authenticate(password);
0721: SecurityAccess access = sam.acquireAccess(usr);
0722: SecuredObject secObj = access.getSecuredObjectByName(
0723: securedObject, type);
0724: if (!usr.hasRight(access, right, secObj)) {
0725: System.out
0726: .println("You try to access a feature/resource on a "
0727: + "securedObject you are not allowed to: "
0728: + securedObject);
0729: } else {
0730: System.out.println("the user '" + user
0731: + "' has the requested right");
0732: }
0733: } catch (WrongCredentialsException e) {
0734: e.printStackTrace();
0735: } catch (GeneralSecurityException e) {
0736: e.printStackTrace();
0737: }
0738: }
0739:
0740: private String fillString(String begin, int length) {
0741: StringBuffer sb = new StringBuffer();
0742: for (int i = 0; i < length - begin.length(); i++) {
0743: sb.append(' ');
0744: }
0745: return begin + sb;
0746: }
0747:
0748: /**
0749: * @param userName
0750: * @param secObjectType
0751: */
0752: public void printRights(String userName, String secObjectType) {
0753: try {
0754: User secAdminUser = manager.getUserByName("SEC_ADMIN");
0755: secAdminUser.authenticate(DRMAccess.secAdminPassword);
0756: SecurityAccess access = manager.acquireAccess(secAdminUser);
0757:
0758: User user = access.getUserByName(userName);
0759: SecuredObject[] secObjects = access
0760: .getAllSecuredObjects(secObjectType);
0761: Role[] roles = user.getRoles(access);
0762:
0763: System.out
0764: .println("ROLE SEC_OBJECT RIGHT CONSTRAINTS\n");
0765: for (int i = 0; i < roles.length; i++) {
0766: String roleString = fillString(roles[i].getName(), 24);
0767: for (int j = 0; j < secObjects.length; j++) {
0768: String secObjectString = fillString(secObjects[j]
0769: .getName(), 26);
0770: RightSet rightSet = roles[i].getRights(access,
0771: secObjects[j]);
0772: Right[] rights = rightSet.toArray(secObjects[j]);
0773: for (int k = 0; k < rights.length; k++) {
0774: String rightString = fillString(rights[k]
0775: .getType().getName(), 16);
0776: Filter filter = rights[k].getConstraints();
0777: String constraintsString = " 0";
0778: if (filter != null) {
0779: constraintsString = " 1";
0780: }
0781: System.out.println(roleString + secObjectString
0782: + rightString + constraintsString);
0783: }
0784: }
0785: }
0786: } catch (Exception e) {
0787: e.printStackTrace();
0788: }
0789: }
0790:
0791: /**
0792: *
0793: *
0794: */
0795: private static void printHelp() {
0796: System.out.println("general definitions:");
0797: System.out
0798: .println("-driver JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)");
0799: System.out
0800: .println("-logon jdbc:odbc:security logon to database (e.g. ODBC name)");
0801: System.out.println("-user user name (optional)");
0802: System.out.println("-pw users password (optional)");
0803: System.out.println();
0804: System.out.println("possible actions:");
0805: System.out
0806: .println("-action (addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean)");
0807: System.out
0808: .println("defines the action be performed. possible actions are listed inn brackets.");
0809: System.out.println();
0810: System.out
0811: .println("action = addUser -> adds a user to the right management");
0812: System.out.println("-name users login name");
0813: System.out.println("-password users password");
0814: System.out.println("-firstName the first name of the user");
0815: System.out.println("-lastName the last name of the user");
0816: System.out.println("-emal email address of the user");
0817: System.out.println();
0818: System.out
0819: .println("action = removeUser -> removes a user to the right management");
0820: System.out.println("-name users login name");
0821: System.out.println();
0822: System.out
0823: .println("action = addGroup -> adds a group to the right management system");
0824: System.out.println("-name name of the group");
0825: System.out.println("-title title of the group");
0826: System.out.println();
0827: System.out
0828: .println("action = removeGroup -> removes a group to the right management");
0829: System.out.println("-name groups login name");
0830: System.out.println();
0831: System.out
0832: .println("action = addRole -> adds a role to the right management system");
0833: System.out.println("-name name of the role");
0834: System.out.println();
0835: System.out
0836: .println("action = addUserToGroup -> adds a user to a named group");
0837: System.out.println("-userName name of the user");
0838: System.out.println("-groupName name of the group");
0839: System.out.println();
0840: System.out
0841: .println("action = addUserToGroup -> assignes a group with a role");
0842: System.out.println("-groupName name of the group");
0843: System.out.println("-roleName name of the role");
0844: System.out.println();
0845: System.out
0846: .println("action = addSecuredObject -> adds a new secured object to the right management system");
0847: System.out
0848: .println("-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)");
0849: System.out.println("-soName name of the secured object");
0850: System.out.println("-soTitle title of the secured object");
0851: System.out.println();
0852: System.out
0853: .println("action = removeSecuredObject -> removes a new secured object from the right management system");
0854: System.out
0855: .println("-soType type of the secured object (e.g. Layer, FeatureType, Coverage ...)");
0856: System.out.println("-soName name of the secured object");
0857: System.out.println();
0858: System.out
0859: .println("action = assignRights -> assigns rights on a named secured object to a role");
0860: System.out
0861: .println("-constraints comma seperated list of absolut pathes to filter encoding files");
0862: System.out
0863: .println("-rights comma seperated list of rights to assign. the number of rights must be equest to the number constraints");
0864: System.out.println("-soName name of the secured object");
0865: System.out.println("-soType type of the secured object");
0866: System.out
0867: .println("-role name of the role the rights shall be given to");
0868: System.out.println();
0869: System.out
0870: .println("action = removeRights removes rights on a named secured object to a role");
0871: System.out
0872: .println("-rights comma seperated list of rights to remove.");
0873: System.out.println("-soName name of the secured object");
0874: System.out.println("-soType type of the secured object");
0875: System.out
0876: .println("-role name of the role the rights shall be given to");
0877: System.out.println();
0878: System.out
0879: .println("action = printRights -> print roles and associated rights of a user");
0880: System.out.println("-userName name of the user");
0881: System.out.println("-soType type of the secured object");
0882: System.out.println();
0883: System.out
0884: .println("action = clean -> cleans the complete right management system "
0885: + "database by deleting all entries!");
0886: }
0887:
0888: /**
0889: * @param args
0890: */
0891: public static void main(String[] args) {
0892: try {
0893: Properties map = new Properties();
0894:
0895: for (int i = 0; i < args.length; i += 2) {
0896: if (args.length >= i + 2) {
0897: map.put(args[i], args[i + 1]);
0898: } else {
0899: map.put(args[i], "");
0900: }
0901: }
0902:
0903: if (map.containsKey("-help") || map.containsKey("-h")
0904: || map.containsKey("-?")) {
0905: printHelp();
0906: }
0907:
0908: String driver = map.getProperty("-driver");
0909: String logon = map.getProperty("-logon");
0910: String user = map.getProperty("-user");
0911: String password = map.getProperty("-pw");
0912:
0913: DRMAccess sac = new DRMAccess();
0914: sac.setUp(driver, logon, user, password);
0915:
0916: String action = map.getProperty("-action");
0917:
0918: if (action.equals("addUser")) {
0919: sac.addUser(map.getProperty("-name"), map
0920: .getProperty("-password"), map
0921: .getProperty("-firstName"), map
0922: .getProperty("-lastName"), map
0923: .getProperty("-email"));
0924: } else if (action.equals("removeUser")) {
0925: sac.removeUser(map.getProperty("-name"));
0926: } else if (action.equals("addGroup")) {
0927: sac.addGroup(map.getProperty("-name"), map
0928: .getProperty("-title"));
0929: } else if (action.equals("removeGroup")) {
0930: sac.removeGroup(map.getProperty("-name"));
0931: } else if (action.equals("addRole")) {
0932: sac.addRole(map.getProperty("-name"));
0933: } else if (action.equals("removeRole")) {
0934: sac.removeRole(map.getProperty("-name"));
0935: } else if (action.equals("addUserToGroup")) {
0936: sac.setGroupMemberships(map.getProperty("-userName"),
0937: map.getProperty("-groupName"));
0938: } else if (action.equals("assignRoleWithGroup")) {
0939: sac.setRoleAssociation(map.getProperty("-roleName"),
0940: map.getProperty("-groupName"));
0941: } else if (action.equals("addSecuredObject")) {
0942: sac.addSecuredObject(map.getProperty("-soType"), map
0943: .getProperty("-soName"), map
0944: .getProperty("-soTitle"));
0945: } else if (action.equals("removeSecuredObject")) {
0946: sac.removeSecuredObject(map.getProperty("-soType"), map
0947: .getProperty("-soName"));
0948: } else if (action.equals("assignRights")) {
0949: String[] filter = StringTools.toArray(map
0950: .getProperty("-constraints"), ",;", false);
0951: for (int i = 0; i < filter.length; i++) {
0952: if (filter[i] != null
0953: && !filter[i].trim().equals("-")
0954: && !filter[i].trim().equals(".")) {
0955: RandomAccessFile raf = new RandomAccessFile(
0956: filter[i], "r");
0957: long l = raf.length();
0958: byte[] b = new byte[(int) l];
0959: raf.read(b);
0960: raf.close();
0961: filter[i] = new String(b);
0962: } else {
0963: filter[i] = null;
0964: }
0965: }
0966: String[] rights = StringTools.toArray(map
0967: .getProperty("-rights"), ",:;", false);
0968: sac.assignRights(filter, map.getProperty("-soName"),
0969: map.getProperty("-soType"), map
0970: .getProperty("-role"), rights);
0971: } else if (action.equals("removeRights")) {
0972: String[] rights = StringTools.toArray(map
0973: .getProperty("-rights"), ",", false);
0974: sac.removeRights(map.getProperty("-soName"), map
0975: .getProperty("-soType"), map
0976: .getProperty("-role"), rights);
0977: } else if (action.equals("hasRight")) {
0978: sac.hasRight(map.getProperty("-userName"), map
0979: .getProperty("-password"), map
0980: .getProperty("-soName"), map
0981: .getProperty("-soType"), map
0982: .getProperty("-right"));
0983: } else if (action.equals("clean")) {
0984: sac.clean();
0985: } else if (action.equals("printRights")) {
0986: sac.printRights(map.getProperty("-userName"), map
0987: .getProperty("-soType"));
0988: }
0989:
0990: try {
0991: Thread.sleep(100);
0992: } catch (Exception e) {
0993: // just waiting
0994: }
0995: System.out.println("finished");
0996: System.exit(0);
0997: } catch (FileNotFoundException e) {
0998: e.printStackTrace();
0999: } catch (IOException e) {
1000: e.printStackTrace();
1001: } catch (Exception e) {
1002: e.printStackTrace();
1003: }
1004: }
1005: }
|