DoServicePasswordHandler.java example

Explorer
secureOWS-master
//$Header: /home/deegree/jail/deegreerepository/deegree/src/org/deegree/ogcwebservices/wass/wss/operation/DoServicePasswordHandler.java,v 1.9 2006/08/29 19:14:17 poth Exp $
/*----------------    FILE HEADER  ------------------------------------------

 This file is part of deegree.
 Copyright (C) 2001-2006 by:
 EXSE, Department of Geography, University of Bonn
 http://www.giub.uni-bonn.de/exse/
 lat/lon GmbH
 http://www.lat-lon.de

 This library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
 License as published by the Free Software Foundation; either
 version 2.1 of the License, or (at your option) any later version.

 This library is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Lesser General Public License for more details.

 You should have received a copy of the GNU Lesser General Public
 License along with this library; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 Contact:

 Andreas Poth
 lat/lon GmbH
 Aennchenstraße 19
 53177 Bonn
 Germany
 E-Mail: poth@lat-lon.de

 Jens Fitzke
 lat/lon GmbH
 Aennchenstraße 19
 53177 Bonn
 Germany
 E-Mail: jens.fitzke@uni-bonn.de

 ---------------------------------------------------------------------------*/

package org.deegree.ogcwebservices.wass.wss.operation;

import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.ogcwebservices.wass.common.AuthenticationData;
import org.deegree.ogcwebservices.wass.common.Messages;
import org.deegree.ogcwebservices.wass.common.WASSSecurityManager;
import org.deegree.ogcwebservices.wass.exceptions.DoServiceException;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.User;

/**
 * This class handles a webservice request which is . It's primary roles are to check if the user
 * has (sufficient) credentials and to delegate the request to the service provider behind this
 * proxy.
 * 
 * 
 * @author <a href="mailto:bezema@lat-lon.de">Rutger Bezema</a>
 * @author last edited by: $Author: poth $
 * 
 * @version 2.0, $Revision: 1.9 $, $Date: 2006/08/29 19:14:17 $
 * 
 * @since 2.0
 */

public class DoServicePasswordHandler extends DoServiceHandler {

    private static final ILogger LOG = LoggerFactory.getLogger( DoServicePasswordHandler.class );

    private final SecurityAccessManager manager;

    /**
     * @param securityManager
     * @throws GeneralSecurityException
     */
    public DoServicePasswordHandler( WASSSecurityManager securityManager )
                            throws GeneralSecurityException {
        manager = securityManager.getSecurityAccessManager();
    }

    /**
     * Checks if the request has sufficient credentials to request the feature, and if so request
     * the feature at the service.
     * 
     * @throws DoServiceException
     */
    @Override
    public void handleRequest( DoService request )
                            throws DoServiceException {
        LOG.entering();
        AuthenticationData authData = request.getAuthenticationData();
        // password authentication used?
        if ( authData.usesPasswordAuthentication() ) {
            try {
                String user = authData.getUsername();
                String pass = authData.getPassword();
                User usr = manager.getUserByName( user );
                usr.authenticate( pass );
                // SecurityAccess secAccess = manager.acquireAccess( usr );
                // usr.hasRight( secAccess );
                /**
                 * TODO Here it is specified that the wss should check if the user has the
                 * sufficient right to do the service request. Deegree does these request in the
                 * owsRequestvalidator package, which means we only support - for the moment - a
                 * check if the user is registered. For Details on how to get the right for
                 * particular object please look at the following method.
                 * 
                 * @see org.deegree.security.owsrequestvalidator.GetFeatureRequestValidator#validateAgainstRightsDB
                 * 
                 */
            } catch ( GeneralSecurityException e ) {
                LOG.logError( e.getLocalizedMessage(), e );
                throw new DoServiceException( e.getLocalizedMessage(), e );
            } catch ( StringIndexOutOfBoundsException e ) {
                LOG.logError( e.getLocalizedMessage(), e );
                throw new DoServiceException( Messages.format( "ogcwebservices.wass.ERROR_USERPASS_NOT_PARSED",
                                                               "WSS" ) );
            }
        }

        setRequestAllowed( true );
        LOG.exiting();
    }

}

/***************************************************************************************************
 * Changes to this class. What the people have been up to: 
 * $Log: DoServicePasswordHandler.java,v $
 * Revision 1.9  2006/08/29 19:14:17  poth
 * code formating / footer correction
 *
 * Revision 1.8  2006/08/24 06:42:16  poth
 * File header corrected
 * Changes to this class. What the people have been up to:
 * Revision 1.7  2006/06/26 07:24:01  bezema
 * Deleted some comments and a small change to the messages.properties
 * Changes to this class. What the people have been up to:
 * Revision 1.6  2006/06/23 13:53:47  schmitz
 * Externalized all Strings, fixed up some exceptions and messages, reviewed/fixed some code.
 * Changes to this class. What the people have been up to:
 * Revision 1.5 2006/06/20 15:31:05 bezema
 * It looks like the completion of wss. was
 * needs further checking in a tomcat environment. The Strings must still be externalized. Logging
 * is done, so is the formatting. Changes to
 * this class. What the people have been up to: Revision 1.4 2006/06/16 15:01:05 schmitz Changes to
 * this class. What the people have been up to: Fixed the WSS to work with all kinds of operation
 * tests. It checks out with both XML and
 * KVP requests. Changes to this class. What
 * the people have been up to: Revision 1.3 2006/06/06 15:28:05 bezema Changes to this class. What
 * the people have been up to: Added a "null" prefix check in xmltools so that it, added a
 * characterset to the deegreeparams and the WSS::DoService class is almost done Changes to this
 * class. What the people have been up to: Changes to this class. What the people have been up to:
 * Revision 1.2 2006/05/30 15:11:28 bezema Changes to this class. What the people have been up to:
 * Working on the postclient from apachecommons to place a request to the services behind the wss
 * proxy Revision 1.1 2006/05/30 12:46:33
 * bezema DoService is now handled
 * 
 * Revision 1.3 2006/05/30 10:12:02 bezema Putting the cvs asci option to -kkv which will update the
 * $revision$ $author$ and $date$ variables in a cvs commit
 * 
 * Revision 1.2 2006/05/30 08:44:48 bezema Reararranging the layout (again) to use features of OOP.
 * The owscommonDocument is the real baseclass now.
 * 
 * Revision 1.1 2006/05/29 16:24:59 bezema Rearranging the layout of the wss and creating the
 * doservice classes. The WSService class is implemented as well
 * 
 * 
 **************************************************************************************************/