Source Code of org.geoserver.xacml.geoxacml.XACMLUtil

/* Copyright (c) 2001 - 2007 TOPP - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, availible at the root
 * application directory.
 */

package org.geoserver.xacml.geoxacml;

import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;

import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.geotools.xacml.geoxacml.attr.GML3Support;

import com.sun.xacml.Indenter;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.ctx.Result;
import com.vividsolutions.jts.geom.Geometry;
import com.vividsolutions.jts.geom.LineString;
import com.vividsolutions.jts.geom.MultiLineString;
import com.vividsolutions.jts.geom.MultiPoint;
import com.vividsolutions.jts.geom.MultiPolygon;
import com.vividsolutions.jts.geom.Point;
import com.vividsolutions.jts.geom.Polygon;

/**
 * Some utility methods
 *
 * @author Mueller Christian
 *
 */
public class XACMLUtil {

    static public String asXMLString(RequestCtx ctx) {
        OutputStream out = new ByteArrayOutputStream();
        ctx.encode(out, new Indenter(2));
        return out.toString();
    }

    static public String asXMLString(ResponseCtx ctx) {
        OutputStream out = new ByteArrayOutputStream();
        ctx.encode(out, new Indenter(2));
        return out.toString();
    }

    /**
     * One Permit is enough, but all responses must be checked if there was a processing error
     *
     * @param responses
     *            from role requests
     * @return XACML decision
     */
    public static int getDecisionFromRoleResponses(List<ResponseCtx> responses) {
        boolean hasPermit = false;

        for (ResponseCtx responseCtx : responses) {
            int decision = getDecisionFromResponseContext(responseCtx);
            if (decision == Result.DECISION_INDETERMINATE) // Error
                return decision;
            if (decision == Result.DECISION_PERMIT)
                hasPermit = true;
        }
        return hasPermit ? Result.DECISION_PERMIT : Result.DECISION_DENY;

    }

    public static int getDecisionFromResponseContext(ResponseCtx responseCtx) {
        Set<Result> results = responseCtx.getResults();
        // Set<Obligation> permitObligations = new HashSet<Obligation>();
        // Set<Obligation> denyObligations = new HashSet<Obligation>();
        Set<String> resources = new HashSet<String>();

        boolean hasPermit = false, hasDeny = false;
        for (Result result : results) {
            int decision = result.getDecision();
            resources.add(result.getResource());
            if (decision == Result.DECISION_INDETERMINATE)
                return Result.DECISION_INDETERMINATE; // error
            if (decision == Result.DECISION_DENY) {
                hasDeny = true;
                // denyObligations.addAll(result.getObligations());
            }
            if (decision == Result.DECISION_PERMIT) {
                hasPermit = true;
                // permitObligations.addAll(result.getObligations());
            }
        }
        if (hasDeny && hasPermit) {
            logDecision(Result.DECISION_INDETERMINATE, resources);
            return Result.DECISION_INDETERMINATE;
        }
        if (!hasDeny && !hasPermit) {
            logDecision(Result.DECISION_NOT_APPLICABLE, resources);
            return Result.DECISION_NOT_APPLICABLE;
        }
        if (hasDeny) {
            logDecision(Result.DECISION_DENY, resources);
            return Result.DECISION_DENY;
        }

        return Result.DECISION_PERMIT;
    }

    private static void logDecision(int decision, Set<String> resources) {
        StringBuffer buff = new StringBuffer("User: ");
        buff.append(authenticationAsString());
        buff.append(" resource: ");
        for (String resource : resources) {
            buff.append(resource).append(",");
        }
        if (resources.size() > 1)
            buff.setLength(buff.length() - 1);
        buff.append(" ");
        buff.append(Result.DECISIONS[decision]);
        getXACMLLogger().info(buff.toString());
    }

    private static String authenticationAsString() {

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (auth == null)
            return "anonymous";
        String userName = auth.getCredentials() instanceof UserDetails ? ((UserDetails) auth
                .getPrincipal()).getUsername() : auth.getCredentials().toString();
        StringBuffer buff = new StringBuffer(userName);
        buff.append(" [ ");
        for (GrantedAuthority ga : auth.getAuthorities()) {
            buff.append(ga.getAuthority()).append(",");
        }
        if (auth.getAuthorities().length > 0)
            buff.setLength(buff.length() - 1);
        buff.append(" ] ");
        return buff.toString();
    }

    public static Logger getXACMLLogger() {
        return Logger.getLogger("XACML");
    }

    public static String getGMLTypeFor(Geometry g) {
        String gmlType = null;
        if (g instanceof Point)
            gmlType = GML3Support.GML_POINT;
        if (g instanceof LineString)
            gmlType = GML3Support.GML_LINESTRING;
        if (g instanceof Polygon)
            gmlType = GML3Support.GML_POLYGON;
        if (g instanceof MultiPoint)
            gmlType = GML3Support.GML_MULTIPOINT;
        if (g instanceof MultiLineString)
            gmlType = GML3Support.GML_MULTICURVE;
        if (g instanceof MultiPolygon)
            gmlType = GML3Support.GML_MULTISURFACE;

        if (gmlType == null) {
            throw new RuntimeException("No GML type for " + g.getClass().getName());
        }
        return gmlType;
    }

}