Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1
Coverage timestamp: Mon Dec 5 2005 09:05:15 EST
Overview   Package   File
    FRAMES   NO FRAMES  
file stats: LOC: 184   Methods: 12
NCLOC: 85   Classes: 1
 
 Source file Conditionals Statements Methods TOTAL
AnonymousProcessingFilter.java 70% 91.3% 100% 88.9%
coverage coverage
 1    /* Copyright 2004, 2005 Acegi Technology Pty Limited
 2    *
 3    * Licensed under the Apache License, Version 2.0 (the "License");
 4    * you may not use this file except in compliance with the License.
 5    * You may obtain a copy of the License at
 6    *
 7    * http://www.apache.org/licenses/LICENSE-2.0
 8    *
 9    * Unless required by applicable law or agreed to in writing, software
 10    * distributed under the License is distributed on an "AS IS" BASIS,
 11    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12    * See the License for the specific language governing permissions and
 13    * limitations under the License.
 14    */
 15   
 16    package org.acegisecurity.providers.anonymous;
 17   
 18    import org.acegisecurity.Authentication;
 19    import org.acegisecurity.context.SecurityContextHolder;
 20    import org.acegisecurity.userdetails.memory.UserAttribute;
 21   
 22    import org.apache.commons.logging.Log;
 23    import org.apache.commons.logging.LogFactory;
 24   
 25    import org.springframework.beans.factory.InitializingBean;
 26   
 27    import org.springframework.util.Assert;
 28   
 29    import java.io.IOException;
 30   
 31    import javax.servlet.Filter;
 32    import javax.servlet.FilterChain;
 33    import javax.servlet.FilterConfig;
 34    import javax.servlet.ServletException;
 35    import javax.servlet.ServletRequest;
 36    import javax.servlet.ServletResponse;
 37   
 38   
 39    /**
 40    * Detects if there is no <code>Authentication</code> object in the
 41    * <code>SecurityContextHolder</code>, and populates it with one if needed.
 42    *
 43    * <p>
 44    * <b>Do not use this class directly.</b> Instead configure
 45    * <code>web.xml</code> to use the {@link
 46    * org.acegisecurity.util.FilterToBeanProxy}.
 47    * </p>
 48    *
 49    * @author Ben Alex
 50    * @version $Id: AnonymousProcessingFilter.java,v 1.9 2005/11/29 13:10:13 benalex Exp $
 51    */
 52    public class AnonymousProcessingFilter implements Filter, InitializingBean {
 53    //~ Static fields/initializers =============================================
 54   
 55    private static final Log logger = LogFactory.getLog(AnonymousProcessingFilter.class);
 56   
 57    //~ Instance fields ========================================================
 58   
 59    private String key;
 60    private UserAttribute userAttribute;
 61    private boolean removeAfterRequest = true;
 62   
 63    //~ Methods ================================================================
 64   
 65  4 public void setKey(String key) {
 66  4 this.key = key;
 67    }
 68   
 69  1 public String getKey() {
 70  1 return key;
 71    }
 72   
 73    /**
 74    * Controls whether the filter will remove the Anonymous token after the
 75    * request is complete. Generally this is desired to avoid the expense of
 76    * a session being created by {@link
 77    * org.acegisecurity.context.HttpSessionContextIntegrationFilter
 78    * HttpSessionContextIntegrationFilter} simply to store the Anonymous
 79    * authentication token.
 80    *
 81    * <p>
 82    * Defaults to <code>true</code>, being the most optimal and appropriate
 83    * option (ie <code>AnonymousProcessingFilter</code> will clear the token
 84    * at the end of each request, thus avoiding the session creation overhead
 85    * in a typical configuration.
 86    * </p>
 87    *
 88    * @param removeAfterRequest DOCUMENT ME!
 89    */
 90  3 public void setRemoveAfterRequest(boolean removeAfterRequest) {
 91  3 this.removeAfterRequest = removeAfterRequest;
 92    }
 93   
 94  2 public boolean isRemoveAfterRequest() {
 95  2 return removeAfterRequest;
 96    }
 97   
 98  4 public void setUserAttribute(UserAttribute userAttributeDefinition) {
 99  4 this.userAttribute = userAttributeDefinition;
 100    }
 101   
 102  1 public UserAttribute getUserAttribute() {
 103  1 return userAttribute;
 104    }
 105   
 106  5 public void afterPropertiesSet() throws Exception {
 107  5 Assert.notNull(userAttribute);
 108  4 Assert.hasLength(key);
 109    }
 110   
 111    /**
 112    * Does nothing - we reply on IoC lifecycle services instead.
 113    */
 114  3 public void destroy() {}
 115   
 116  3 public void doFilter(ServletRequest request, ServletResponse response,
 117    FilterChain chain) throws IOException, ServletException {
 118  3 boolean addedToken = false;
 119   
 120  3 if (applyAnonymousForThisRequest(request)) {
 121  3 if (SecurityContextHolder.getContext().getAuthentication() == null) {
 122  2 SecurityContextHolder.getContext().setAuthentication(createAuthentication(
 123    request));
 124  2 addedToken = true;
 125   
 126  2 if (logger.isDebugEnabled()) {
 127  0 logger.debug(
 128    "Populated SecurityContextHolder with anonymous token: '"
 129    + SecurityContextHolder.getContext().getAuthentication()
 130    + "'");
 131    }
 132    } else {
 133  1 if (logger.isDebugEnabled()) {
 134  0 logger.debug(
 135    "SecurityContextHolder not populated with anonymous token, as it already contained: '"
 136    + SecurityContextHolder.getContext().getAuthentication()
 137    + "'");
 138    }
 139    }
 140    }
 141   
 142  3 try {
 143  3 chain.doFilter(request, response);
 144    } finally {
 145  3 if (addedToken && removeAfterRequest
 146    && createAuthentication(request).equals(SecurityContextHolder.getContext()
 147    .getAuthentication())) {
 148  1 SecurityContextHolder.getContext().setAuthentication(null);
 149    }
 150    }
 151    }
 152   
 153    /**
 154    * Does nothing - we reply on IoC lifecycle services instead.
 155    *
 156    * @param ignored not used
 157    *
 158    * @throws ServletException DOCUMENT ME!
 159    */
 160  3 public void init(FilterConfig ignored) throws ServletException {}
 161   
 162    /**
 163    * Enables subclasses to determine whether or not an anonymous
 164    * authentication token should be setup for this request. This is useful
 165    * if anonymous authentication should be allowed only for specific IP
 166    * subnet ranges etc.
 167    *
 168    * @param request to assist the method determine request details
 169    *
 170    * @return <code>true</code> if the anonymous token should be setup for
 171    * this request (provided that the request doesn't already have
 172    * some other <code>Authentication</code> inside it), or
 173    * <code>false</code> if no anonymous token should be setup for
 174    * this request
 175    */
 176  3 protected boolean applyAnonymousForThisRequest(ServletRequest request) {
 177  3 return true;
 178    }
 179   
 180  3 protected Authentication createAuthentication(ServletRequest request) {
 181  3 return new AnonymousAuthenticationToken(key,
 182    userAttribute.getPassword(), userAttribute.getAuthorities());
 183    }
 184    }
 
CloverReport generated by Clover v1.3.3_01
Mon Dec 5 2005 09:05:16 EST.		   Open Source License registered to the Acegi Security System for Spring Project. This license of Clover is provided to support the development of Acegi Security System for Spring only.