Acegi Security System for Spring

Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1

Coverage timestamp: Mon Dec 5 2005 09:05:15 EST

FRAMES NO FRAMES

file stats:	LOC:	113		Methods:	7
	NCLOC:	54		Classes:	1

Source file

Conditionals

Statements

Methods

TOTAL

InsecureChannelProcessor.java

100%

100%

1		/* Copyright 2004 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.securechannel;
17
18		import org.acegisecurity.ConfigAttribute;
19		import org.acegisecurity.ConfigAttributeDefinition;
20		import org.acegisecurity.intercept.web.FilterInvocation;
21
22		import org.springframework.beans.factory.InitializingBean;
23		import org.springframework.util.Assert;
24
25		import java.io.IOException;
26
27		import java.util.Iterator;
28
29		import javax.servlet.ServletException;
30
31
32		/**
33		* <p>
34		* Ensures channel security is inactive by review of
35		* <code>HttpServletRequest.isSecure()</code> responses.
36		* </p>
37		*
38		* <P>
39		* The class responds to one case-sensitive keyword, {@link
40		* #getInsecureKeyword}. If this keyword is detected,
41		* <code>HttpServletRequest.isSecure()</code> is used to determine the channel
42		* security offered. If channel security is present, the configured
43		* <code>ChannelEntryPoint</code> is called. By default the entry point is
44		* {@link RetryWithHttpEntryPoint}.
45		* </p>
46		*
47		* <P>
48		* The default <code>insecureKeyword</code> is
49		* <code>REQUIRES_INSECURE_CHANNEL</code>.
50		* </p>
51		*
52		* @author Ben Alex
53		* @version $Id: InsecureChannelProcessor.java,v 1.3 2005/11/17 00:55:50 benalex Exp $
54		*/
55		public class InsecureChannelProcessor implements InitializingBean,
56		ChannelProcessor {
57		//~ Instance fields ========================================================
58
59		private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
60		private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
61
62		//~ Methods ================================================================
63
64	2	public void setEntryPoint(ChannelEntryPoint entryPoint) {
65	2	this.entryPoint = entryPoint;
66		}
67
68	2	public ChannelEntryPoint getEntryPoint() {
69	2	return entryPoint;
70		}
71
72	3	public void setInsecureKeyword(String secureKeyword) {
73	3	this.insecureKeyword = secureKeyword;
74		}
75
76	8	public String getInsecureKeyword() {
77	8	return insecureKeyword;
78		}
79
80	4	public void afterPropertiesSet() throws Exception {
81	4	Assert.hasLength(insecureKeyword, "insecureKeyword required");
82	2	Assert.notNull(entryPoint, "entryPoint required");
83		}
84
85	3	public void decide(FilterInvocation invocation,
86		ConfigAttributeDefinition config) throws IOException, ServletException {
87	3	if ((invocation == null) \|\| (config == null)) {
88	1	throw new IllegalArgumentException("Nulls cannot be provided");
89		}
90
91	2	Iterator iter = config.getConfigAttributes();
92
93	2	while (iter.hasNext()) {
94	4	ConfigAttribute attribute = (ConfigAttribute) iter.next();
95
96	4	if (supports(attribute)) {
97	2	if (invocation.getHttpRequest().isSecure()) {
98	1	entryPoint.commence(invocation.getRequest(),
99		invocation.getResponse());
100		}
101		}
102		}
103		}
104
105	7	public boolean supports(ConfigAttribute attribute) {
106	7	if ((attribute != null) && (attribute.getAttribute() != null)
107		&& attribute.getAttribute().equals(getInsecureKeyword())) {
108	3	return true;
109		} else {
110	4	return false;
111		}
112		}
113		}