Acegi Security System for Spring

Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1

Coverage timestamp: Mon Dec 5 2005 09:05:15 EST

FRAMES NO FRAMES

file stats:	LOC:	110		Methods:	7
	NCLOC:	52		Classes:	1

Source file

Conditionals

Statements

Methods

TOTAL

SecureChannelProcessor.java

100%

100%

1		/* Copyright 2004 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.securechannel;
17
18		import org.acegisecurity.ConfigAttribute;
19		import org.acegisecurity.ConfigAttributeDefinition;
20		import org.acegisecurity.intercept.web.FilterInvocation;
21
22		import org.springframework.beans.factory.InitializingBean;
23		import org.springframework.util.Assert;
24
25		import java.io.IOException;
26
27		import java.util.Iterator;
28
29		import javax.servlet.ServletException;
30
31
32		/**
33		* <p>
34		* Ensures channel security is active by review of
35		* <code>HttpServletRequest.isSecure()</code> responses.
36		* </p>
37		*
38		* <P>
39		* The class responds to one case-sensitive keyword, {@link #getSecureKeyword}.
40		* If this keyword is detected, <code>HttpServletRequest.isSecure()</code> is
41		* used to determine the channel security offered. If channel security is not
42		* present, the configured <code>ChannelEntryPoint</code> is called. By
43		* default the entry point is {@link RetryWithHttpsEntryPoint}.
44		* </p>
45		*
46		* <P>
47		* The default <code>secureKeyword</code> is
48		* <code>REQUIRES_SECURE_CHANNEL</code>.
49		* </p>
50		*
51		* @author Ben Alex
52		* @version $Id: SecureChannelProcessor.java,v 1.3 2005/11/17 00:55:50 benalex Exp $
53		*/
54		public class SecureChannelProcessor implements InitializingBean,
55		ChannelProcessor {
56		//~ Instance fields ========================================================
57
58		private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();
59		private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
60
61		//~ Methods ================================================================
62
63	2	public void setEntryPoint(ChannelEntryPoint entryPoint) {
64	2	this.entryPoint = entryPoint;
65		}
66
67	2	public ChannelEntryPoint getEntryPoint() {
68	2	return entryPoint;
69		}
70
71	3	public void setSecureKeyword(String secureKeyword) {
72	3	this.secureKeyword = secureKeyword;
73		}
74
75	8	public String getSecureKeyword() {
76	8	return secureKeyword;
77		}
78
79	4	public void afterPropertiesSet() throws Exception {
80	4	Assert.hasLength(secureKeyword, "secureKeyword required");
81	2	Assert.notNull(entryPoint, "entryPoint required");
82		}
83
84	3	public void decide(FilterInvocation invocation,
85		ConfigAttributeDefinition config) throws IOException, ServletException {
86	3	Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
87
88	2	Iterator iter = config.getConfigAttributes();
89
90	2	while (iter.hasNext()) {
91	4	ConfigAttribute attribute = (ConfigAttribute) iter.next();
92
93	4	if (supports(attribute)) {
94	2	if (!invocation.getHttpRequest().isSecure()) {
95	1	entryPoint.commence(invocation.getRequest(),
96		invocation.getResponse());
97		}
98		}
99		}
100		}
101
102	7	public boolean supports(ConfigAttribute attribute) {
103	7	if ((attribute != null) && (attribute.getAttribute() != null)
104		&& attribute.getAttribute().equals(getSecureKeyword())) {
105	3	return true;
106		} else {
107	4	return false;
108		}
109		}
110		}