Acegi Security System for Spring

Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1

Coverage timestamp: Mon Dec 5 2005 09:05:15 EST

FRAMES NO FRAMES

file stats:	LOC:	144		Methods:	6
	NCLOC:	45		Classes:	1

Source file

Conditionals

Statements

Methods

TOTAL

AuthenticationProcessingFilter.java

100%

100%

1		/* Copyright 2004, 2005 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.ui.webapp;
17
18		import org.acegisecurity.Authentication;
19		import org.acegisecurity.AuthenticationException;
20		import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
21		import org.acegisecurity.ui.AbstractProcessingFilter;
22		import org.acegisecurity.ui.WebAuthenticationDetails;
23
24		import javax.servlet.FilterConfig;
25		import javax.servlet.ServletException;
26		import javax.servlet.http.HttpServletRequest;
27
28
29		/**
30		* Processes an authentication form.
31		*
32		* <p>
33		* Login forms must present two parameters to this filter: a username and
34		* password. The parameter names to use are contained in the static fields
35		* {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link
36		* #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
37		* </p>
38		*
39		* <P>
40		* <B>Do not use this class directly.</B> Instead configure
41		* <code>web.xml</code> to use the {@link
42		* org.acegisecurity.util.FilterToBeanProxy}.
43		* </p>
44		*
45		* @author Ben Alex
46		* @author Colin Sampaleanu
47		* @version $Id: AuthenticationProcessingFilter.java,v 1.13 2005/11/17 00:55:50 benalex Exp $
48		*/
49		public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
50		//~ Static fields/initializers =============================================
51
52		public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
53		public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
54		public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
55
56		//~ Methods ================================================================
57
58		/**
59		* This filter by default responds to <code>/j_acegi_security_check</code>.
60		*
61		* @return the default
62		*/
63	5	public String getDefaultFilterProcessesUrl() {
64	5	return "/j_acegi_security_check";
65		}
66
67	3	public Authentication attemptAuthentication(HttpServletRequest request)
68		throws AuthenticationException {
69	3	String username = obtainUsername(request);
70	3	String password = obtainPassword(request);
71
72	3	if (username == null) {
73	1	username = "";
74		}
75
76	3	if (password == null) {
77	1	password = "";
78		}
79
80	3	UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
81		password);
82
83		// Allow subclasses to set the "details" property
84	3	setDetails(request, authRequest);
85
86		// Place the last username attempted into HttpSession for views
87	3	request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,
88		username);
89
90	3	return this.getAuthenticationManager().authenticate(authRequest);
91		}
92
93	3	public void init(FilterConfig filterConfig) throws ServletException {}
94
95		/**
96		* Provided so that subclasses may configure what is put into the
97		* authentication request's details property. The default implementation
98		* simply constructs {@link WebAuthenticationDetails}.
99		*
100		* @param request that an authentication request is being created for
101		* @param authRequest the authentication request object that should have
102		* its details set
103		*/
104	3	protected void setDetails(HttpServletRequest request,
105		UsernamePasswordAuthenticationToken authRequest) {
106	3	authRequest.setDetails(new WebAuthenticationDetails(request));
107		}
108
109		/**
110		* Enables subclasses to override the composition of the password, such as
111		* by including additional values and a separator.
112		*
113		* <p>
114		* This might be used for example if a postcode/zipcode was required in
115		* addition to the password. A delimiter such as a pipe (\|) should be used
116		* to separate the password and extended value(s). The
117		* <code>AuthenticationDao</code> will need to generate the expected
118		* password in a corresponding manner.
119		* </p>
120		*
121		* @param request so that request attributes can be retrieved
122		*
123		* @return the password that will be presented in the
124		* <code>Authentication</code> request token to the
125		* <code>AuthenticationManager</code>
126		*/
127	3	protected String obtainPassword(HttpServletRequest request) {
128	3	return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
129		}
130
131		/**
132		* Enables subclasses to override the composition of the username, such as
133		* by including additional values and a separator.
134		*
135		* @param request so that request attributes can be retrieved
136		*
137		* @return the username that will be presented in the
138		* <code>Authentication</code> request token to the
139		* <code>AuthenticationManager</code>
140		*/
141	3	protected String obtainUsername(HttpServletRequest request) {
142	3	return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
143		}
144		}