Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1
Coverage timestamp: Mon Dec 5 2005 09:05:15 EST
Overview   Package   File
    FRAMES   NO FRAMES  
file stats: LOC: 173   Methods: 10
NCLOC: 93   Classes: 1
 
 Source file Conditionals Statements Methods TOTAL
AuthenticationProcessingFilterEntryPoint.java 92.9% 97.1% 100% 96.6%
coverage coverage
 1    /* Copyright 2004 Acegi Technology Pty Limited
 2    *
 3    * Licensed under the Apache License, Version 2.0 (the "License");
 4    * you may not use this file except in compliance with the License.
 5    * You may obtain a copy of the License at
 6    *
 7    * http://www.apache.org/licenses/LICENSE-2.0
 8    *
 9    * Unless required by applicable law or agreed to in writing, software
 10    * distributed under the License is distributed on an "AS IS" BASIS,
 11    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12    * See the License for the specific language governing permissions and
 13    * limitations under the License.
 14    */
 15    package org.acegisecurity.ui.webapp;
 16   
 17    import org.acegisecurity.AuthenticationException;
 18    import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
 19    import org.acegisecurity.util.PortMapper;
 20    import org.acegisecurity.util.PortMapperImpl;
 21    import org.acegisecurity.util.PortResolver;
 22    import org.acegisecurity.util.PortResolverImpl;
 23   
 24    import org.apache.commons.logging.Log;
 25    import org.apache.commons.logging.LogFactory;
 26   
 27    import org.springframework.beans.factory.InitializingBean;
 28   
 29    import org.springframework.util.Assert;
 30   
 31    import java.io.IOException;
 32   
 33    import javax.servlet.ServletException;
 34    import javax.servlet.ServletRequest;
 35    import javax.servlet.ServletResponse;
 36    import javax.servlet.http.HttpServletRequest;
 37    import javax.servlet.http.HttpServletResponse;
 38   
 39   
 40    /**
 41    * <p>
 42    * Used by the <code>SecurityEnforcementFilter</code> to commence
 43    * authentication via the {@link AuthenticationProcessingFilter}. This object
 44    * holds the location of the login form, relative to the web app context path,
 45    * and is used to commence a redirect to that form.
 46    * </p>
 47    *
 48    * <p>
 49    * By setting the <em>forceHttps</em> property to true, you may configure the
 50    * class to force the protocol used for the login form to be
 51    * <code>HTTPS</code>, even if the original intercepted request for a resource
 52    * used the <code>HTTP</code> protocol. When this happens, after a successful
 53    * login (via HTTPS), the original resource will still be accessed as HTTP,
 54    * via the original request URL. For the forced HTTPS feature to work, the
 55    * {@link PortMapper} is consulted to determine the HTTP:HTTPS pairs.
 56    * </p>
 57    *
 58    * @author Ben Alex
 59    * @author colin sampaleanu
 60    * @author Omri Spector
 61    * @version $Id: AuthenticationProcessingFilterEntryPoint.java,v 1.11 2005/11/17 00:55:50 benalex Exp $
 62    */
 63    public class AuthenticationProcessingFilterEntryPoint
 64    implements AuthenticationEntryPoint, InitializingBean {
 65    private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
 66    private PortMapper portMapper = new PortMapperImpl();
 67    private PortResolver portResolver = new PortResolverImpl();
 68    private String loginFormUrl;
 69    private boolean forceHttps = false;
 70   
 71    /**
 72    * Set to true to force login form access to be via https. If this value is
 73    * ture (the default is false), and the incoming request for the protected
 74    * resource which triggered the interceptor was not already
 75    * <code>https</code>, then
 76    *
 77    * @param forceHttps
 78    */
 79  6 public void setForceHttps(boolean forceHttps) {
 80  6 this.forceHttps = forceHttps;
 81    }
 82   
 83  2 public boolean getForceHttps() {
 84  2 return forceHttps;
 85    }
 86   
 87    /**
 88    * The URL where the <code>AuthenticationProcessingFilter</code> login page
 89    * can be found. Should be relative to the web-app context path, and
 90    * include a leading <code>/</code>
 91    *
 92    * @param loginFormUrl
 93    */
 94  8 public void setLoginFormUrl(String loginFormUrl) {
 95  8 this.loginFormUrl = loginFormUrl;
 96    }
 97   
 98  1 public String getLoginFormUrl() {
 99  1 return loginFormUrl;
 100    }
 101   
 102  11 public void setPortMapper(PortMapper portMapper) {
 103  11 this.portMapper = portMapper;
 104    }
 105   
 106  1 public PortMapper getPortMapper() {
 107  1 return portMapper;
 108    }
 109   
 110  10 public void setPortResolver(PortResolver portResolver) {
 111  10 this.portResolver = portResolver;
 112    }
 113   
 114  1 public PortResolver getPortResolver() {
 115  1 return portResolver;
 116    }
 117   
 118  10 public void afterPropertiesSet() throws Exception {
 119  10 Assert.hasLength(loginFormUrl, "loginFormUrl must be specified");
 120  9 Assert.notNull(portMapper, "portMapper must be specified");
 121  8 Assert.notNull(portResolver, "portResolver must be specified");
 122    }
 123   
 124  8 public void commence(ServletRequest request, ServletResponse response,
 125    AuthenticationException authException)
 126    throws IOException, ServletException {
 127  8 HttpServletRequest req = (HttpServletRequest) request;
 128  8 String scheme = request.getScheme();
 129  8 String serverName = request.getServerName();
 130  8 int serverPort = portResolver.getServerPort(request);
 131  8 String contextPath = req.getContextPath();
 132   
 133  8 boolean inHttp = "http".equals(scheme.toLowerCase());
 134  8 boolean inHttps = "https".equals(scheme.toLowerCase());
 135   
 136  8 boolean includePort = ((inHttp && (serverPort == 80)) ||
 137    (inHttps && (serverPort == 443)));
 138   
 139  8 if ("http".equals(scheme.toLowerCase()) && (serverPort == 80)) {
 140  2 includePort = false;
 141    }
 142   
 143  8 if ("https".equals(scheme.toLowerCase()) && (serverPort == 443)) {
 144  1 includePort = false;
 145    }
 146   
 147  8 String redirectUrl = contextPath + loginFormUrl;
 148   
 149  8 if (forceHttps && inHttp) {
 150  5 Integer httpPort = new Integer(portResolver.getServerPort(request));
 151  5 Integer httpsPort = (Integer) portMapper.lookupHttpsPort(httpPort);
 152   
 153  5 if (httpsPort != null) {
 154  4 if (httpsPort.intValue() == 443) {
 155  1 includePort = false;
 156    } else {
 157  3 includePort = true;
 158    }
 159   
 160  4 redirectUrl = "https://" + serverName +
 161  4 ((includePort) ? (":" + httpsPort) : "") + contextPath +
 162    loginFormUrl;
 163    }
 164    }
 165   
 166  8 if (logger.isDebugEnabled()) {
 167  0 logger.debug("Redirecting to: " + redirectUrl);
 168    }
 169   
 170  8 ((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response).encodeRedirectURL(
 171    redirectUrl));
 172    }
 173    }
 
CloverReport generated by Clover v1.3.3_01
Mon Dec 5 2005 09:05:16 EST.		   Open Source License registered to the Acegi Security System for Spring Project. This license of Clover is provided to support the development of Acegi Security System for Spring only.