Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1
Coverage timestamp: Mon Dec 5 2005 09:05:15 EST
Overview   Package   File
    FRAMES   NO FRAMES  
file stats: LOC: 145   Methods: 6
NCLOC: 56   Classes: 1
 
 Source file Conditionals Statements Methods TOTAL
SecurityContextHolderAwareRequestWrapper.java 92.9% 95.7% 100% 95.3%
coverage coverage
 1    /* Copyright 2004, 2005 Acegi Technology Pty Limited
 2    *
 3    * Licensed under the Apache License, Version 2.0 (the "License");
 4    * you may not use this file except in compliance with the License.
 5    * You may obtain a copy of the License at
 6    *
 7    * http://www.apache.org/licenses/LICENSE-2.0
 8    *
 9    * Unless required by applicable law or agreed to in writing, software
 10    * distributed under the License is distributed on an "AS IS" BASIS,
 11    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12    * See the License for the specific language governing permissions and
 13    * limitations under the License.
 14    */
 15   
 16    package org.acegisecurity.wrapper;
 17   
 18    import org.acegisecurity.Authentication;
 19    import org.acegisecurity.AuthenticationTrustResolver;
 20    import org.acegisecurity.AuthenticationTrustResolverImpl;
 21    import org.acegisecurity.context.SecurityContextHolder;
 22    import org.acegisecurity.userdetails.UserDetails;
 23   
 24    import java.security.Principal;
 25   
 26    import javax.servlet.http.HttpServletRequest;
 27    import javax.servlet.http.HttpServletRequestWrapper;
 28   
 29   
 30    /**
 31    * An Acegi Security-aware <code>HttpServletRequestWrapper</code>, which uses
 32    * the <code>SecurityContext</code>-defined <code>Authentication</code> object
 33    * for {@link SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)}
 34    * and {@link javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()}
 35    * responses.
 36    *
 37    * @author Orlando Garcia Carmona
 38    * @author Ben Alex
 39    * @version $Id: SecurityContextHolderAwareRequestWrapper.java,v 1.3 2005/11/29 13:10:11 benalex Exp $
 40    */
 41    public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
 42    //~ Instance fields ========================================================
 43   
 44    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
 45   
 46    //~ Constructors ===========================================================
 47   
 48  6 public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request) {
 49  6 super(request);
 50    }
 51   
 52    //~ Methods ================================================================
 53   
 54    /**
 55    * Returns the principal's name, as obtained from the
 56    * <code>SecurityContextHolder</code>. Properly handles both
 57    * <code>String</code>-based and <code>UserDetails</code>-based
 58    * principals.
 59    *
 60    * @return the username or <code>null</code> if unavailable
 61    */
 62  4 public String getRemoteUser() {
 63  4 Authentication auth = getAuthentication();
 64   
 65  4 if ((auth == null) || (auth.getPrincipal() == null)) {
 66  2 return null;
 67    }
 68   
 69  2 if (auth.getPrincipal() instanceof UserDetails) {
 70  1 return ((UserDetails) auth.getPrincipal()).getUsername();
 71    }
 72   
 73  1 return auth.getPrincipal().toString();
 74    }
 75   
 76    /**
 77    * Simple searches for an exactly matching {@link
 78    * GrantedAuthority#getAuthority()}.
 79    *
 80    * <p>
 81    * Will always return <code>false</code> if the <code>SecurityContextHolder</code>
 82    * contains an <code>Authentication</code> with
 83    * <code>null</code><code>principal</code> and/or
 84    * <code>GrantedAuthority[]</code> objects.
 85    * </p>
 86    *
 87    * @param role the <code>GrantedAuthority</code><code>String</code>
 88    * representation to check for
 89    *
 90    * @return <code>true</code> if an <b>exact</b> (case sensitive) matching
 91    * granted authority is located, <code>false</code> otherwise
 92    */
 93  9 public boolean isUserInRole(String role) {
 94  9 return isGranted(role);
 95    }
 96   
 97    /**
 98    * Returns the <code>Authentication</code> (which is a subclass of
 99    * <code>Principal</code>), or <code>null</code> if unavailable.
 100    *
 101    * @return the <code>Authentication</code>, or <code>null</code>
 102    */
 103  4 public Principal getUserPrincipal() {
 104  4 Authentication auth = getAuthentication();
 105   
 106  4 if ((auth == null) || (auth.getPrincipal() == null)) {
 107  2 return null;
 108    }
 109   
 110  2 return auth;
 111    }
 112   
 113    /**
 114    * Obtain the current active <code>Authentication</code>
 115    *
 116    * @return the authentication object or <code>null</code>
 117    */
 118  17 private Authentication getAuthentication() {
 119  17 Authentication auth = SecurityContextHolder.getContext()
 120    .getAuthentication();
 121   
 122  17 if (!authenticationTrustResolver.isAnonymous(auth)) {
 123  17 return auth;
 124    }
 125   
 126  0 return null;
 127    }
 128   
 129  9 private boolean isGranted(String role) {
 130  9 Authentication auth = getAuthentication();
 131   
 132  9 if ((auth == null) || (auth.getPrincipal() == null)
 133    || (auth.getAuthorities() == null)) {
 134  3 return false;
 135    }
 136   
 137  6 for (int i = 0; i < auth.getAuthorities().length; i++) {
 138  9 if (role.equals(auth.getAuthorities()[i].getAuthority())) {
 139  3 return true;
 140    }
 141    }
 142   
 143  3 return false;
 144    }
 145    }
 
CloverReport generated by Clover v1.3.3_01
Mon Dec 5 2005 09:05:16 EST.		   Open Source License registered to the Acegi Security System for Spring Project. This license of Clover is provided to support the development of Acegi Security System for Spring only.