Coverage Report - net.sourceforge.pebble.security.PrivateBlogSecurityInterceptor
 
Classes in this File Line Coverage Branch Coverage Complexity
PrivateBlogSecurityInterceptor
0%
0/21
0%
0/8
1.5
 
 1  
 /*
 2  
  * Copyright (c) 2003-2011, Simon Brown
 3  
  * All rights reserved.
 4  
  *
 5  
  * Redistribution and use in source and binary forms, with or without
 6  
  * modification, are permitted provided that the following conditions are met:
 7  
  *
 8  
  *   - Redistributions of source code must retain the above copyright
 9  
  *     notice, this list of conditions and the following disclaimer.
 10  
  *
 11  
  *   - Redistributions in binary form must reproduce the above copyright
 12  
  *     notice, this list of conditions and the following disclaimer in
 13  
  *     the documentation and/or other materials provided with the
 14  
  *     distribution.
 15  
  *
 16  
  *   - Neither the name of Pebble nor the names of its contributors may
 17  
  *     be used to endorse or promote products derived from this software
 18  
  *     without specific prior written permission.
 19  
  *
 20  
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 21  
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 24  
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 25  
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 26  
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 27  
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 28  
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 29  
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 30  
  * POSSIBILITY OF SUCH DAMAGE.
 31  
  */
 32  
 package net.sourceforge.pebble.security;
 33  
 
 34  
 import org.springframework.security.access.SecurityMetadataSource;
 35  
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 36  
 import org.springframework.security.access.intercept.InterceptorStatusToken;
 37  
 import org.springframework.security.web.FilterInvocation;
 38  
 
 39  
 import javax.servlet.*;
 40  
 import java.io.IOException;
 41  
 
 42  
 /**
 43  
  * Specialised FilterSecurityInterceptor that returns its own type of
 44  
  * ObjectDefinitionSource. This is acopy-paste job from Acegi's
 45  
  * FilterSecurityInterceptor. :-(
 46  
  *
 47  
  * @author Simon Brown
 48  
  */
 49  0
 public class PrivateBlogSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
 50  
 
 51  
   private static final String FILTER_APPLIED = "__spring_security_privateBlogSecurityInterceptor_filterApplied";
 52  
 
 53  
   //~ Instance fields ================================================================================================
 54  
 
 55  0
   private boolean observeOncePerRequest = true;
 56  
 
 57  
   //~ Methods ========================================================================================================
 58  
 
 59  
   /**
 60  
    * Not used (we rely on IoC container lifecycle services instead)
 61  
    */
 62  0
   public void destroy() {}
 63  
 
 64  
   /**
 65  
    * Method that is actually called by the filter chain. Simply delegates to the {@link
 66  
    * #invoke(FilterInvocation)} method.
 67  
    *
 68  
    * @param request the servlet request
 69  
    * @param response the servlet response
 70  
    * @param chain the filter chain
 71  
    *
 72  
    * @throws IOException if the filter chain fails
 73  
    * @throws ServletException if the filter chain fails
 74  
    */
 75  
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 76  
       throws IOException, ServletException {
 77  0
       FilterInvocation fi = new FilterInvocation(request, response, chain);
 78  0
       invoke(fi);
 79  0
   }
 80  
 
 81  
   public Class getSecureObjectClass() {
 82  0
       return FilterInvocation.class;
 83  
   }
 84  
 
 85  
   /**
 86  
    * Not used (we rely on IoC container lifecycle services instead)
 87  
    *
 88  
    * @param arg0 ignored
 89  
    *
 90  
    * @throws ServletException never thrown
 91  
    */
 92  0
   public void init(FilterConfig arg0) throws ServletException {}
 93  
 
 94  
   public void invoke(FilterInvocation fi) throws IOException, ServletException {
 95  0
       if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
 96  
           && observeOncePerRequest) {
 97  
           // filter already applied to this request and user wants us to observce
 98  
           // once-per-request handling, so don't re-do security checking
 99  0
           fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
 100  
       } else {
 101  
           // first time this request being called, so perform security checking
 102  0
           if (fi.getRequest() != null) {
 103  0
               fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
 104  
           }
 105  
 
 106  0
           InterceptorStatusToken token = super.beforeInvocation(fi);
 107  
 
 108  
           try {
 109  0
               fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
 110  
           } finally {
 111  0
               super.afterInvocation(token, null);
 112  0
           }
 113  
       }
 114  0
   }
 115  
 
 116  
   /**
 117  
    * Indicates whether once-per-request handling will be observed. By default this is <code>true</code>,
 118  
    * meaning the <code>FilterSecurityInterceptor</code> will only execute once-per-request. Sometimes users may wish
 119  
    * it to execute more than once per request, such as when JSP forwards are being used and filter security is
 120  
    * desired on each included fragment of the HTTP request.
 121  
    *
 122  
    * @return <code>true</code> (the default) if once-per-request is honoured, otherwise <code>false</code> if
 123  
    *         <code>FilterSecurityInterceptor</code> will enforce authorizations for each and every fragment of the
 124  
    *         HTTP request.
 125  
    */
 126  
   public boolean isObserveOncePerRequest() {
 127  0
       return observeOncePerRequest;
 128  
   }
 129  
 
 130  
   public void setObserveOncePerRequest(boolean observeOncePerRequest) {
 131  0
       this.observeOncePerRequest = observeOncePerRequest;
 132  0
   }
 133  
 
 134  
   @Override
 135  
   public SecurityMetadataSource obtainSecurityMetadataSource() {
 136  0
     return new PrivateBlogSecurityMetadataSource();
 137  
   }
 138  
 }