Coverage Report

Coverage Report - net.sourceforge.pebble.security.PrivateBlogSecurityInterceptor

Classes in this File

Line Coverage

Branch Coverage

Complexity

PrivateBlogSecurityInterceptor

0/21

0/8

1.5

 /*
  * Copyright (c) 2003-2011, Simon Brown
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   - Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *
  *   - Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in
  *     the documentation and/or other materials provided with the
  *     distribution.
  *
  *   - Neither the name of Pebble nor the names of its contributors may
  *     be used to endorse or promote products derived from this software
  *     without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 package net.sourceforge.pebble.security;
 
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.access.intercept.InterceptorStatusToken;
 import org.springframework.security.web.FilterInvocation;
 
 import javax.servlet.*;
 import java.io.IOException;
 
 /**
  * Specialised FilterSecurityInterceptor that returns its own type of
  * ObjectDefinitionSource. This is acopy-paste job from Acegi's
  * FilterSecurityInterceptor. :-(
  *
  * @author Simon Brown
  */
 public class PrivateBlogSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
 
   private static final String FILTER_APPLIED = "__spring_security_privateBlogSecurityInterceptor_filterApplied";
 
   //~ Instance fields ================================================================================================
 
   private boolean observeOncePerRequest = true;
 
   //~ Methods ========================================================================================================
 
   /**
    * Not used (we rely on IoC container lifecycle services instead)
    */
   public void destroy() {}
 
   /**
    * Method that is actually called by the filter chain. Simply delegates to the {@link
    * #invoke(FilterInvocation)} method.
    *
    * @param request the servlet request
    * @param response the servlet response
    * @param chain the filter chain
    *
    * @throws IOException if the filter chain fails
    * @throws ServletException if the filter chain fails
    */
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
       throws IOException, ServletException {
       FilterInvocation fi = new FilterInvocation(request, response, chain);
       invoke(fi);
   }
 
   public Class getSecureObjectClass() {
       return FilterInvocation.class;
   }
 
   /**
    * Not used (we rely on IoC container lifecycle services instead)
    *
    * @param arg0 ignored
    *
    * @throws ServletException never thrown
    */
   public void init(FilterConfig arg0) throws ServletException {}
 
   public void invoke(FilterInvocation fi) throws IOException, ServletException {
       if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
           && observeOncePerRequest) {
           // filter already applied to this request and user wants us to observce
           // once-per-request handling, so don't re-do security checking
           fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
       } else {
           // first time this request being called, so perform security checking
           if (fi.getRequest() != null) {
               fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
           }
 
           InterceptorStatusToken token = super.beforeInvocation(fi);
 
           try {
               fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
           } finally {
               super.afterInvocation(token, null);
           }
       }
   }
 
   /**
    * Indicates whether once-per-request handling will be observed. By default this is <code>true</code>,
    * meaning the <code>FilterSecurityInterceptor</code> will only execute once-per-request. Sometimes users may wish
    * it to execute more than once per request, such as when JSP forwards are being used and filter security is
    * desired on each included fragment of the HTTP request.
    *
    * @return <code>true</code> (the default) if once-per-request is honoured, otherwise <code>false</code> if
    *         <code>FilterSecurityInterceptor</code> will enforce authorizations for each and every fragment of the
    *         HTTP request.
    */
   public boolean isObserveOncePerRequest() {
       return observeOncePerRequest;
   }
 
   public void setObserveOncePerRequest(boolean observeOncePerRequest) {
       this.observeOncePerRequest = observeOncePerRequest;
   }
 
   @Override
   public SecurityMetadataSource obtainSecurityMetadataSource() {
     return new PrivateBlogSecurityMetadataSource();
   }
 }

1		/*
2		* Copyright (c) 2003-2011, Simon Brown
3		* All rights reserved.
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions are met:
7		*
8		* - Redistributions of source code must retain the above copyright
9		* notice, this list of conditions and the following disclaimer.
10		*
11		* - Redistributions in binary form must reproduce the above copyright
12		* notice, this list of conditions and the following disclaimer in
13		* the documentation and/or other materials provided with the
14		* distribution.
15		*
16		* - Neither the name of Pebble nor the names of its contributors may
17		* be used to endorse or promote products derived from this software
18		* without specific prior written permission.
19		*
20		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21		* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23		* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24		* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25		* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26		* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27		* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28		* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30		* POSSIBILITY OF SUCH DAMAGE.
31		*/
32		package net.sourceforge.pebble.security;
33
34		import org.springframework.security.access.SecurityMetadataSource;
35		import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
36		import org.springframework.security.access.intercept.InterceptorStatusToken;
37		import org.springframework.security.web.FilterInvocation;
38
39		import javax.servlet.*;
40		import java.io.IOException;
41
42		/**
43		* Specialised FilterSecurityInterceptor that returns its own type of
44		* ObjectDefinitionSource. This is acopy-paste job from Acegi's
45		* FilterSecurityInterceptor. :-(
46		*
47		* @author Simon Brown
48		*/
49	0	public class PrivateBlogSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
50
51		private static final String FILTER_APPLIED = "__spring_security_privateBlogSecurityInterceptor_filterApplied";
52
53		//~ Instance fields ================================================================================================
54
55	0	private boolean observeOncePerRequest = true;
56
57		//~ Methods ========================================================================================================
58
59		/**
60		* Not used (we rely on IoC container lifecycle services instead)
61		*/
62	0	public void destroy() {}
63
64		/**
65		* Method that is actually called by the filter chain. Simply delegates to the {@link
66		* #invoke(FilterInvocation)} method.
67		*
68		* @param request the servlet request
69		* @param response the servlet response
70		* @param chain the filter chain
71		*
72		* @throws IOException if the filter chain fails
73		* @throws ServletException if the filter chain fails
74		*/
75		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
76		throws IOException, ServletException {
77	0	FilterInvocation fi = new FilterInvocation(request, response, chain);
78	0	invoke(fi);
79	0	}
80
81		public Class getSecureObjectClass() {
82	0	return FilterInvocation.class;
83		}
84
85		/**
86		* Not used (we rely on IoC container lifecycle services instead)
87		*
88		* @param arg0 ignored
89		*
90		* @throws ServletException never thrown
91		*/
92	0	public void init(FilterConfig arg0) throws ServletException {}
93
94		public void invoke(FilterInvocation fi) throws IOException, ServletException {
95	0	if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
96		&& observeOncePerRequest) {
97		// filter already applied to this request and user wants us to observce
98		// once-per-request handling, so don't re-do security checking
99	0	fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
100		} else {
101		// first time this request being called, so perform security checking
102	0	if (fi.getRequest() != null) {
103	0	fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
104		}
105
106	0	InterceptorStatusToken token = super.beforeInvocation(fi);
107
108		try {
109	0	fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
110		} finally {
111	0	super.afterInvocation(token, null);
112	0	}
113		}
114	0	}
115
116		/**
117		* Indicates whether once-per-request handling will be observed. By default this is <code>true</code>,
118		* meaning the <code>FilterSecurityInterceptor</code> will only execute once-per-request. Sometimes users may wish
119		* it to execute more than once per request, such as when JSP forwards are being used and filter security is
120		* desired on each included fragment of the HTTP request.
121		*
122		* @return <code>true</code> (the default) if once-per-request is honoured, otherwise <code>false</code> if
123		* <code>FilterSecurityInterceptor</code> will enforce authorizations for each and every fragment of the
124		* HTTP request.
125		*/
126		public boolean isObserveOncePerRequest() {
127	0	return observeOncePerRequest;
128		}
129
130		public void setObserveOncePerRequest(boolean observeOncePerRequest) {
131	0	this.observeOncePerRequest = observeOncePerRequest;
132	0	}
133
134		@Override
135		public SecurityMetadataSource obtainSecurityMetadataSource() {
136	0	return new PrivateBlogSecurityMetadataSource();
137		}
138		}