Coverage Report

Coverage Report - net.sourceforge.pebble.util.SecurityUtils

Classes in this File

Line Coverage

Branch Coverage

Complexity

SecurityUtils

58%

45/77

37%

21/56

1.793

 /*
  * Copyright (c) 2003-2011, Simon Brown
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   - Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *
  *   - Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in
  *     the documentation and/or other materials provided with the
  *     distribution.
  *
  *   - Neither the name of Pebble nor the names of its contributors may
  *     be used to endorse or promote products derived from this software
  *     without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 package net.sourceforge.pebble.util;
 
 import net.sourceforge.pebble.Constants;
 import net.sourceforge.pebble.PebbleContext;
 import net.sourceforge.pebble.domain.Blog;
 import net.sourceforge.pebble.security.PebbleUserDetails;
 import net.sourceforge.pebble.security.SecurityRealm;
 import net.sourceforge.pebble.security.SecurityRealmException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
 import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.GrantedAuthorityImpl;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.util.Collection;
 
 /**
  * A collection of utility methods for security.
  *
  * @author    Simon Brown
  */
 public final class SecurityUtils {
 
   private static final Log log = LogFactory.getLog(SecurityUtils.class);
 
   public static String getUsername() {
     SecurityContext ctx = SecurityContextHolder.getContext();
     Authentication auth = ctx.getAuthentication();
     return getUsername(auth);
   }
 
   public static String getUsername(Authentication auth) {
     if (auth != null) {
       return auth.getName();
     } else {
       return null;
     }
   }
 
   public static PebbleUserDetails getUserDetails() {
     try {
       SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
       return realm.getUser(getUsername());
     } catch (SecurityRealmException e) {
       log.error("Exception encountered", e);
       return null;
     }
   }
 
   public static boolean isUserInRole(String role) {
     SecurityContext ctx = SecurityContextHolder.getContext();
     Authentication auth = ctx.getAuthentication();
     return isUserInRole(auth, role);
   }
 
   public static boolean isUserInRole(Authentication auth, String role) {
     if (auth != null) {
       Collection<GrantedAuthority> authorities = auth.getAuthorities();
       if (authorities != null) {
         for (GrantedAuthority authority : authorities) {
           if (authority.getAuthority().equals(role)) {
             return true;
           }
         }
       }
     }
     return false;
   }
 
   /**
    * Determines whether this user is a Pebble admin user.
    *
    * @return  true if the user is a Pebble admin, false otherwise
    */
   public static boolean isBlogAdmin() {
     return isUserInRole(Constants.BLOG_ADMIN_ROLE);
   }
 
   /**
    * Determines whether this user is a blog owner.
    *
    * @return  true if the user is a blog owner, false otherwise
    */
   public static boolean isBlogOwner() {
     return isUserInRole(Constants.BLOG_OWNER_ROLE);
   }
 
   /**
    * Determines whether this user is a blog publisher.
    *
    * @return  true if the user is a blog publisher, false otherwise
    */
   public static boolean isBlogPublisher() {
     return isUserInRole(Constants.BLOG_PUBLISHER_ROLE);
   }
 
   /**
    * Determines whether this user is a blog contributor.
    *
    * @return  true if the user is a blog contributor, false otherwise
    */
   public static boolean isBlogContributor() {
     return isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE);
   }
 
   /**
    * Determines whether this user is a Pebble admin user.
    *
    * @return  true if the user is a Pebble admin, false otherwise
    */
   public static boolean isBlogAdmin(Authentication auth) {
     return isUserInRole(auth, Constants.BLOG_ADMIN_ROLE);
   }
 
   /**
    * Determines whether this user is a blog owner.
    *
    * @return  true if the user is a blog owner, false otherwise
    */
   public static boolean isBlogOwner(Authentication auth) {
     return isUserInRole(auth, Constants.BLOG_OWNER_ROLE);
   }
 
   /**
    * Determines whether this user is a blog publisher.
    *
    * @return  true if the user is a blog publisher, false otherwise
    */
   public static boolean isBlogPublisher(Authentication auth) {
     return isUserInRole(auth, Constants.BLOG_PUBLISHER_ROLE);
   }
 
   /**
    * Determines whether this user is a blog contributor.
    *
    * @return  true if the user is a blog contributor, false otherwise
    */
   public static boolean isBlogContributor(Authentication auth) {
     return isUserInRole(auth, Constants.BLOG_CONTRIBUTOR_ROLE);
   }
 
   public static void runAsBlogOwner() {
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_OWNER_ROLE)});
     SecurityContextHolder.getContext().setAuthentication(auth);
   }
 
   public static void runAsBlogPublisher() {
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_PUBLISHER_ROLE)});
     SecurityContextHolder.getContext().setAuthentication(auth);
   }
 
   public static void runAsBlogContributor() {
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_CONTRIBUTOR_ROLE)});
     SecurityContextHolder.getContext().setAuthentication(auth);
   }
 
   public static void runAsAnonymous() {
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {});
     SecurityContextHolder.getContext().setAuthentication(auth);
   }
 
   public static void runAsUnauthenticated() {
     SecurityContextHolder.getContext().setAuthentication(null);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogOwner(Blog blog) {
     String currentUser = SecurityUtils.getUsername();
     return isBlogOwner() && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogPublisher(Blog blog) {
     String currentUser = SecurityUtils.getUsername();
     return isBlogPublisher() && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogContributor(Blog blog) {
     String currentUser = SecurityUtils.getUsername();
     return isBlogContributor() && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogOwner(Authentication auth, Blog blog) {
     String currentUser = SecurityUtils.getUsername(auth);
     return isBlogOwner(auth) && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogPublisher(Authentication auth, Blog blog) {
     String currentUser = SecurityUtils.getUsername(auth);
     return isBlogPublisher(auth) && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogContributor(Authentication auth, Blog blog) {
     String currentUser = SecurityUtils.getUsername(auth);
     return isBlogContributor(auth) && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlogAsBlogReader(Authentication auth, Blog blog) {
     String currentUser = SecurityUtils.getUsername(auth);
     return blog.isUserInRole(Constants.BLOG_READER_ROLE, currentUser);
   }
 
   public static boolean isUserAuthorisedForBlog(Blog blog) {
     return isUserAuthorisedForBlogAsBlogOwner(blog) ||
         isUserAuthorisedForBlogAsBlogPublisher(blog) ||
         isUserAuthorisedForBlogAsBlogContributor(blog);
   }
 
   public static boolean isUserAuthorisedForBlog(Authentication auth, Blog blog) {
     return isUserAuthorisedForBlogAsBlogOwner(auth, blog) ||
         isUserAuthorisedForBlogAsBlogPublisher(auth, blog) ||
         isUserAuthorisedForBlogAsBlogContributor(auth, blog);
   }
 
   public static boolean isUserAuthenticated() {
     SecurityContext ctx = SecurityContextHolder.getContext();
     return ctx.getAuthentication() != null;
   }
 
   public static void main(String[] args) {
     if (args.length != 3) {
       System.out.println("Usage : [md5|sha|plaintext] username password");
     } else if (args[0].equals("md5")) {
       PasswordEncoder encoder = new Md5PasswordEncoder();
       System.out.println(encoder.encodePassword(args[2], args[1]));
     } else if (args[0].equals("sha")) {
       PasswordEncoder encoder = new ShaPasswordEncoder();
       System.out.println(encoder.encodePassword(args[2], args[1]));
     } else if (args[0].equals("plaintext")) {
       PasswordEncoder encoder = new PlaintextPasswordEncoder();
       System.out.println(encoder.encodePassword(args[2], args[1]));
     } else {
       System.out.println("Algorithm must be md5, sha or plaintext");
     }
   }
 
 }

1		/*
2		* Copyright (c) 2003-2011, Simon Brown
3		* All rights reserved.
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions are met:
7		*
8		* - Redistributions of source code must retain the above copyright
9		* notice, this list of conditions and the following disclaimer.
10		*
11		* - Redistributions in binary form must reproduce the above copyright
12		* notice, this list of conditions and the following disclaimer in
13		* the documentation and/or other materials provided with the
14		* distribution.
15		*
16		* - Neither the name of Pebble nor the names of its contributors may
17		* be used to endorse or promote products derived from this software
18		* without specific prior written permission.
19		*
20		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21		* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23		* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24		* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25		* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26		* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27		* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28		* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30		* POSSIBILITY OF SUCH DAMAGE.
31		*/
32		package net.sourceforge.pebble.util;
33
34		import net.sourceforge.pebble.Constants;
35		import net.sourceforge.pebble.PebbleContext;
36		import net.sourceforge.pebble.domain.Blog;
37		import net.sourceforge.pebble.security.PebbleUserDetails;
38		import net.sourceforge.pebble.security.SecurityRealm;
39		import net.sourceforge.pebble.security.SecurityRealmException;
40		import org.apache.commons.logging.Log;
41		import org.apache.commons.logging.LogFactory;
42		import org.springframework.security.authentication.TestingAuthenticationToken;
43		import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
44		import org.springframework.security.authentication.encoding.PasswordEncoder;
45		import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
46		import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
47		import org.springframework.security.core.Authentication;
48		import org.springframework.security.core.GrantedAuthority;
49		import org.springframework.security.core.authority.GrantedAuthorityImpl;
50		import org.springframework.security.core.context.SecurityContext;
51		import org.springframework.security.core.context.SecurityContextHolder;
52
53		import java.util.Collection;
54
55		/**
56		* A collection of utility methods for security.
57		*
58		* @author Simon Brown
59		*/
60	0	public final class SecurityUtils {
61
62	4	private static final Log log = LogFactory.getLog(SecurityUtils.class);
63
64		public static String getUsername() {
65	2072	SecurityContext ctx = SecurityContextHolder.getContext();
66	2072	Authentication auth = ctx.getAuthentication();
67	2072	return getUsername(auth);
68		}
69
70		public static String getUsername(Authentication auth) {
71	2072	if (auth != null) {
72	492	return auth.getName();
73		} else {
74	1580	return null;
75		}
76		}
77
78		public static PebbleUserDetails getUserDetails() {
79		try {
80	20	SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
81	20	return realm.getUser(getUsername());
82	0	} catch (SecurityRealmException e) {
83	0	log.error("Exception encountered", e);
84	0	return null;
85		}
86		}
87
88		public static boolean isUserInRole(String role) {
89	948	SecurityContext ctx = SecurityContextHolder.getContext();
90	948	Authentication auth = ctx.getAuthentication();
91	948	return isUserInRole(auth, role);
92		}
93
94		public static boolean isUserInRole(Authentication auth, String role) {
95	948	if (auth != null) {
96	404	Collection<GrantedAuthority> authorities = auth.getAuthorities();
97	404	if (authorities != null) {
98	404	for (GrantedAuthority authority : authorities) {
99	372	if (authority.getAuthority().equals(role)) {
100	288	return true;
101		}
102		}
103		}
104		}
105	660	return false;
106		}
107
108		/**
109		* Determines whether this user is a Pebble admin user.
110		*
111		* @return true if the user is a Pebble admin, false otherwise
112		*/
113		public static boolean isBlogAdmin() {
114	0	return isUserInRole(Constants.BLOG_ADMIN_ROLE);
115		}
116
117		/**
118		* Determines whether this user is a blog owner.
119		*
120		* @return true if the user is a blog owner, false otherwise
121		*/
122		public static boolean isBlogOwner() {
123	220	return isUserInRole(Constants.BLOG_OWNER_ROLE);
124		}
125
126		/**
127		* Determines whether this user is a blog publisher.
128		*
129		* @return true if the user is a blog publisher, false otherwise
130		*/
131		public static boolean isBlogPublisher() {
132	240	return isUserInRole(Constants.BLOG_PUBLISHER_ROLE);
133		}
134
135		/**
136		* Determines whether this user is a blog contributor.
137		*
138		* @return true if the user is a blog contributor, false otherwise
139		*/
140		public static boolean isBlogContributor() {
141	488	return isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE);
142		}
143
144		/**
145		* Determines whether this user is a Pebble admin user.
146		*
147		* @return true if the user is a Pebble admin, false otherwise
148		*/
149		public static boolean isBlogAdmin(Authentication auth) {
150	0	return isUserInRole(auth, Constants.BLOG_ADMIN_ROLE);
151		}
152
153		/**
154		* Determines whether this user is a blog owner.
155		*
156		* @return true if the user is a blog owner, false otherwise
157		*/
158		public static boolean isBlogOwner(Authentication auth) {
159	0	return isUserInRole(auth, Constants.BLOG_OWNER_ROLE);
160		}
161
162		/**
163		* Determines whether this user is a blog publisher.
164		*
165		* @return true if the user is a blog publisher, false otherwise
166		*/
167		public static boolean isBlogPublisher(Authentication auth) {
168	0	return isUserInRole(auth, Constants.BLOG_PUBLISHER_ROLE);
169		}
170
171		/**
172		* Determines whether this user is a blog contributor.
173		*
174		* @return true if the user is a blog contributor, false otherwise
175		*/
176		public static boolean isBlogContributor(Authentication auth) {
177	0	return isUserInRole(auth, Constants.BLOG_CONTRIBUTOR_ROLE);
178		}
179
180		public static void runAsBlogOwner() {
181	4	Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_OWNER_ROLE)});
182	4	SecurityContextHolder.getContext().setAuthentication(auth);
183	4	}
184
185		public static void runAsBlogPublisher() {
186	4	Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_PUBLISHER_ROLE)});
187	4	SecurityContextHolder.getContext().setAuthentication(auth);
188	4	}
189
190		public static void runAsBlogContributor() {
191	60	Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_CONTRIBUTOR_ROLE)});
192	60	SecurityContextHolder.getContext().setAuthentication(auth);
193	60	}
194
195		public static void runAsAnonymous() {
196	16	Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {});
197	16	SecurityContextHolder.getContext().setAuthentication(auth);
198	16	}
199
200		public static void runAsUnauthenticated() {
201	4	SecurityContextHolder.getContext().setAuthentication(null);
202	4	}
203
204		public static boolean isUserAuthorisedForBlogAsBlogOwner(Blog blog) {
205	212	String currentUser = SecurityUtils.getUsername();
206	212	return isBlogOwner() && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
207		}
208
209		public static boolean isUserAuthorisedForBlogAsBlogPublisher(Blog blog) {
210	212	String currentUser = SecurityUtils.getUsername();
211	212	return isBlogPublisher() && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
212		}
213
214		public static boolean isUserAuthorisedForBlogAsBlogContributor(Blog blog) {
215	488	String currentUser = SecurityUtils.getUsername();
216	488	return isBlogContributor() && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
217		}
218
219		public static boolean isUserAuthorisedForBlogAsBlogOwner(Authentication auth, Blog blog) {
220	0	String currentUser = SecurityUtils.getUsername(auth);
221	0	return isBlogOwner(auth) && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
222		}
223
224		public static boolean isUserAuthorisedForBlogAsBlogPublisher(Authentication auth, Blog blog) {
225	0	String currentUser = SecurityUtils.getUsername(auth);
226	0	return isBlogPublisher(auth) && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
227		}
228
229		public static boolean isUserAuthorisedForBlogAsBlogContributor(Authentication auth, Blog blog) {
230	0	String currentUser = SecurityUtils.getUsername(auth);
231	0	return isBlogContributor(auth) && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
232		}
233
234		public static boolean isUserAuthorisedForBlogAsBlogReader(Authentication auth, Blog blog) {
235	0	String currentUser = SecurityUtils.getUsername(auth);
236	0	return blog.isUserInRole(Constants.BLOG_READER_ROLE, currentUser);
237		}
238
239		public static boolean isUserAuthorisedForBlog(Blog blog) {
240	212	return isUserAuthorisedForBlogAsBlogOwner(blog) \|\|
241		isUserAuthorisedForBlogAsBlogPublisher(blog) \|\|
242		isUserAuthorisedForBlogAsBlogContributor(blog);
243		}
244
245		public static boolean isUserAuthorisedForBlog(Authentication auth, Blog blog) {
246	0	return isUserAuthorisedForBlogAsBlogOwner(auth, blog) \|\|
247		isUserAuthorisedForBlogAsBlogPublisher(auth, blog) \|\|
248		isUserAuthorisedForBlogAsBlogContributor(auth, blog);
249		}
250
251		public static boolean isUserAuthenticated() {
252	24	SecurityContext ctx = SecurityContextHolder.getContext();
253	24	return ctx.getAuthentication() != null;
254		}
255
256		public static void main(String[] args) {
257	0	if (args.length != 3) {
258	0	System.out.println("Usage : [md5\|sha\|plaintext] username password");
259	0	} else if (args[0].equals("md5")) {
260	0	PasswordEncoder encoder = new Md5PasswordEncoder();
261	0	System.out.println(encoder.encodePassword(args[2], args[1]));
262	0	} else if (args[0].equals("sha")) {
263	0	PasswordEncoder encoder = new ShaPasswordEncoder();
264	0	System.out.println(encoder.encodePassword(args[2], args[1]));
265	0	} else if (args[0].equals("plaintext")) {
266	0	PasswordEncoder encoder = new PlaintextPasswordEncoder();
267	0	System.out.println(encoder.encodePassword(args[2], args[1]));
268	0	} else {
269	0	System.out.println("Algorithm must be md5, sha or plaintext");
270		}
271	0	}
272
273		}