Coverage Report - net.sourceforge.pebble.util.SecurityUtils
 
Classes in this File Line Coverage Branch Coverage Complexity
SecurityUtils
58%
45/77
37%
21/56
1.793
 
 1  
 /*
 2  
  * Copyright (c) 2003-2011, Simon Brown
 3  
  * All rights reserved.
 4  
  *
 5  
  * Redistribution and use in source and binary forms, with or without
 6  
  * modification, are permitted provided that the following conditions are met:
 7  
  *
 8  
  *   - Redistributions of source code must retain the above copyright
 9  
  *     notice, this list of conditions and the following disclaimer.
 10  
  *
 11  
  *   - Redistributions in binary form must reproduce the above copyright
 12  
  *     notice, this list of conditions and the following disclaimer in
 13  
  *     the documentation and/or other materials provided with the
 14  
  *     distribution.
 15  
  *
 16  
  *   - Neither the name of Pebble nor the names of its contributors may
 17  
  *     be used to endorse or promote products derived from this software
 18  
  *     without specific prior written permission.
 19  
  *
 20  
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 21  
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 24  
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 25  
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 26  
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 27  
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 28  
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 29  
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 30  
  * POSSIBILITY OF SUCH DAMAGE.
 31  
  */
 32  
 package net.sourceforge.pebble.util;
 33  
 
 34  
 import net.sourceforge.pebble.Constants;
 35  
 import net.sourceforge.pebble.PebbleContext;
 36  
 import net.sourceforge.pebble.domain.Blog;
 37  
 import net.sourceforge.pebble.security.PebbleUserDetails;
 38  
 import net.sourceforge.pebble.security.SecurityRealm;
 39  
 import net.sourceforge.pebble.security.SecurityRealmException;
 40  
 import org.apache.commons.logging.Log;
 41  
 import org.apache.commons.logging.LogFactory;
 42  
 import org.springframework.security.authentication.TestingAuthenticationToken;
 43  
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 44  
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 45  
 import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
 46  
 import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 47  
 import org.springframework.security.core.Authentication;
 48  
 import org.springframework.security.core.GrantedAuthority;
 49  
 import org.springframework.security.core.authority.GrantedAuthorityImpl;
 50  
 import org.springframework.security.core.context.SecurityContext;
 51  
 import org.springframework.security.core.context.SecurityContextHolder;
 52  
 
 53  
 import java.util.Collection;
 54  
 
 55  
 /**
 56  
  * A collection of utility methods for security.
 57  
  *
 58  
  * @author    Simon Brown
 59  
  */
 60  0
 public final class SecurityUtils {
 61  
 
 62  4
   private static final Log log = LogFactory.getLog(SecurityUtils.class);
 63  
 
 64  
   public static String getUsername() {
 65  2072
     SecurityContext ctx = SecurityContextHolder.getContext();
 66  2072
     Authentication auth = ctx.getAuthentication();
 67  2072
     return getUsername(auth);
 68  
   }
 69  
 
 70  
   public static String getUsername(Authentication auth) {
 71  2072
     if (auth != null) {
 72  492
       return auth.getName();
 73  
     } else {
 74  1580
       return null;
 75  
     }
 76  
   }
 77  
 
 78  
   public static PebbleUserDetails getUserDetails() {
 79  
     try {
 80  20
       SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
 81  20
       return realm.getUser(getUsername());
 82  0
     } catch (SecurityRealmException e) {
 83  0
       log.error("Exception encountered", e);
 84  0
       return null;
 85  
     }
 86  
   }
 87  
 
 88  
   public static boolean isUserInRole(String role) {
 89  948
     SecurityContext ctx = SecurityContextHolder.getContext();
 90  948
     Authentication auth = ctx.getAuthentication();
 91  948
     return isUserInRole(auth, role);
 92  
   }
 93  
 
 94  
   public static boolean isUserInRole(Authentication auth, String role) {
 95  948
     if (auth != null) {
 96  404
       Collection<GrantedAuthority> authorities = auth.getAuthorities();
 97  404
       if (authorities != null) {
 98  404
         for (GrantedAuthority authority : authorities) {
 99  372
           if (authority.getAuthority().equals(role)) {
 100  288
             return true;
 101  
           }
 102  
         }
 103  
       }
 104  
     }
 105  660
     return false;
 106  
   }
 107  
 
 108  
   /**
 109  
    * Determines whether this user is a Pebble admin user.
 110  
    *
 111  
    * @return  true if the user is a Pebble admin, false otherwise
 112  
    */
 113  
   public static boolean isBlogAdmin() {
 114  0
     return isUserInRole(Constants.BLOG_ADMIN_ROLE);
 115  
   }
 116  
 
 117  
   /**
 118  
    * Determines whether this user is a blog owner.
 119  
    *
 120  
    * @return  true if the user is a blog owner, false otherwise
 121  
    */
 122  
   public static boolean isBlogOwner() {
 123  220
     return isUserInRole(Constants.BLOG_OWNER_ROLE);
 124  
   }
 125  
 
 126  
   /**
 127  
    * Determines whether this user is a blog publisher.
 128  
    *
 129  
    * @return  true if the user is a blog publisher, false otherwise
 130  
    */
 131  
   public static boolean isBlogPublisher() {
 132  240
     return isUserInRole(Constants.BLOG_PUBLISHER_ROLE);
 133  
   }
 134  
 
 135  
   /**
 136  
    * Determines whether this user is a blog contributor.
 137  
    *
 138  
    * @return  true if the user is a blog contributor, false otherwise
 139  
    */
 140  
   public static boolean isBlogContributor() {
 141  488
     return isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE);
 142  
   }
 143  
 
 144  
   /**
 145  
    * Determines whether this user is a Pebble admin user.
 146  
    *
 147  
    * @return  true if the user is a Pebble admin, false otherwise
 148  
    */
 149  
   public static boolean isBlogAdmin(Authentication auth) {
 150  0
     return isUserInRole(auth, Constants.BLOG_ADMIN_ROLE);
 151  
   }
 152  
 
 153  
   /**
 154  
    * Determines whether this user is a blog owner.
 155  
    *
 156  
    * @return  true if the user is a blog owner, false otherwise
 157  
    */
 158  
   public static boolean isBlogOwner(Authentication auth) {
 159  0
     return isUserInRole(auth, Constants.BLOG_OWNER_ROLE);
 160  
   }
 161  
 
 162  
   /**
 163  
    * Determines whether this user is a blog publisher.
 164  
    *
 165  
    * @return  true if the user is a blog publisher, false otherwise
 166  
    */
 167  
   public static boolean isBlogPublisher(Authentication auth) {
 168  0
     return isUserInRole(auth, Constants.BLOG_PUBLISHER_ROLE);
 169  
   }
 170  
 
 171  
   /**
 172  
    * Determines whether this user is a blog contributor.
 173  
    *
 174  
    * @return  true if the user is a blog contributor, false otherwise
 175  
    */
 176  
   public static boolean isBlogContributor(Authentication auth) {
 177  0
     return isUserInRole(auth, Constants.BLOG_CONTRIBUTOR_ROLE);
 178  
   }
 179  
 
 180  
   public static void runAsBlogOwner() {
 181  4
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_OWNER_ROLE)});
 182  4
     SecurityContextHolder.getContext().setAuthentication(auth);
 183  4
   }
 184  
 
 185  
   public static void runAsBlogPublisher() {
 186  4
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_PUBLISHER_ROLE)});
 187  4
     SecurityContextHolder.getContext().setAuthentication(auth);
 188  4
   }
 189  
 
 190  
   public static void runAsBlogContributor() {
 191  60
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_CONTRIBUTOR_ROLE)});
 192  60
     SecurityContextHolder.getContext().setAuthentication(auth);
 193  60
   }
 194  
 
 195  
   public static void runAsAnonymous() {
 196  16
     Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {});
 197  16
     SecurityContextHolder.getContext().setAuthentication(auth);
 198  16
   }
 199  
 
 200  
   public static void runAsUnauthenticated() {
 201  4
     SecurityContextHolder.getContext().setAuthentication(null);
 202  4
   }
 203  
 
 204  
   public static boolean isUserAuthorisedForBlogAsBlogOwner(Blog blog) {
 205  212
     String currentUser = SecurityUtils.getUsername();
 206  212
     return isBlogOwner() && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
 207  
   }
 208  
 
 209  
   public static boolean isUserAuthorisedForBlogAsBlogPublisher(Blog blog) {
 210  212
     String currentUser = SecurityUtils.getUsername();
 211  212
     return isBlogPublisher() && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
 212  
   }
 213  
 
 214  
   public static boolean isUserAuthorisedForBlogAsBlogContributor(Blog blog) {
 215  488
     String currentUser = SecurityUtils.getUsername();
 216  488
     return isBlogContributor() && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
 217  
   }
 218  
 
 219  
   public static boolean isUserAuthorisedForBlogAsBlogOwner(Authentication auth, Blog blog) {
 220  0
     String currentUser = SecurityUtils.getUsername(auth);
 221  0
     return isBlogOwner(auth) && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
 222  
   }
 223  
 
 224  
   public static boolean isUserAuthorisedForBlogAsBlogPublisher(Authentication auth, Blog blog) {
 225  0
     String currentUser = SecurityUtils.getUsername(auth);
 226  0
     return isBlogPublisher(auth) && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
 227  
   }
 228  
 
 229  
   public static boolean isUserAuthorisedForBlogAsBlogContributor(Authentication auth, Blog blog) {
 230  0
     String currentUser = SecurityUtils.getUsername(auth);
 231  0
     return isBlogContributor(auth) && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
 232  
   }
 233  
 
 234  
   public static boolean isUserAuthorisedForBlogAsBlogReader(Authentication auth, Blog blog) {
 235  0
     String currentUser = SecurityUtils.getUsername(auth);
 236  0
     return blog.isUserInRole(Constants.BLOG_READER_ROLE, currentUser);
 237  
   }
 238  
 
 239  
   public static boolean isUserAuthorisedForBlog(Blog blog) {
 240  212
     return isUserAuthorisedForBlogAsBlogOwner(blog) ||
 241  
         isUserAuthorisedForBlogAsBlogPublisher(blog) ||
 242  
         isUserAuthorisedForBlogAsBlogContributor(blog);
 243  
   }
 244  
 
 245  
   public static boolean isUserAuthorisedForBlog(Authentication auth, Blog blog) {
 246  0
     return isUserAuthorisedForBlogAsBlogOwner(auth, blog) ||
 247  
         isUserAuthorisedForBlogAsBlogPublisher(auth, blog) ||
 248  
         isUserAuthorisedForBlogAsBlogContributor(auth, blog);
 249  
   }
 250  
 
 251  
   public static boolean isUserAuthenticated() {
 252  24
     SecurityContext ctx = SecurityContextHolder.getContext();
 253  24
     return ctx.getAuthentication() != null;
 254  
   }
 255  
 
 256  
   public static void main(String[] args) {
 257  0
     if (args.length != 3) {
 258  0
       System.out.println("Usage : [md5|sha|plaintext] username password");
 259  0
     } else if (args[0].equals("md5")) {
 260  0
       PasswordEncoder encoder = new Md5PasswordEncoder();
 261  0
       System.out.println(encoder.encodePassword(args[2], args[1]));
 262  0
     } else if (args[0].equals("sha")) {
 263  0
       PasswordEncoder encoder = new ShaPasswordEncoder();
 264  0
       System.out.println(encoder.encodePassword(args[2], args[1]));
 265  0
     } else if (args[0].equals("plaintext")) {
 266  0
       PasswordEncoder encoder = new PlaintextPasswordEncoder();
 267  0
       System.out.println(encoder.encodePassword(args[2], args[1]));
 268  0
     } else {
 269  0
       System.out.println("Algorithm must be md5, sha or plaintext");
 270  
     }
 271  0
   }
 272  
 
 273  
 }