Coverage Report - net.sourceforge.pebble.webservice.AbstractAPIHandler
 
Classes in this File Line Coverage Branch Coverage Complexity
AbstractAPIHandler
93%
31/33
87%
14/16
3.286
 
 1  
 /*
 2  
  * Copyright (c) 2003-2011, Simon Brown
 3  
  * All rights reserved.
 4  
  *
 5  
  * Redistribution and use in source and binary forms, with or without
 6  
  * modification, are permitted provided that the following conditions are met:
 7  
  *
 8  
  *   - Redistributions of source code must retain the above copyright
 9  
  *     notice, this list of conditions and the following disclaimer.
 10  
  *
 11  
  *   - Redistributions in binary form must reproduce the above copyright
 12  
  *     notice, this list of conditions and the following disclaimer in
 13  
  *     the documentation and/or other materials provided with the
 14  
  *     distribution.
 15  
  *
 16  
  *   - Neither the name of Pebble nor the names of its contributors may
 17  
  *     be used to endorse or promote products derived from this software
 18  
  *     without specific prior written permission.
 19  
  *
 20  
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 21  
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 24  
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 25  
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 26  
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 27  
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 28  
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 29  
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 30  
  * POSSIBILITY OF SUCH DAMAGE.
 31  
  */
 32  
 package net.sourceforge.pebble.webservice;
 33  
 
 34  
 import net.sourceforge.pebble.domain.BlogManager;
 35  
 import net.sourceforge.pebble.domain.Blog;
 36  
 import net.sourceforge.pebble.util.SecurityUtils;
 37  
 import org.apache.xmlrpc.XmlRpcException;
 38  
 import org.springframework.security.authentication.AuthenticationManager;
 39  
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 40  
 import org.springframework.security.core.Authentication;
 41  
 import org.springframework.security.core.AuthenticationException;
 42  
 import org.springframework.security.core.context.SecurityContextHolder;
 43  
 
 44  
 /**
 45  
  * A handler for the XML-RPC blogging APIs.
 46  
  *
 47  
  * @author    Simon Brown
 48  
  */
 49  268
 public abstract class AbstractAPIHandler {
 50  
 
 51  
   /** character used to separate blog and post IDs in multi-user mode */
 52  
   static final char BLOG_ID_SEPARATOR = '/';
 53  
 
 54  
   private AuthenticationManager authenticationManager;
 55  
 
 56  
   public AuthenticationManager getAuthenticationManager() {
 57  4
     return authenticationManager;
 58  
   }
 59  
 
 60  
   public void setAuthenticationManager(AuthenticationManager authenticationManager) {
 61  280
     this.authenticationManager = authenticationManager;
 62  280
   }
 63  
 
 64  
   /**
 65  
    * A helper method to authenticate a username/password pair against the
 66  
    * properties for the specified Blog instance.
 67  
    *
 68  
    * @param blog      the Blog instance to test against
 69  
    * @param username  the username used for logging in via XML-RPC
 70  
    * @param password  the password used for logging in via XML-RPC
 71  
    */
 72  
   protected void authenticate(Blog blog, String username, String password) throws XmlRpcAuthenticationException {
 73  
     try {
 74  300
       Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
 75  240
       SecurityContextHolder.getContext().setAuthentication(auth);
 76  
 
 77  240
       if (blog != null && !SecurityUtils.isUserAuthorisedForBlogAsBlogContributor(blog)) {
 78  4
         throw new XmlRpcAuthenticationException("Not authorised for this blog.");
 79  
       }
 80  60
     } catch (AuthenticationException ae) {
 81  60
       throw new XmlRpcAuthenticationException("Username and password did not pass authentication.");
 82  236
     }
 83  236
   }
 84  
 
 85  
   /**
 86  
    * Gets the blog from a given String.
 87  
    * <br /><br />
 88  
    * In single-user mode, blog IDs are irrelevant since there is only one blog.
 89  
    * In multi-user mode, the post ID is composed of "blog ID/post ID"
 90  
    * (this is Pebble's way of uniquely identifying a blog entry across all
 91  
    * users' blogs).
 92  
    *
 93  
    * @param s   the String containing the post ID
 94  
    * @return  the post ID (blog entry ID)
 95  
    */
 96  
   protected Blog getBlogWithPostId(String s) throws XmlRpcException {
 97  204
     if (s == null) {
 98  36
       throw new XmlRpcException(0, "Blog with ID of " + null + " not found.");
 99  
     }
 100  
 
 101  168
     String blogId = null;
 102  
     Blog blog;
 103  
 
 104  168
     int index = s.lastIndexOf(BLOG_ID_SEPARATOR);
 105  168
     if (index > -1) {
 106  148
       blogId = s.substring(0, index);
 107  
     }
 108  
 
 109  168
     blog = BlogManager.getInstance().getBlog(blogId);
 110  168
     if (blog == null) {
 111  20
       throw new XmlRpcException(0, "Blog with ID of " + blogId + " not found.");
 112  
     } else {
 113  148
       return blog;
 114  
     }
 115  
   }
 116  
 
 117  
   /**
 118  
    * Gets the blog from a given String.
 119  
    * <br /><br />
 120  
    * In single-user mode, blog IDs are irrelevant since there is only one blog.
 121  
    * In multi-user mode, the post ID is composed of "blog ID/post ID"
 122  
    * (this is Pebble's way of uniquely identifying a blog entry across all
 123  
    * users' blogs).
 124  
    *
 125  
    * @param blogId   the String containing the post ID
 126  
    * @return  the blog ID
 127  
    */
 128  
   protected Blog getBlogWithBlogId(String blogId) throws XmlRpcException {
 129  148
     Blog blog = BlogManager.getInstance().getBlog(blogId);
 130  148
     if (blog == null) {
 131  24
       throw new XmlRpcException(0, "Blog with ID of " + blogId + " not found.");
 132  
     } else {
 133  124
       return blog;
 134  
     }
 135  
   }
 136  
 
 137  
   /**
 138  
    * Gets the post ID (blog entry ID) from a given String.
 139  
    * <br /><br />
 140  
    * In single-user mode, post IDs
 141  
    * are specified as just the blog ID. In multi-user mode, the post ID
 142  
    * is composed of "blog ID/post ID" (this is Pebble's way of uniquely
 143  
    * identifying a blog entry across all users' blogs).
 144  
    *
 145  
    * @param s   the String containing the post ID
 146  
    * @return  the post ID (blog entry ID)
 147  
    */
 148  
   protected String getPostId(String s) {
 149  148
     if (s == null) {
 150  0
       return null;
 151  
     }
 152  
 
 153  148
     int index = s.lastIndexOf(BLOG_ID_SEPARATOR);
 154  148
     if (index > -1) {
 155  148
       return s.substring(index+1);
 156  
     } else {
 157  0
       return null;
 158  
     }
 159  
   }
 160  
 
 161  
   /**
 162  
    * Formats a post ID for the blogger client.
 163  
    *
 164  
    * @param blogid    the blog ID
 165  
    * @param postid    the post ID
 166  
    * @return  if running in multi-user mode, returns "blogid/postid",
 167  
    *          otherwise just returns "postid"
 168  
    */
 169  
   protected String formatPostId(String blogid, String postid) {
 170  112
     return blogid + BLOG_ID_SEPARATOR + postid;
 171  
   }
 172  
 
 173  
 }