Pebble 2.5-SNAPSHOT

Clover Coverage Report - Pebble 2.5-SNAPSHOT

Coverage timestamp: Sat Jun 12 2010 09:39:29 EST

FRAMES NO FRAMES SHOW HELP

../../../../img/srcFileCovDistChart0.png

48% of files have more coverage

Statistics for file PrivateBlogFilterInvocationDefinitionSource.java:
Stmts:	17	LOC:	130	Total cmp:	19	Stmts/Method:	5,67
Branches:	10	NCLOC:	54	Cmp density:	1,12	Methods/Class:	3
Methods:	3			Avg method cmp:	6,33
Classes:	1

Statistics for file PrivateBlogFilterInvocationDefinitionSource.java:
Stmts:	17	LOC:	130	Total cmp:	19	Stmts/Method:	5,67
Branches:	10	NCLOC:	54	Cmp density:	1,12	Methods/Class:	3
Methods:	3			Avg method cmp:	6,33
Classes:	1

This report was generated with an evaluation server license. Purchase Clover or configure your license.

Expand All

PrivateBlogFilterInvocationDefinitionSource

Line # 57

Total Statements 17

% Filtered 0%

Complexity 19

Uncovered Elements 30

TOTAL Coverage 0%

0.0

No Tests

Collapse All

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions are met:

* - Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer.

* - Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in

* the documentation and/or other materials provided with the

* distribution.

* - Neither the name of Pebble nor the names of its contributors may

* be used to endorse or promote products derived from this software

* without specific prior written permission.

* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

* POSSIBILITY OF SUCH DAMAGE.

package net.sourceforge.pebble.security;

import net.sourceforge.pebble.Constants;

import net.sourceforge.pebble.domain.AbstractBlog;

import net.sourceforge.pebble.domain.Blog;

import org.acegisecurity.ConfigAttributeDefinition;

import org.acegisecurity.intercept.web.FilterInvocation;

import org.acegisecurity.intercept.web.FilterInvocationDefinitionSource;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import javax.servlet.http.HttpServletRequest;

import java.util.Iterator;

import java.util.List;

/**

* Bespoke FilterInvocationDefinitionSource that holds a mapping between blog

* IDs and the roles that can access them. This is used when blog owners mark

* their blog as "private", which forces authentication before the content

* can be accessed. This implementation allows mappings to be removed

* and added at runtime, making it possible to make blogs private

* without restarting the web/application server.

* @author Simon Brown

public class PrivateBlogFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {

private static final Log log = LogFactory.getLog(PrivateBlogFilterInvocationDefinitionSource.class);

/**

* Accesses the <code>ConfigAttributeDefinition</code> that applies to a given secure object.<P>Returns

* <code>null</code> if no <code>ConfigAttribiteDefinition</code> applies.</p>

* @param object the object being secured

* @return the <code>ConfigAttributeDefinition</code> that applies to the passed object

* @throws IllegalArgumentException if the passed object is not of a type supported by the

* <code>ObjectDefinitionSource</code> implementation

public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException {

if ((object == null) || !this.supports(object.getClass())) {

throw new IllegalArgumentException("Object must be a FilterInvocation");

}

HttpServletRequest request = ((FilterInvocation)object).getHttpRequest();

String uri = (String)request.getAttribute(Constants.INTERNAL_URI);

if (

uri.endsWith("loginPage.action") ||

uri.endsWith(".secureaction") ||

uri.startsWith("/themes/") ||

uri.startsWith("/scripts/") ||

uri.startsWith("/common/") ||

uri.startsWith("/dwr/") ||

uri.equals("/robots.txt") ||

uri.equals("/pebble.css") ||

uri.equals("/favicon.ico") ||

uri.startsWith("/FCKeditor/")

) {

return null;

}

AbstractBlog ab = (AbstractBlog)((FilterInvocation)object).getHttpRequest().getAttribute(Constants.BLOG_KEY);

if (ab instanceof Blog) {

Blog blog = (Blog)ab;

List<String> blogReaders = blog.getBlogReaders();

if (blogReaders != null && blogReaders.size() > 0) {

return new PrivateBlogConfigAttributeDefinition(blog);

}

}

return null;

}

/**

* If available, all of the <code>ConfigAttributeDefinition</code>s defined by the implementing class.<P>This

107

* is used by the {@link org.acegisecurity.intercept.AbstractSecurityInterceptor} to perform startup time validation of each

108

* <code>ConfigAttribute</code> configured against it.</p>

109

110

* @return an iterator over all the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported

111

112

public Iterator getConfigAttributeDefinitions() {

return null;

}

/**

* Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide

118

* <code>ConfigAttributeDefinition</code>s for the indicated secure object type.

119

120

* @param clazz the class that is being queried

121

* @return true if the implementation can process the indicated class

122

123

public boolean supports(Class clazz) {

124

if (FilterInvocation.class.isAssignableFrom(clazz)) {

return true;

} else {

return false;

}

}

}