Clover Coverage Report - Pebble 2.5-SNAPSHOT
Coverage timestamp: Sat Jun 12 2010 09:39:29 EST
Overview   Package   File
    FRAMES   NO FRAMES     
../../../../img/srcFileCovDistChart6.png 36% of files have more coverage
68   273   38   2,34
16   162   0,56   29
29     1,31  
1    
This report was generated with an evaluation server license. Purchase Clover or configure your license.
 
  SecurityUtils       Line # 60 68 0% 38 48 57,5% 0.57522124
 
  (264)
 
1    /*
2    * Copyright (c) 2003-2006, Simon Brown
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * - Redistributions of source code must retain the above copyright
9    * notice, this list of conditions and the following disclaimer.
10    *
11    * - Redistributions in binary form must reproduce the above copyright
12    * notice, this list of conditions and the following disclaimer in
13    * the documentation and/or other materials provided with the
14    * distribution.
15    *
16    * - Neither the name of Pebble nor the names of its contributors may
17    * be used to endorse or promote products derived from this software
18    * without specific prior written permission.
19    *
20    * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21    * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22    * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23    * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30    * POSSIBILITY OF SUCH DAMAGE.
31    */
32    package net.sourceforge.pebble.util;
33   
34    import net.sourceforge.pebble.Constants;
35    import net.sourceforge.pebble.PebbleContext;
36    import net.sourceforge.pebble.domain.Blog;
37    import net.sourceforge.pebble.security.PebbleUserDetails;
38    import net.sourceforge.pebble.security.SecurityRealm;
39    import net.sourceforge.pebble.security.SecurityRealmException;
40    import org.acegisecurity.Authentication;
41    import org.acegisecurity.GrantedAuthority;
42    import org.acegisecurity.GrantedAuthorityImpl;
43    import org.acegisecurity.context.SecurityContext;
44    import org.acegisecurity.context.SecurityContextHolder;
45    import org.acegisecurity.providers.TestingAuthenticationToken;
46    import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
47    import org.acegisecurity.providers.encoding.PasswordEncoder;
48    import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
49    import org.acegisecurity.providers.encoding.ShaPasswordEncoder;
50    import org.apache.commons.logging.Log;
51    import org.apache.commons.logging.LogFactory;
52   
53    import java.util.List;
54   
55    /**
56    * A collection of utility methods for security.
57    *
58    * @author Simon Brown
59    */
 
60    public final class SecurityUtils {
61   
62    private static final Log log = LogFactory.getLog(SecurityUtils.class);
63   
 
64  1016 toggle public static String getUsername() {
65  1016 SecurityContext ctx = SecurityContextHolder.getContext();
66  1016 Authentication auth = ctx.getAuthentication();
67  1016 return getUsername(auth);
68    }
69   
 
70  1016 toggle public static String getUsername(Authentication auth) {
71  1016 if (auth != null) {
72  246 return auth.getName();
73    } else {
74  770 return null;
75    }
76    }
77   
 
78  10 toggle public static PebbleUserDetails getUserDetails() {
79  10 try {
80  10 SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
81  10 return realm.getUser(getUsername());
82    } catch (SecurityRealmException e) {
83  0 log.error(e);
84  0 return null;
85    }
86    }
87   
 
88  474 toggle public static boolean isUserInRole(String role) {
89  474 SecurityContext ctx = SecurityContextHolder.getContext();
90  474 Authentication auth = ctx.getAuthentication();
91  474 return isUserInRole(auth, role);
92    }
93   
 
94  474 toggle public static boolean isUserInRole(Authentication auth, String role) {
95  474 if (auth != null) {
96  202 GrantedAuthority[] authorities = auth.getAuthorities();
97  202 if (authorities != null) {
98  202 for (GrantedAuthority authority : authorities) {
99  186 if (authority.getAuthority().equals(role)) {
100  144 return true;
101    }
102    }
103    }
104    }
105  330 return false;
106    }
107   
108    /**
109    * Determines whether this user is a Pebble admin user.
110    *
111    * @return true if the user is a Pebble admin, false otherwise
112    */
 
113  0 toggle public static boolean isBlogAdmin() {
114  0 return isUserInRole(Constants.BLOG_ADMIN_ROLE);
115    }
116   
117    /**
118    * Determines whether this user is a blog owner.
119    *
120    * @return true if the user is a blog owner, false otherwise
121    */
 
122  110 toggle public static boolean isBlogOwner() {
123  110 return isUserInRole(Constants.BLOG_OWNER_ROLE);
124    }
125   
126    /**
127    * Determines whether this user is a blog publisher.
128    *
129    * @return true if the user is a blog publisher, false otherwise
130    */
 
131  120 toggle public static boolean isBlogPublisher() {
132  120 return isUserInRole(Constants.BLOG_PUBLISHER_ROLE);
133    }
134   
135    /**
136    * Determines whether this user is a blog contributor.
137    *
138    * @return true if the user is a blog contributor, false otherwise
139    */
 
140  244 toggle public static boolean isBlogContributor() {
141  244 return isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE);
142    }
143   
144    /**
145    * Determines whether this user is a Pebble admin user.
146    *
147    * @return true if the user is a Pebble admin, false otherwise
148    */
 
149  0 toggle public static boolean isBlogAdmin(Authentication auth) {
150  0 return isUserInRole(auth, Constants.BLOG_ADMIN_ROLE);
151    }
152   
153    /**
154    * Determines whether this user is a blog owner.
155    *
156    * @return true if the user is a blog owner, false otherwise
157    */
 
158  0 toggle public static boolean isBlogOwner(Authentication auth) {
159  0 return isUserInRole(auth, Constants.BLOG_OWNER_ROLE);
160    }
161   
162    /**
163    * Determines whether this user is a blog publisher.
164    *
165    * @return true if the user is a blog publisher, false otherwise
166    */
 
167  0 toggle public static boolean isBlogPublisher(Authentication auth) {
168  0 return isUserInRole(auth, Constants.BLOG_PUBLISHER_ROLE);
169    }
170   
171    /**
172    * Determines whether this user is a blog contributor.
173    *
174    * @return true if the user is a blog contributor, false otherwise
175    */
 
176  0 toggle public static boolean isBlogContributor(Authentication auth) {
177  0 return isUserInRole(auth, Constants.BLOG_CONTRIBUTOR_ROLE);
178    }
179   
 
180  2 toggle public static void runAsBlogOwner() {
181  2 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_OWNER_ROLE)});
182  2 SecurityContextHolder.getContext().setAuthentication(auth);
183    }
184   
 
185  2 toggle public static void runAsBlogPublisher() {
186  2 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_PUBLISHER_ROLE)});
187  2 SecurityContextHolder.getContext().setAuthentication(auth);
188    }
189   
 
190  30 toggle public static void runAsBlogContributor() {
191  30 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_CONTRIBUTOR_ROLE)});
192  30 SecurityContextHolder.getContext().setAuthentication(auth);
193    }
194   
 
195  8 toggle public static void runAsAnonymous() {
196  8 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {});
197  8 SecurityContextHolder.getContext().setAuthentication(auth);
198    }
199   
 
200  2 toggle public static void runAsUnauthenticated() {
201  2 SecurityContextHolder.getContext().setAuthentication(null);
202    }
203   
 
204  106 toggle public static boolean isUserAuthorisedForBlogAsBlogOwner(Blog blog) {
205  106 String currentUser = SecurityUtils.getUsername();
206  106 return isBlogOwner() && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
207    }
208   
 
209  106 toggle public static boolean isUserAuthorisedForBlogAsBlogPublisher(Blog blog) {
210  106 String currentUser = SecurityUtils.getUsername();
211  106 return isBlogPublisher() && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
212    }
213   
 
214  244 toggle public static boolean isUserAuthorisedForBlogAsBlogContributor(Blog blog) {
215  244 String currentUser = SecurityUtils.getUsername();
216  244 return isBlogContributor() && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
217    }
218   
 
219  0 toggle public static boolean isUserAuthorisedForBlogAsBlogOwner(Authentication auth, Blog blog) {
220  0 String currentUser = SecurityUtils.getUsername(auth);
221  0 return isBlogOwner(auth) && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
222    }
223   
 
224  0 toggle public static boolean isUserAuthorisedForBlogAsBlogPublisher(Authentication auth, Blog blog) {
225  0 String currentUser = SecurityUtils.getUsername(auth);
226  0 return isBlogPublisher(auth) && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
227    }
228   
 
229  0 toggle public static boolean isUserAuthorisedForBlogAsBlogContributor(Authentication auth, Blog blog) {
230  0 String currentUser = SecurityUtils.getUsername(auth);
231  0 return isBlogContributor(auth) && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
232    }
233   
 
234  0 toggle public static boolean isUserAuthorisedForBlogAsBlogReader(Authentication auth, Blog blog) {
235  0 String currentUser = SecurityUtils.getUsername(auth);
236  0 return blog.isUserInRole(Constants.BLOG_READER_ROLE, currentUser);
237    }
238   
 
239  106 toggle public static boolean isUserAuthorisedForBlog(Blog blog) {
240  106 return isUserAuthorisedForBlogAsBlogOwner(blog) ||
241    isUserAuthorisedForBlogAsBlogPublisher(blog) ||
242    isUserAuthorisedForBlogAsBlogContributor(blog);
243    }
244   
 
245  0 toggle public static boolean isUserAuthorisedForBlog(Authentication auth, Blog blog) {
246  0 return isUserAuthorisedForBlogAsBlogOwner(auth, blog) ||
247    isUserAuthorisedForBlogAsBlogPublisher(auth, blog) ||
248    isUserAuthorisedForBlogAsBlogContributor(auth, blog);
249    }
250   
 
251  12 toggle public static boolean isUserAuthenticated() {
252  12 SecurityContext ctx = SecurityContextHolder.getContext();
253  12 return ctx.getAuthentication() != null;
254    }
255   
 
256  0 toggle public static void main(String[] args) {
257  0 if (args.length != 3) {
258  0 System.out.println("Usage : [md5|sha|plaintext] username password");
259  0 } else if (args[0].equals("md5")) {
260  0 PasswordEncoder encoder = new Md5PasswordEncoder();
261  0 System.out.println(encoder.encodePassword(args[2], args[1]));
262  0 } else if (args[0].equals("sha")) {
263  0 PasswordEncoder encoder = new ShaPasswordEncoder();
264  0 System.out.println(encoder.encodePassword(args[2], args[1]));
265  0 } else if (args[0].equals("plaintext")) {
266  0 PasswordEncoder encoder = new PlaintextPasswordEncoder();
267  0 System.out.println(encoder.encodePassword(args[2], args[1]));
268    } else {
269  0 System.out.println("Algorithm must be md5, sha or plaintext");
270    }
271    }
272   
273    }
 
CloverReport generated by Clover Code Coverage v3.0.2
Sat Jun 12 2010 09:39:50 EST.		   Clover Evaluation License registered to Clover Maven Plugin. You have 20 day(s) before your license expires.