Coverage Report

Coverage Report - org.acegisecurity.adapters.HttpRequestIntegrationFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

HttpRequestIntegrationFilter

75%

100%

2.667

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.adapters;
 
 import org.acegisecurity.Authentication;
 
 import org.acegisecurity.context.SecurityContextHolder;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import java.io.IOException;
 
 import java.security.Principal;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
 
 /**
  * Populates <code>SecurityContext</code> with the <code>Authentication</code> obtained from the container's
  * <code>HttpServletRequest.getUserPrincipal()</code>.<p>Use this filter with container adapters only.</p>
  *  <p>This filter <b>never</b> preserves the <code>Authentication</code> on the <code>SecurityContext</code> - it
  * is replaced every request.</p>
  *  <p>See {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter} for further information.</p>
  *
  * @author Ben Alex
  * @version $Id: HttpRequestIntegrationFilter.java 1496 2006-05-23 13:38:33Z benalex $
  */
 public class HttpRequestIntegrationFilter implements Filter {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(HttpRequestIntegrationFilter.class);
 
     //~ Methods ========================================================================================================
 
     /**
      * Does nothing. We use IoC container lifecycle services instead.
      */
     public void destroy() {}
 
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
         throws IOException, ServletException {
         if (request instanceof HttpServletRequest) {
             Principal principal = ((HttpServletRequest) request).getUserPrincipal();
 
             if ((principal != null) && principal instanceof Authentication) {
                 SecurityContextHolder.getContext().setAuthentication((Authentication) principal);
 
                 if (logger.isDebugEnabled()) {
                     logger.debug("SecurityContextHolder updated with Authentication from container: '" + principal
                         + "'");
                 }
             } else {
                 if (logger.isDebugEnabled()) {
                     logger.debug("SecurityContextHolder not set with new Authentication as Principal was: '"
                         + principal + "'");
                 }
             }
         } else {
             throw new IllegalArgumentException("Only HttpServletRequest is acceptable");
         }
 
         chain.doFilter(request, response);
     }
 
     /**
      * Does nothing. We use IoC container lifecycle services instead.
      *
      * @param arg0 ignored
      *
      * @throws ServletException ignored
      */
     public void init(FilterConfig arg0) throws ServletException {}
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.adapters;
17
18		import org.acegisecurity.Authentication;
19
20		import org.acegisecurity.context.SecurityContextHolder;
21
22		import org.apache.commons.logging.Log;
23		import org.apache.commons.logging.LogFactory;
24
25		import java.io.IOException;
26
27		import java.security.Principal;
28
29		import javax.servlet.Filter;
30		import javax.servlet.FilterChain;
31		import javax.servlet.FilterConfig;
32		import javax.servlet.ServletException;
33		import javax.servlet.ServletRequest;
34		import javax.servlet.ServletResponse;
35		import javax.servlet.http.HttpServletRequest;
36
37
38		/**
39		* Populates <code>SecurityContext</code> with the <code>Authentication</code> obtained from the container's
40		* <code>HttpServletRequest.getUserPrincipal()</code>.<p>Use this filter with container adapters only.</p>
41		* <p>This filter <b>never</b> preserves the <code>Authentication</code> on the <code>SecurityContext</code> - it
42		* is replaced every request.</p>
43		* <p>See {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter} for further information.</p>
44		*
45		* @author Ben Alex
46		* @version $Id: HttpRequestIntegrationFilter.java 1496 2006-05-23 13:38:33Z benalex $
47		*/
48	3	public class HttpRequestIntegrationFilter implements Filter {
49		//~ Static fields/initializers =====================================================================================
50
51	2	private static final Log logger = LogFactory.getLog(HttpRequestIntegrationFilter.class);
52
53		//~ Methods ========================================================================================================
54
55		/**
56		* Does nothing. We use IoC container lifecycle services instead.
57		*/
58	0	public void destroy() {}
59
60		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
61		throws IOException, ServletException {
62	3	if (request instanceof HttpServletRequest) {
63	2	Principal principal = ((HttpServletRequest) request).getUserPrincipal();
64
65	2	if ((principal != null) && principal instanceof Authentication) {
66	1	SecurityContextHolder.getContext().setAuthentication((Authentication) principal);
67
68	1	if (logger.isDebugEnabled()) {
69	0	logger.debug("SecurityContextHolder updated with Authentication from container: '" + principal
70		+ "'");
71		}
72		} else {
73	1	if (logger.isDebugEnabled()) {
74	0	logger.debug("SecurityContextHolder not set with new Authentication as Principal was: '"
75		+ principal + "'");
76		}
77		}
78	2	} else {
79	1	throw new IllegalArgumentException("Only HttpServletRequest is acceptable");
80		}
81
82	2	chain.doFilter(request, response);
83	2	}
84
85		/**
86		* Does nothing. We use IoC container lifecycle services instead.
87		*
88		* @param arg0 ignored
89		*
90		* @throws ServletException ignored
91		*/
92	0	public void init(FilterConfig arg0) throws ServletException {}
93		}