Coverage Report

Coverage Report - org.acegisecurity.securechannel.InsecureChannelProcessor

Classes in this File

100%

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.securechannel;
 
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
 import org.acegisecurity.intercept.web.FilterInvocation;
 
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.util.Assert;
 
 import java.io.IOException;
 
 import java.util.Iterator;
 
 import javax.servlet.ServletException;
 
 
 /**
  * <p>Ensures channel security is inactive by review of <code>HttpServletRequest.isSecure()</code> responses.</p>
  *  <P>The class responds to one case-sensitive keyword, {@link #getInsecureKeyword}. If this keyword is detected,
  * <code>HttpServletRequest.isSecure()</code> is used to determine the channel security offered. If channel security
  * is present, the configured <code>ChannelEntryPoint</code> is called. By default the entry point is {@link
  * RetryWithHttpEntryPoint}.</p>
  *  <P>The default <code>insecureKeyword</code> is <code>REQUIRES_INSECURE_CHANNEL</code>.</p>
  *
  * @author Ben Alex
  * @version $Id: InsecureChannelProcessor.java 1496 2006-05-23 13:38:33Z benalex $
  */
 public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
     //~ Instance fields ================================================================================================
 
     private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
     private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
 
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
         Assert.hasLength(insecureKeyword, "insecureKeyword required");
         Assert.notNull(entryPoint, "entryPoint required");
     }
 
     public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
         throws IOException, ServletException {
         if ((invocation == null) || (config == null)) {
             throw new IllegalArgumentException("Nulls cannot be provided");
         }
 
         Iterator iter = config.getConfigAttributes();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();
 
             if (supports(attribute)) {
                 if (invocation.getHttpRequest().isSecure()) {
                     entryPoint.commence(invocation.getRequest(), invocation.getResponse());
                 }
             }
         }
     }
 
     public ChannelEntryPoint getEntryPoint() {
         return entryPoint;
     }
 
     public String getInsecureKeyword() {
         return insecureKeyword;
     }
 
     public void setEntryPoint(ChannelEntryPoint entryPoint) {
         this.entryPoint = entryPoint;
     }
 
     public void setInsecureKeyword(String secureKeyword) {
         this.insecureKeyword = secureKeyword;
     }
 
     public boolean supports(ConfigAttribute attribute) {
         if ((attribute != null) && (attribute.getAttribute() != null)
             && attribute.getAttribute().equals(getInsecureKeyword())) {
             return true;
         } else {
             return false;
         }
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.securechannel;
17
18		import org.acegisecurity.ConfigAttribute;
19		import org.acegisecurity.ConfigAttributeDefinition;
20
21		import org.acegisecurity.intercept.web.FilterInvocation;
22
23		import org.springframework.beans.factory.InitializingBean;
24
25		import org.springframework.util.Assert;
26
27		import java.io.IOException;
28
29		import java.util.Iterator;
30
31		import javax.servlet.ServletException;
32
33
34		/**
35		* <p>Ensures channel security is inactive by review of <code>HttpServletRequest.isSecure()</code> responses.</p>
36		* <P>The class responds to one case-sensitive keyword, {@link #getInsecureKeyword}. If this keyword is detected,
37		* <code>HttpServletRequest.isSecure()</code> is used to determine the channel security offered. If channel security
38		* is present, the configured <code>ChannelEntryPoint</code> is called. By default the entry point is {@link
39		* RetryWithHttpEntryPoint}.</p>
40		* <P>The default <code>insecureKeyword</code> is <code>REQUIRES_INSECURE_CHANNEL</code>.</p>
41		*
42		* @author Ben Alex
43		* @version $Id: InsecureChannelProcessor.java 1496 2006-05-23 13:38:33Z benalex $
44		*/
45	7	public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
46		//~ Instance fields ================================================================================================
47
48	7	private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
49	7	private String insecureKeyword = "REQUIRES_INSECURE_CHANNEL";
50
51		//~ Methods ========================================================================================================
52
53		public void afterPropertiesSet() throws Exception {
54	4	Assert.hasLength(insecureKeyword, "insecureKeyword required");
55	2	Assert.notNull(entryPoint, "entryPoint required");
56	1	}
57
58		public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
59		throws IOException, ServletException {
60	3	if ((invocation == null) \|\| (config == null)) {
61	1	throw new IllegalArgumentException("Nulls cannot be provided");
62		}
63
64	2	Iterator iter = config.getConfigAttributes();
65
66	6	while (iter.hasNext()) {
67	4	ConfigAttribute attribute = (ConfigAttribute) iter.next();
68
69	4	if (supports(attribute)) {
70	2	if (invocation.getHttpRequest().isSecure()) {
71	1	entryPoint.commence(invocation.getRequest(), invocation.getResponse());
72		}
73		}
74	4	}
75	2	}
76
77		public ChannelEntryPoint getEntryPoint() {
78	2	return entryPoint;
79		}
80
81		public String getInsecureKeyword() {
82	8	return insecureKeyword;
83		}
84
85		public void setEntryPoint(ChannelEntryPoint entryPoint) {
86	2	this.entryPoint = entryPoint;
87	2	}
88
89		public void setInsecureKeyword(String secureKeyword) {
90	3	this.insecureKeyword = secureKeyword;
91	3	}
92
93		public boolean supports(ConfigAttribute attribute) {
94	7	if ((attribute != null) && (attribute.getAttribute() != null)
95		&& attribute.getAttribute().equals(getInsecureKeyword())) {
96	3	return true;
97		} else {
98	4	return false;
99		}
100		}
101		}