Coverage Report

Coverage Report - org.acegisecurity.securechannel.SecureChannelProcessor

Classes in this File

100%

1.714

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.securechannel;
 
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
 import org.acegisecurity.intercept.web.FilterInvocation;
 
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.util.Assert;
 
 import java.io.IOException;
 
 import java.util.Iterator;
 
 import javax.servlet.ServletException;
 
 
 /**
  * <p>Ensures channel security is active by review of <code>HttpServletRequest.isSecure()</code> responses.</p>
  *  <P>The class responds to one case-sensitive keyword, {@link #getSecureKeyword}. If this keyword is detected,
  * <code>HttpServletRequest.isSecure()</code> is used to determine the channel security offered. If channel security
  * is not present, the configured <code>ChannelEntryPoint</code> is called. By default the entry point is {@link
  * RetryWithHttpsEntryPoint}.</p>
  *  <P>The default <code>secureKeyword</code> is <code>REQUIRES_SECURE_CHANNEL</code>.</p>
  *
  * @author Ben Alex
  * @version $Id: SecureChannelProcessor.java 1496 2006-05-23 13:38:33Z benalex $
  */
 public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
     //~ Instance fields ================================================================================================
 
     private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();
     private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
 
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
         Assert.hasLength(secureKeyword, "secureKeyword required");
         Assert.notNull(entryPoint, "entryPoint required");
     }
 
     public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
         throws IOException, ServletException {
         Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
 
         Iterator iter = config.getConfigAttributes();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();
 
             if (supports(attribute)) {
                 if (!invocation.getHttpRequest().isSecure()) {
                     entryPoint.commence(invocation.getRequest(), invocation.getResponse());
                 }
             }
         }
     }
 
     public ChannelEntryPoint getEntryPoint() {
         return entryPoint;
     }
 
     public String getSecureKeyword() {
         return secureKeyword;
     }
 
     public void setEntryPoint(ChannelEntryPoint entryPoint) {
         this.entryPoint = entryPoint;
     }
 
     public void setSecureKeyword(String secureKeyword) {
         this.secureKeyword = secureKeyword;
     }
 
     public boolean supports(ConfigAttribute attribute) {
         if ((attribute != null) && (attribute.getAttribute() != null)
             && attribute.getAttribute().equals(getSecureKeyword())) {
             return true;
         } else {
             return false;
         }
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.securechannel;
17
18		import org.acegisecurity.ConfigAttribute;
19		import org.acegisecurity.ConfigAttributeDefinition;
20
21		import org.acegisecurity.intercept.web.FilterInvocation;
22
23		import org.springframework.beans.factory.InitializingBean;
24
25		import org.springframework.util.Assert;
26
27		import java.io.IOException;
28
29		import java.util.Iterator;
30
31		import javax.servlet.ServletException;
32
33
34		/**
35		* <p>Ensures channel security is active by review of <code>HttpServletRequest.isSecure()</code> responses.</p>
36		* <P>The class responds to one case-sensitive keyword, {@link #getSecureKeyword}. If this keyword is detected,
37		* <code>HttpServletRequest.isSecure()</code> is used to determine the channel security offered. If channel security
38		* is not present, the configured <code>ChannelEntryPoint</code> is called. By default the entry point is {@link
39		* RetryWithHttpsEntryPoint}.</p>
40		* <P>The default <code>secureKeyword</code> is <code>REQUIRES_SECURE_CHANNEL</code>.</p>
41		*
42		* @author Ben Alex
43		* @version $Id: SecureChannelProcessor.java 1496 2006-05-23 13:38:33Z benalex $
44		*/
45	7	public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
46		//~ Instance fields ================================================================================================
47
48	7	private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();
49	7	private String secureKeyword = "REQUIRES_SECURE_CHANNEL";
50
51		//~ Methods ========================================================================================================
52
53		public void afterPropertiesSet() throws Exception {
54	4	Assert.hasLength(secureKeyword, "secureKeyword required");
55	2	Assert.notNull(entryPoint, "entryPoint required");
56	1	}
57
58		public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
59		throws IOException, ServletException {
60	3	Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
61
62	2	Iterator iter = config.getConfigAttributes();
63
64	6	while (iter.hasNext()) {
65	4	ConfigAttribute attribute = (ConfigAttribute) iter.next();
66
67	4	if (supports(attribute)) {
68	2	if (!invocation.getHttpRequest().isSecure()) {
69	1	entryPoint.commence(invocation.getRequest(), invocation.getResponse());
70		}
71		}
72	4	}
73	2	}
74
75		public ChannelEntryPoint getEntryPoint() {
76	2	return entryPoint;
77		}
78
79		public String getSecureKeyword() {
80	8	return secureKeyword;
81		}
82
83		public void setEntryPoint(ChannelEntryPoint entryPoint) {
84	2	this.entryPoint = entryPoint;
85	2	}
86
87		public void setSecureKeyword(String secureKeyword) {
88	3	this.secureKeyword = secureKeyword;
89	3	}
90
91		public boolean supports(ConfigAttribute attribute) {
92	7	if ((attribute != null) && (attribute.getAttribute() != null)
93		&& attribute.getAttribute().equals(getSecureKeyword())) {
94	3	return true;
95		} else {
96	4	return false;
97		}
98		}
99		}