Coverage Report

Coverage Report - org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper

Classes in this File

Line Coverage

Branch Coverage

Complexity

SecurityContextHolderAwareRequestWrapper

96%

100%

3.167

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.wrapper;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationTrustResolver;
 import org.acegisecurity.AuthenticationTrustResolverImpl;
 
 import org.acegisecurity.context.SecurityContextHolder;
 
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.util.PortResolver;
 
 import java.security.Principal;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 
 
 /**
  * An Acegi Security-aware <code>HttpServletRequestWrapper</code>, which uses the
  * <code>SecurityContext</code>-defined <code>Authentication</code> object for {@link
  * SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)} and {@link
  * javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()} responses.
  *
  * @author Orlando Garcia Carmona
  * @author Ben Alex
  * @version $Id: SecurityContextHolderAwareRequestWrapper.java 1859 2007-05-24 23:20:40Z vishalpuri $
  */
 public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
     //~ Instance fields ================================================================================================
 
     private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
 
     //~ Constructors ===================================================================================================
 
     public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, PortResolver portResolver) {
         super(request);
     }
 
     //~ Methods ========================================================================================================
 
     /**
      * Obtain the current active <code>Authentication</code>
      *
      * @return the authentication object or <code>null</code>
      */
     private Authentication getAuthentication() {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
         if (!authenticationTrustResolver.isAnonymous(auth)) {
             return auth;
         }
 
         return null;
     }
 
     /**
      * Returns the principal's name, as obtained from the <code>SecurityContextHolder</code>. Properly handles
      * both <code>String</code>-based and <code>UserDetails</code>-based principals.
      *
      * @return the username or <code>null</code> if unavailable
      */
     public String getRemoteUser() {
         Authentication auth = getAuthentication();
 
         if ((auth == null) || (auth.getPrincipal() == null)) {
             return null;
         }
 
         if (auth.getPrincipal() instanceof UserDetails) {
             return ((UserDetails) auth.getPrincipal()).getUsername();
         }
 
         return auth.getPrincipal().toString();
     }
 
     /**
      * Returns the <code>Authentication</code> (which is a subclass of <code>Principal</code>), or
      * <code>null</code> if unavailable.
      *
      * @return the <code>Authentication</code>, or <code>null</code>
      */
     public Principal getUserPrincipal() {
         Authentication auth = getAuthentication();
 
         if ((auth == null) || (auth.getPrincipal() == null)) {
             return null;
         }
 
         return auth;
     }
 
     private boolean isGranted(String role) {
         Authentication auth = getAuthentication();
 
         if ((auth == null) || (auth.getPrincipal() == null) || (auth.getAuthorities() == null)) {
             return false;
         }
 
         for (int i = 0; i < auth.getAuthorities().length; i++) {
             if (role.equals(auth.getAuthorities()[i].getAuthority())) {
                 return true;
             }
         }
 
         return false;
     }
 
     /**
      * Simple searches for an exactly matching {@link org.acegisecurity.GrantedAuthority#getAuthority()}.<p>Will
      * always return <code>false</code> if the <code>SecurityContextHolder</code> contains an
      * <code>Authentication</code> with <code>null</code><code>principal</code> and/or <code>GrantedAuthority[]</code>
      * objects.</p>
      *
      * @param role the <code>GrantedAuthority</code><code>String</code> representation to check for
      *
      * @return <code>true</code> if an <b>exact</b> (case sensitive) matching granted authority is located,
      *         <code>false</code> otherwise
      */
     public boolean isUserInRole(String role) {
         return isGranted(role);
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.wrapper;
17
18		import org.acegisecurity.Authentication;
19		import org.acegisecurity.AuthenticationTrustResolver;
20		import org.acegisecurity.AuthenticationTrustResolverImpl;
21
22		import org.acegisecurity.context.SecurityContextHolder;
23
24		import org.acegisecurity.userdetails.UserDetails;
25		import org.acegisecurity.util.PortResolver;
26
27		import java.security.Principal;
28
29		import javax.servlet.http.HttpServletRequest;
30		import javax.servlet.http.HttpServletRequestWrapper;
31
32
33		/**
34		* An Acegi Security-aware <code>HttpServletRequestWrapper</code>, which uses the
35		* <code>SecurityContext</code>-defined <code>Authentication</code> object for {@link
36		* SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)} and {@link
37		* javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()} responses.
38		*
39		* @author Orlando Garcia Carmona
40		* @author Ben Alex
41		* @version $Id: SecurityContextHolderAwareRequestWrapper.java 1859 2007-05-24 23:20:40Z vishalpuri $
42		*/
43		public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
44		//~ Instance fields ================================================================================================
45
46	6	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
47
48		//~ Constructors ===================================================================================================
49
50		public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, PortResolver portResolver) {
51	6	super(request);
52	6	}
53
54		//~ Methods ========================================================================================================
55
56		/**
57		* Obtain the current active <code>Authentication</code>
58		*
59		* @return the authentication object or <code>null</code>
60		*/
61		private Authentication getAuthentication() {
62	17	Authentication auth = SecurityContextHolder.getContext().getAuthentication();
63
64	17	if (!authenticationTrustResolver.isAnonymous(auth)) {
65	17	return auth;
66		}
67
68	0	return null;
69		}
70
71		/**
72		* Returns the principal's name, as obtained from the <code>SecurityContextHolder</code>. Properly handles
73		* both <code>String</code>-based and <code>UserDetails</code>-based principals.
74		*
75		* @return the username or <code>null</code> if unavailable
76		*/
77		public String getRemoteUser() {
78	4	Authentication auth = getAuthentication();
79
80	4	if ((auth == null) \|\| (auth.getPrincipal() == null)) {
81	2	return null;
82		}
83
84	2	if (auth.getPrincipal() instanceof UserDetails) {
85	1	return ((UserDetails) auth.getPrincipal()).getUsername();
86		}
87
88	1	return auth.getPrincipal().toString();
89		}
90
91		/**
92		* Returns the <code>Authentication</code> (which is a subclass of <code>Principal</code>), or
93		* <code>null</code> if unavailable.
94		*
95		* @return the <code>Authentication</code>, or <code>null</code>
96		*/
97		public Principal getUserPrincipal() {
98	4	Authentication auth = getAuthentication();
99
100	4	if ((auth == null) \|\| (auth.getPrincipal() == null)) {
101	2	return null;
102		}
103
104	2	return auth;
105		}
106
107		private boolean isGranted(String role) {
108	9	Authentication auth = getAuthentication();
109
110	9	if ((auth == null) \|\| (auth.getPrincipal() == null) \|\| (auth.getAuthorities() == null)) {
111	3	return false;
112		}
113
114	12	for (int i = 0; i < auth.getAuthorities().length; i++) {
115	9	if (role.equals(auth.getAuthorities()[i].getAuthority())) {
116	3	return true;
117		}
118		}
119
120	3	return false;
121		}
122
123		/**
124		* Simple searches for an exactly matching {@link org.acegisecurity.GrantedAuthority#getAuthority()}.<p>Will
125		* always return <code>false</code> if the <code>SecurityContextHolder</code> contains an
126		* <code>Authentication</code> with <code>null</code><code>principal</code> and/or <code>GrantedAuthority[]</code>
127		* objects.</p>
128		*
129		* @param role the <code>GrantedAuthority</code><code>String</code> representation to check for
130		*
131		* @return <code>true</code> if an <b>exact</b> (case sensitive) matching granted authority is located,
132		* <code>false</code> otherwise
133		*/
134		public boolean isUserInRole(String role) {
135	9	return isGranted(role);
136		}
137		}