Coverage report

  %line %branch
org.apache.jetspeed.login.filter.PortalFilter
0% 
0% 

 1   
 /*
 2   
  * Licensed to the Apache Software Foundation (ASF) under one or more
 3   
  * contributor license agreements.  See the NOTICE file distributed with
 4   
  * this work for additional information regarding copyright ownership.
 5   
  * The ASF licenses this file to You under the Apache License, Version 2.0
 6   
  * (the "License"); you may not use this file except in compliance with
 7   
  * the License.  You may obtain a copy of the License at
 8   
  *
 9   
  *      http://www.apache.org/licenses/LICENSE-2.0
 10   
  *
 11   
  * Unless required by applicable law or agreed to in writing, software
 12   
  * distributed under the License is distributed on an "AS IS" BASIS,
 13   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 14   
  * See the License for the specific language governing permissions and
 15   
  * limitations under the License.
 16   
  */
 17   
 package org.apache.jetspeed.login.filter;
 18   
 
 19   
 import java.io.IOException;
 20   
 import java.security.Principal;
 21   
 import java.util.HashSet;
 22   
 import java.util.Set;
 23   
 
 24   
 import javax.security.auth.Subject;
 25   
 import javax.servlet.Filter;
 26   
 import javax.servlet.FilterChain;
 27   
 import javax.servlet.FilterConfig;
 28   
 import javax.servlet.ServletException;
 29   
 import javax.servlet.ServletRequest;
 30   
 import javax.servlet.ServletResponse;
 31   
 import javax.servlet.http.HttpServletRequest;
 32   
 import javax.servlet.http.HttpSession;
 33   
 
 34   
 import org.apache.jetspeed.Jetspeed;
 35   
 import org.apache.jetspeed.PortalReservedParameters;
 36   
 import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
 37   
 import org.apache.jetspeed.administration.PortalConfiguration;
 38   
 import org.apache.jetspeed.audit.AuditActivity;
 39   
 import org.apache.jetspeed.login.LoginConstants;
 40   
 import org.apache.jetspeed.security.SecurityException;
 41   
 import org.apache.jetspeed.security.SecurityHelper;
 42   
 import org.apache.jetspeed.security.User;
 43   
 import org.apache.jetspeed.security.UserManager;
 44   
 import org.apache.jetspeed.security.UserPrincipal;
 45   
 import org.apache.jetspeed.security.impl.PrincipalsSet;
 46   
 import org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl;
 47   
 
 48  0 
 public class PortalFilter implements Filter
 49   
 {
 50  0 
     protected String guest = "guest";
 51   
 
 52   
     public void init(FilterConfig filterConfig) throws ServletException
 53   
     {
 54  0 
         PortalConfiguration config = Jetspeed.getConfiguration();
 55  0 
         if (config != null)
 56  0 
             guest = config.getString("default.user.principal");
 57  0 
     }
 58   
 
 59   
     public void doFilter(ServletRequest sRequest,
 60   
             ServletResponse sResponse, FilterChain filterChain)
 61   
             throws IOException, ServletException
 62   
     {
 63  0 
         if (sRequest instanceof HttpServletRequest)
 64   
         {
 65  0 
             HttpServletRequest request = (HttpServletRequest)sRequest;
 66  0 
             String username = request.getParameter(LoginConstants.USERNAME);
 67  0 
             String password = request.getParameter(LoginConstants.PASSWORD);
 68  0 
             if (username != null)
 69   
             {
 70  0 
                 UserManager userManager = (UserManager)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
 71  0 
                 AuditActivity audit = (AuditActivity)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.audit.AuditActivity");
 72  0 
                 boolean success = userManager.authenticate(username, password);
 73  0 
                 if (success)
 74   
                 {
 75  0 
                     audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
 76  0 
                     PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
 77   
                         Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
 78  0 
                     if (authenticationConfiguration.isCreateNewSessionOnLogin())
 79   
                     {
 80  0 
                         request.getSession().invalidate();
 81   
                     }
 82  0 
                     Subject subject = null;
 83   
                     try
 84   
                     {
 85   
                         // load the user principals (roles, groups, credentials)
 86  0 
                         User user = userManager.getUser(username);
 87  0 
                         if ( user != null )
 88   
                         {
 89  0 
                             subject = user.getSubject();
 90   
                         }
 91   
                     }
 92  0 
                     catch (SecurityException sex)
 93   
                     {
 94  0 
                     }
 95  0 
                     if (subject == null)
 96   
                     {
 97  0 
                         Set principals = new PrincipalsSet();
 98  0 
                         UserSubjectPrincipalImpl userPrincipal = new UserSubjectPrincipalImpl(username);
 99  0 
                         principals.add(userPrincipal);
 100  0 
                         subject = new Subject(true, principals, class="keyword">new HashSet(), class="keyword">new HashSet());
 101  0 
                         userPrincipal.setSubject(subject);
 102   
                     }
 103  0 
                     Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
 104  0 
                     sRequest = wrapperRequest(request, subject, principal);
 105  0 
                     request.getSession().removeAttribute(LoginConstants.ERRORCODE);
 106  0 
                     HttpSession session = request.getSession(true);
 107  0 
                     session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
 108   
                     //System.out.println("*** login session = " + session);
 109  0 
                 }
 110   
                 else
 111   
                 {
 112  0 
                     audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");
 113  0 
                     request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
 114   
                 }
 115  0 
             }
 116   
             else
 117   
             {
 118   
                 //HttpSession session = request.getSession();
 119   
                 //System.out.println("*** session = " + session);
 120  0 
                 Subject subject = (Subject)request.getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
 121  0 
                 if (subject != null)
 122   
                 {
 123  0 
                     Principal principal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
 124  0 
                     if (principal != null && principal.getName().equals(this.guest))
 125   
                     {
 126   
                     }
 127   
                     else
 128   
                     {
 129  0 
                         sRequest = wrapperRequest(request, subject, principal);
 130   
                     }
 131   
                 }
 132   
             }
 133   
 
 134  0 
             sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE, "true");
 135   
         }
 136   
 
 137  0 
         if (filterChain != null)
 138   
         {
 139  0 
             filterChain.doFilter(sRequest, sResponse);
 140   
         }
 141  0 
     }
 142   
 
 143   
     private ServletRequest wrapperRequest(HttpServletRequest request, Subject subject, Principal principal)
 144   
     {
 145  0 
         PortalRequestWrapper wrapper = new PortalRequestWrapper(request, subject, principal);
 146  0 
         return wrapper;
 147   
     }
 148   
 
 149   
     public void destroy()
 150   
     {
 151  0 
     }
 152   
 }

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.