unit tests coverage

Coverage report

%line %branch

org.apache.jetspeed.security.impl.SecurityValveImpl
0%

0%

1
/*

2
* Licensed to the Apache Software Foundation (ASF) under one or more

3
* contributor license agreements. See the NOTICE file distributed with

4
* this work for additional information regarding copyright ownership.

5
* The ASF licenses this file to You under the Apache License, Version 2.0

6
* (the "License"); you may not use this file except in compliance with

7
* the License. You may obtain a copy of the License at

8
*

9
* http://www.apache.org/licenses/LICENSE-2.0

10
*

11
* Unless required by applicable law or agreed to in writing, software

12
* distributed under the License is distributed on an "AS IS" BASIS,

13
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

14
* See the License for the specific language governing permissions and

15
* limitations under the License.

16
*/

17
package org.apache.jetspeed.security.impl;

18

19
import java.security.Principal;

20
import java.util.HashSet;

21
import java.util.Set;

22

23
import javax.security.auth.Subject;

24

25
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;

26
import org.apache.jetspeed.pipeline.valve.SecurityValve;

27
import org.apache.jetspeed.profiler.Profiler;

28
import org.apache.jetspeed.request.RequestContext;

29
import org.apache.jetspeed.security.SecurityException;

30
import org.apache.jetspeed.security.SecurityHelper;

31
import org.apache.jetspeed.security.User;

32
import org.apache.jetspeed.security.UserManager;

33
import org.apache.jetspeed.security.UserPrincipal;

34
import org.apache.jetspeed.statistics.PortalStatistics;

35

36
/**

37
* SecurityValve

38
*

39
* @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>

40
* @author <a href="mailto:rwatler@finali.com">Randy Walter </a>

41
* @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>

42
* @version $Id: SecurityValveImpl.java 544250 2007-06-04 20:30:43Z taylor $

43
*/

44
public class SecurityValveImpl extends AbstractSecurityValve implements SecurityValve

45
{

46
private UserManager userMgr;

47
private PortalStatistics statistics;

48

49
public SecurityValveImpl(Profiler profiler, UserManager userMgr, PortalStatistics statistics,

50
PortalAuthenticationConfiguration authenticationConfiguration)

51 0
{

52 0
this.userMgr = userMgr;

53 0
this.statistics = statistics;

54 0
this.authenticationConfiguration = authenticationConfiguration;

55 0
}

56

57
public SecurityValveImpl( Profiler profiler, UserManager userMgr, PortalStatistics statistics )

58 0
{

59 0
this.userMgr = userMgr;

60 0
this.statistics = statistics;

61 0
}

62

63
public SecurityValveImpl(Profiler profiler, UserManager userMgr)

64 0
{

65 0
this.userMgr = userMgr;

66 0
this.statistics = null;

67 0
}

68

69
public String toString()

70
{

71 0
return "SecurityValve";

72
}

73

74
/**

75
*

76
* <p>

77
* getSubject

78
* </p>

79
* Check for previously established session subject and

80
* invalidate if subject and current user principals do

81
* not match

82
* @param request

83
* @return

84
* @throws Exception

85
*/

86
protected final Subject getSubject(RequestContext request) throws Exception

87
{

88 0
Principal userPrincipal = getUserPrincipal(request);

89

90 0
Subject subject = getSubjectFromSession(request);

91 0
if (subject != null)

92
{

93 0
Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);

94 0
if ((subjectUserPrincipal == null) || !subjectUserPrincipal.getName().equals(getUserPrincipal(request).getName()))

95
{

96 0
subject = null;

97
}

98
}

99

100
// create new session subject for user principal if required

101 0
if (subject == null)

102
{

103
// attempt to get complete subject for user principal

104
// from user manager

105
try

106
{

107 0
User user = userMgr.getUser(userPrincipal.getName());

108 0
if ( user != null )

109
{

110 0
subject = user.getSubject();

111
}

112
}

113 0
catch (SecurityException sex)

114
{

115 0
subject = null;

116 0
}

117

118
// if subject not available, generate default subject using

119
// request or default profiler anonymous user principal

120 0
if (subject == null)

121
{

122 0
Set principals = new HashSet();

123 0
principals.add(userPrincipal);

124 0
subject = new Subject(true, principals, class="keyword">new HashSet(), class="keyword">new HashSet());

125
}

126

127
// create a new statistics *user* session

128 0
if (statistics != null)

129
{

130 0
statistics.logUserLogin(request, 0);

131
}

132
// put IP address in session for logout

133 0
request.setSessionAttribute(IP_ADDRESS, request.getRequest().getRemoteAddr());

134
}

135 0
return subject;

136
}

137

138
/**

139
*

140
* <p>

141
* getUserPrincipal

142
* </p>

143
* Aaccess request user principal if defined or default

144
* to profiler anonymous user

145
* @param request

146
* @return

147
*/

148
protected Principal getUserPrincipal(RequestContext request) throws Exception

149
{

150 0
Principal userPrincipal = request.getRequest().getUserPrincipal();

151 0
if (userPrincipal == null)

152
{

153 0
userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser());

154
}

155 0
return userPrincipal;

156
}

157

158
}

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one or more
3		* contributor license agreements. See the NOTICE file distributed with
4		* this work for additional information regarding copyright ownership.
5		* The ASF licenses this file to You under the Apache License, Version 2.0
6		* (the "License"); you may not use this file except in compliance with
7		* the License. You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.apache.jetspeed.security.impl;
18
19		import java.security.Principal;
20		import java.util.HashSet;
21		import java.util.Set;
22
23		import javax.security.auth.Subject;
24
25		import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
26		import org.apache.jetspeed.pipeline.valve.SecurityValve;
27		import org.apache.jetspeed.profiler.Profiler;
28		import org.apache.jetspeed.request.RequestContext;
29		import org.apache.jetspeed.security.SecurityException;
30		import org.apache.jetspeed.security.SecurityHelper;
31		import org.apache.jetspeed.security.User;
32		import org.apache.jetspeed.security.UserManager;
33		import org.apache.jetspeed.security.UserPrincipal;
34		import org.apache.jetspeed.statistics.PortalStatistics;
35
36		/**
37		* SecurityValve
38		*
39		* @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
40		* @author <a href="mailto:rwatler@finali.com">Randy Walter </a>
41		* @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
42		* @version $Id: SecurityValveImpl.java 544250 2007-06-04 20:30:43Z taylor $
43		*/
44		public class SecurityValveImpl extends AbstractSecurityValve implements SecurityValve
45		{
46		private UserManager userMgr;
47		private PortalStatistics statistics;
48
49		public SecurityValveImpl(Profiler profiler, UserManager userMgr, PortalStatistics statistics,
50		PortalAuthenticationConfiguration authenticationConfiguration)
51	0	{
52	0	this.userMgr = userMgr;
53	0	this.statistics = statistics;
54	0	this.authenticationConfiguration = authenticationConfiguration;
55	0	}
56
57		public SecurityValveImpl( Profiler profiler, UserManager userMgr, PortalStatistics statistics )
58	0	{
59	0	this.userMgr = userMgr;
60	0	this.statistics = statistics;
61	0	}
62
63		public SecurityValveImpl(Profiler profiler, UserManager userMgr)
64	0	{
65	0	this.userMgr = userMgr;
66	0	this.statistics = null;
67	0	}
68
69		public String toString()
70		{
71	0	return "SecurityValve";
72		}
73
74		/**
75		*
76		* <p>
77		* getSubject
78		* </p>
79		* Check for previously established session subject and
80		* invalidate if subject and current user principals do
81		* not match
82		* @param request
83		* @return
84		* @throws Exception
85		*/
86		protected final Subject getSubject(RequestContext request) throws Exception
87		{
88	0	Principal userPrincipal = getUserPrincipal(request);
89
90	0	Subject subject = getSubjectFromSession(request);
91	0	if (subject != null)
92		{
93	0	Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
94	0	if ((subjectUserPrincipal == null) \|\| !subjectUserPrincipal.getName().equals(getUserPrincipal(request).getName()))
95		{
96	0	subject = null;
97		}
98		}
99
100		// create new session subject for user principal if required
101	0	if (subject == null)
102		{
103		// attempt to get complete subject for user principal
104		// from user manager
105		try
106		{
107	0	User user = userMgr.getUser(userPrincipal.getName());
108	0	if ( user != null )
109		{
110	0	subject = user.getSubject();
111		}
112		}
113	0	catch (SecurityException sex)
114		{
115	0	subject = null;
116	0	}
117
118		// if subject not available, generate default subject using
119		// request or default profiler anonymous user principal
120	0	if (subject == null)
121		{
122	0	Set principals = new HashSet();
123	0	principals.add(userPrincipal);
124	0	subject = new Subject(true, principals, class="keyword">new HashSet(), class="keyword">new HashSet());
125		}
126
127		// create a new statistics user session
128	0	if (statistics != null)
129		{
130	0	statistics.logUserLogin(request, 0);
131		}
132		// put IP address in session for logout
133	0	request.setSessionAttribute(IP_ADDRESS, request.getRequest().getRemoteAddr());
134		}
135	0	return subject;
136		}
137
138		/**
139		*
140		* <p>
141		* getUserPrincipal
142		* </p>
143		* Aaccess request user principal if defined or default
144		* to profiler anonymous user
145		* @param request
146		* @return
147		*/
148		protected Principal getUserPrincipal(RequestContext request) throws Exception
149		{
150	0	Principal userPrincipal = request.getRequest().getUserPrincipal();
151	0	if (userPrincipal == null)
152		{
153	0	userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser());
154		}
155	0	return userPrincipal;
156		}
157
158		}