Coverage Report

Coverage Report - org.apache.shiro.web.servlet.ShiroHttpServletRequest

Classes in this File

Line Coverage

Branch Coverage

Complexity

ShiroHttpServletRequest

5/79

0/56

2.429

ShiroHttpServletRequest$ObjectPrincipal

0/12

0/2

2.429

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.web.servlet;
 
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.subject.support.DisabledSessionException;
 import org.apache.shiro.web.util.WebUtils;
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpSession;
 import java.security.Principal;
 
 
 /**
  * A {@code ShiroHttpServletRequest} wraps the Servlet container's original {@code ServletRequest} instance, but ensures
  * that all {@link HttpServletRequest} invocations that require Shiro's support ({@link #getRemoteUser getRemoteUser},
  * {@link #getSession getSession}, etc) can be executed first by Shiro as necessary before allowing the underlying
  * Servlet container instance's method to be invoked.
  *
  * @since 0.2
  */
 public class ShiroHttpServletRequest extends HttpServletRequestWrapper {
 
     //TODO - complete JavaDoc
 
     //The following 7 constants support the Shiro's implementation of the Servlet Specification
     public static final String COOKIE_SESSION_ID_SOURCE = "cookie";
     public static final String URL_SESSION_ID_SOURCE = "url";
     public static final String REFERENCED_SESSION_ID = ShiroHttpServletRequest.class.getName() + "_REQUESTED_SESSION_ID";
     public static final String REFERENCED_SESSION_ID_IS_VALID = ShiroHttpServletRequest.class.getName() + "_REQUESTED_SESSION_ID_VALID";
     public static final String REFERENCED_SESSION_IS_NEW = ShiroHttpServletRequest.class.getName() + "_REFERENCED_SESSION_IS_NEW";
     public static final String REFERENCED_SESSION_ID_SOURCE = ShiroHttpServletRequest.class.getName() + "REFERENCED_SESSION_ID_SOURCE";
     public static final String IDENTITY_REMOVED_KEY = ShiroHttpServletRequest.class.getName() + "_IDENTITY_REMOVED_KEY";
 
     protected ServletContext servletContext = null;
 
     protected HttpSession session = null;
     protected boolean httpSessions = true;
 
     public ShiroHttpServletRequest(HttpServletRequest wrapped, ServletContext servletContext, boolean httpSessions) {
         super(wrapped);
         this.servletContext = servletContext;
         this.httpSessions = httpSessions;
     }
 
     public boolean isHttpSessions() {
         return httpSessions;
     }
 
     public String getRemoteUser() {
         String remoteUser;
         Object scPrincipal = getSubjectPrincipal();
         if (scPrincipal != null) {
             if (scPrincipal instanceof String) {
                 return (String) scPrincipal;
             } else if (scPrincipal instanceof Principal) {
                 remoteUser = ((Principal) scPrincipal).getName();
             } else {
                 remoteUser = scPrincipal.toString();
             }
         } else {
             remoteUser = super.getRemoteUser();
         }
         return remoteUser;
     }
 
     protected Subject getSubject() {
         return SecurityUtils.getSubject();
     }
 
     protected Object getSubjectPrincipal() {
         Object userPrincipal = null;
         Subject subject = getSubject();
         if (subject != null) {
             userPrincipal = subject.getPrincipal();
         }
         return userPrincipal;
     }
 
     public boolean isUserInRole(String s) {
         Subject subject = getSubject();
         boolean inRole = (subject != null && subject.hasRole(s));
         if (!inRole) {
             inRole = super.isUserInRole(s);
         }
         return inRole;
     }
 
     public Principal getUserPrincipal() {
         Principal userPrincipal;
         Object scPrincipal = getSubjectPrincipal();
         if (scPrincipal != null) {
             if (scPrincipal instanceof Principal) {
                 userPrincipal = (Principal) scPrincipal;
             } else {
                 userPrincipal = new ObjectPrincipal(scPrincipal);
             }
         } else {
             userPrincipal = super.getUserPrincipal();
         }
         return userPrincipal;
     }
 
     public String getRequestedSessionId() {
         String requestedSessionId = null;
         if (isHttpSessions()) {
             requestedSessionId = super.getRequestedSessionId();
         } else {
             Object sessionId = getAttribute(REFERENCED_SESSION_ID);
             if (sessionId != null) {
                 requestedSessionId = sessionId.toString();
             }
         }
 
         return requestedSessionId;
     }
 
     public HttpSession getSession(boolean create) {
 
         HttpSession httpSession;
 
         if (isHttpSessions()) {
             httpSession = super.getSession(false);
             if (httpSession == null && create) {
                 //Shiro 1.2: assert that creation is enabled (SHIRO-266):
                 if (WebUtils._isSessionCreationEnabled(this)) {
                     httpSession = super.getSession(create);
                 } else {
                     throw newNoSessionCreationException();
                 }
             }
         } else {
             if (this.session == null) {
 
                 boolean existing = getSubject().getSession(false) != null;
 
                 Session shiroSession = getSubject().getSession(create);
                 if (shiroSession != null) {
                     this.session = new ShiroHttpSession(shiroSession, this, this.servletContext);
                     if (!existing) {
                         setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
                     }
                 }
             }
             httpSession = this.session;
         }
 
         return httpSession;
     }
 
     /**
      * Constructs and returns a {@link DisabledSessionException} with an appropriate message explaining why
      * session creation has been disabled.
      *
      * @return a new DisabledSessionException with appropriate no creation message
      * @since 1.2
      */
     private DisabledSessionException newNoSessionCreationException() {
         String msg = "Session creation has been disabled for the current request.  This exception indicates " +
                 "that there is either a programming error (using a session when it should never be " +
                 "used) or that Shiro's configuration needs to be adjusted to allow Sessions to be created " +
                 "for the current request.  See the " + DisabledSessionException.class.getName() + " JavaDoc " +
                 "for more.";
         return new DisabledSessionException(msg);
     }
 
     public HttpSession getSession() {
         return getSession(true);
     }
 
     public boolean isRequestedSessionIdValid() {
         if (isHttpSessions()) {
             return super.isRequestedSessionIdValid();
         } else {
             Boolean value = (Boolean) getAttribute(REFERENCED_SESSION_ID_IS_VALID);
             return (value != null && value.equals(Boolean.TRUE));
         }
     }
 
     public boolean isRequestedSessionIdFromCookie() {
         if (isHttpSessions()) {
             return super.isRequestedSessionIdFromCookie();
         } else {
             String value = (String) getAttribute(REFERENCED_SESSION_ID_SOURCE);
             return value != null && value.equals(COOKIE_SESSION_ID_SOURCE);
         }
     }
 
     public boolean isRequestedSessionIdFromURL() {
         if (isHttpSessions()) {
             return super.isRequestedSessionIdFromURL();
         } else {
             String value = (String) getAttribute(REFERENCED_SESSION_ID_SOURCE);
             return value != null && value.equals(URL_SESSION_ID_SOURCE);
         }
     }
 
     public boolean isRequestedSessionIdFromUrl() {
         return isRequestedSessionIdFromURL();
     }
 
     private class ObjectPrincipal implements java.security.Principal {
         private Object object = null;
 
         public ObjectPrincipal(Object object) {
             this.object = object;
         }
 
         public Object getObject() {
             return object;
         }
 
         public String getName() {
             return getObject().toString();
         }
 
         public int hashCode() {
             return object.hashCode();
         }
 
         public boolean equals(Object o) {
             if (o instanceof ObjectPrincipal) {
                 ObjectPrincipal op = (ObjectPrincipal) o;
                 return getObject().equals(op.getObject());
             }
             return false;
         }
 
         public String toString() {
             return object.toString();
         }
     }
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.web.servlet;
20
21		import org.apache.shiro.SecurityUtils;
22		import org.apache.shiro.session.Session;
23		import org.apache.shiro.subject.Subject;
24		import org.apache.shiro.subject.support.DisabledSessionException;
25		import org.apache.shiro.web.util.WebUtils;
26
27		import javax.servlet.ServletContext;
28		import javax.servlet.http.HttpServletRequest;
29		import javax.servlet.http.HttpServletRequestWrapper;
30		import javax.servlet.http.HttpSession;
31		import java.security.Principal;
32
33
34		/**
35		* A {@code ShiroHttpServletRequest} wraps the Servlet container's original {@code ServletRequest} instance, but ensures
36		* that all {@link HttpServletRequest} invocations that require Shiro's support ({@link #getRemoteUser getRemoteUser},
37		* {@link #getSession getSession}, etc) can be executed first by Shiro as necessary before allowing the underlying
38		* Servlet container instance's method to be invoked.
39		*
40		* @since 0.2
41		*/
42		public class ShiroHttpServletRequest extends HttpServletRequestWrapper {
43
44		//TODO - complete JavaDoc
45
46		//The following 7 constants support the Shiro's implementation of the Servlet Specification
47		public static final String COOKIE_SESSION_ID_SOURCE = "cookie";
48		public static final String URL_SESSION_ID_SOURCE = "url";
49	2	public static final String REFERENCED_SESSION_ID = ShiroHttpServletRequest.class.getName() + "_REQUESTED_SESSION_ID";
50	2	public static final String REFERENCED_SESSION_ID_IS_VALID = ShiroHttpServletRequest.class.getName() + "_REQUESTED_SESSION_ID_VALID";
51	2	public static final String REFERENCED_SESSION_IS_NEW = ShiroHttpServletRequest.class.getName() + "_REFERENCED_SESSION_IS_NEW";
52	2	public static final String REFERENCED_SESSION_ID_SOURCE = ShiroHttpServletRequest.class.getName() + "REFERENCED_SESSION_ID_SOURCE";
53	2	public static final String IDENTITY_REMOVED_KEY = ShiroHttpServletRequest.class.getName() + "_IDENTITY_REMOVED_KEY";
54
55	0	protected ServletContext servletContext = null;
56
57	0	protected HttpSession session = null;
58	0	protected boolean httpSessions = true;
59
60		public ShiroHttpServletRequest(HttpServletRequest wrapped, ServletContext servletContext, boolean httpSessions) {
61	0	super(wrapped);
62	0	this.servletContext = servletContext;
63	0	this.httpSessions = httpSessions;
64	0	}
65
66		public boolean isHttpSessions() {
67	0	return httpSessions;
68		}
69
70		public String getRemoteUser() {
71		String remoteUser;
72	0	Object scPrincipal = getSubjectPrincipal();
73	0	if (scPrincipal != null) {
74	0	if (scPrincipal instanceof String) {
75	0	return (String) scPrincipal;
76	0	} else if (scPrincipal instanceof Principal) {
77	0	remoteUser = ((Principal) scPrincipal).getName();
78		} else {
79	0	remoteUser = scPrincipal.toString();
80		}
81		} else {
82	0	remoteUser = super.getRemoteUser();
83		}
84	0	return remoteUser;
85		}
86
87		protected Subject getSubject() {
88	0	return SecurityUtils.getSubject();
89		}
90
91		protected Object getSubjectPrincipal() {
92	0	Object userPrincipal = null;
93	0	Subject subject = getSubject();
94	0	if (subject != null) {
95	0	userPrincipal = subject.getPrincipal();
96		}
97	0	return userPrincipal;
98		}
99
100		public boolean isUserInRole(String s) {
101	0	Subject subject = getSubject();
102	0	boolean inRole = (subject != null && subject.hasRole(s));
103	0	if (!inRole) {
104	0	inRole = super.isUserInRole(s);
105		}
106	0	return inRole;
107		}
108
109		public Principal getUserPrincipal() {
110		Principal userPrincipal;
111	0	Object scPrincipal = getSubjectPrincipal();
112	0	if (scPrincipal != null) {
113	0	if (scPrincipal instanceof Principal) {
114	0	userPrincipal = (Principal) scPrincipal;
115		} else {
116	0	userPrincipal = new ObjectPrincipal(scPrincipal);
117		}
118		} else {
119	0	userPrincipal = super.getUserPrincipal();
120		}
121	0	return userPrincipal;
122		}
123
124		public String getRequestedSessionId() {
125	0	String requestedSessionId = null;
126	0	if (isHttpSessions()) {
127	0	requestedSessionId = super.getRequestedSessionId();
128		} else {
129	0	Object sessionId = getAttribute(REFERENCED_SESSION_ID);
130	0	if (sessionId != null) {
131	0	requestedSessionId = sessionId.toString();
132		}
133		}
134
135	0	return requestedSessionId;
136		}
137
138		public HttpSession getSession(boolean create) {
139
140		HttpSession httpSession;
141
142	0	if (isHttpSessions()) {
143	0	httpSession = super.getSession(false);
144	0	if (httpSession == null && create) {
145		//Shiro 1.2: assert that creation is enabled (SHIRO-266):
146	0	if (WebUtils._isSessionCreationEnabled(this)) {
147	0	httpSession = super.getSession(create);
148		} else {
149	0	throw newNoSessionCreationException();
150		}
151		}
152		} else {
153	0	if (this.session == null) {
154
155	0	boolean existing = getSubject().getSession(false) != null;
156
157	0	Session shiroSession = getSubject().getSession(create);
158	0	if (shiroSession != null) {
159	0	this.session = new ShiroHttpSession(shiroSession, this, this.servletContext);
160	0	if (!existing) {
161	0	setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
162		}
163		}
164		}
165	0	httpSession = this.session;
166		}
167
168	0	return httpSession;
169		}
170
171		/**
172		* Constructs and returns a {@link DisabledSessionException} with an appropriate message explaining why
173		* session creation has been disabled.
174		*
175		* @return a new DisabledSessionException with appropriate no creation message
176		* @since 1.2
177		*/
178		private DisabledSessionException newNoSessionCreationException() {
179	0	String msg = "Session creation has been disabled for the current request. This exception indicates " +
180		"that there is either a programming error (using a session when it should never be " +
181		"used) or that Shiro's configuration needs to be adjusted to allow Sessions to be created " +
182	0	"for the current request. See the " + DisabledSessionException.class.getName() + " JavaDoc " +
183		"for more.";
184	0	return new DisabledSessionException(msg);
185		}
186
187		public HttpSession getSession() {
188	0	return getSession(true);
189		}
190
191		public boolean isRequestedSessionIdValid() {
192	0	if (isHttpSessions()) {
193	0	return super.isRequestedSessionIdValid();
194		} else {
195	0	Boolean value = (Boolean) getAttribute(REFERENCED_SESSION_ID_IS_VALID);
196	0	return (value != null && value.equals(Boolean.TRUE));
197		}
198		}
199
200		public boolean isRequestedSessionIdFromCookie() {
201	0	if (isHttpSessions()) {
202	0	return super.isRequestedSessionIdFromCookie();
203		} else {
204	0	String value = (String) getAttribute(REFERENCED_SESSION_ID_SOURCE);
205	0	return value != null && value.equals(COOKIE_SESSION_ID_SOURCE);
206		}
207		}
208
209		public boolean isRequestedSessionIdFromURL() {
210	0	if (isHttpSessions()) {
211	0	return super.isRequestedSessionIdFromURL();
212		} else {
213	0	String value = (String) getAttribute(REFERENCED_SESSION_ID_SOURCE);
214	0	return value != null && value.equals(URL_SESSION_ID_SOURCE);
215		}
216		}
217
218		public boolean isRequestedSessionIdFromUrl() {
219	0	return isRequestedSessionIdFromURL();
220		}
221
222		private class ObjectPrincipal implements java.security.Principal {
223	0	private Object object = null;
224
225	0	public ObjectPrincipal(Object object) {
226	0	this.object = object;
227	0	}
228
229		public Object getObject() {
230	0	return object;
231		}
232
233		public String getName() {
234	0	return getObject().toString();
235		}
236
237		public int hashCode() {
238	0	return object.hashCode();
239		}
240
241		public boolean equals(Object o) {
242	0	if (o instanceof ObjectPrincipal) {
243	0	ObjectPrincipal op = (ObjectPrincipal) o;
244	0	return getObject().equals(op.getObject());
245		}
246	0	return false;
247		}
248
249		public String toString() {
250	0	return object.toString();
251		}
252		}
253		}