| Line | Hits | Source |
|---|---|---|
| 1 | /* | |
| 2 | Chrysalis Web Framework [http://chrysalis.sourceforge.net] | |
| 3 | Copyright (c) 2002, 2003, 2004, Paul Strack | |
| 4 | ||
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without | |
| 8 | modification, are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | 1. Redistributions of source code must retain the above copyright notice, this | |
| 11 | list of conditions and the following disclaimer. | |
| 12 | ||
| 13 | 2. Redistributions in binary form must reproduce the above copyright notice, | |
| 14 | this list of conditions and the following disclaimer in the documentation | |
| 15 | and/or other materials provided with the distribution. | |
| 16 | ||
| 17 | 3. Neither the name of the copyright holder nor the names of its contributors | |
| 18 | may be used to endorse or promote products derived from this software without | |
| 19 | specific prior written permission. | |
| 20 | ||
| 21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 22 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 23 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 24 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR | |
| 25 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 26 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
| 28 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 29 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 30 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 31 | */ | |
| 32 | ||
| 33 | package org.chwf.plugin.defaults; | |
| 34 | ||
| 35 | import javax.servlet.http.HttpServletRequest; | |
| 36 | ||
| 37 | import org.chwf.plugin.AuthenticationException; | |
| 38 | import org.chwf.plugin.User; | |
| 39 | import org.chwf.servlet.ServletData; | |
| 40 | ||
| 41 | /** | |
| 42 | * A default user plugin implementation that uses the Servlet API to retrieve | |
| 43 | * user data. It assumes that the J2EE Web Authentication mechanism is used | |
| 44 | * to log the user in. | |
| 45 | * | |
| 46 | * @author <a href="mailto:pfstrack@users.sourceforge.net">Paul Strack</a> | |
| 47 | */ | |
| 48 | 14 | public class DefaultUser extends User { |
| 49 | ||
| 50 | /** Message key. */ | |
| 51 | private static final String MESSAGE_USER_NOT_IN_ROLE = | |
| 52 | "USER_NOT_IN_ROLE"; | |
| 53 | ||
| 54 | /** | |
| 55 | * Retrieve the user ID (if available) used to log in this user. Delegates | |
| 56 | * to the <code>request.getRemoteUser()</code> method.<p> | |
| 57 | * | |
| 58 | * @return User id or <code>null</code> if not logged in. | |
| 59 | */ | |
| 60 | public String getUserID() { | |
| 61 | 1 | return getRequest().getRemoteUser(); |
| 62 | } | |
| 63 | ||
| 64 | /** | |
| 65 | * True if the user is in the specified role. Delegates to the | |
| 66 | * <code>request.isUserInRole()</code> method.<p> | |
| 67 | * | |
| 68 | * @param role The role. | |
| 69 | * @return True if the user is in the specified role. | |
| 70 | */ | |
| 71 | public boolean isInRole(String role) { | |
| 72 | 4 | return getRequest().isUserInRole(role); |
| 73 | } | |
| 74 | ||
| 75 | /** | |
| 76 | * True if the user has logged in. Checks to see if the | |
| 77 | * <code>request.getAuthType()</code> method is <code>null</code>.<p> | |
| 78 | * | |
| 79 | * @return True if the user has logged in. | |
| 80 | */ | |
| 81 | public boolean isAuthenticated() { | |
| 82 | 5 | return (getRequest().getAuthType() != null); |
| 83 | } | |
| 84 | ||
| 85 | /** | |
| 86 | * A string name for the authentication mechanism. Delegates to the | |
| 87 | * <code>request.getAuthType()</code> method.<p> | |
| 88 | * | |
| 89 | * @return The authentication mechanism or <code>null</code> if not logged in. | |
| 90 | */ | |
| 91 | public String getAuthType() { | |
| 92 | 1 | return getRequest().getAuthType(); |
| 93 | } | |
| 94 | ||
| 95 | /** | |
| 96 | * Log the user out. This method invalidates the user's session.<p> | |
| 97 | */ | |
| 98 | public void logout() { | |
| 99 | 1 | ServletData.getSession().invalidate(); |
| 100 | 1 | } |
| 101 | ||
| 102 | /** | |
| 103 | * The current request. | |
| 104 | * | |
| 105 | * @return The current request. | |
| 106 | */ | |
| 107 | private HttpServletRequest getRequest() { | |
| 108 | 11 | return ServletData.getRequest(); |
| 109 | } | |
| 110 | ||
| 111 | /** | |
| 112 | * <p>Method called for security check failure. This method should either | |
| 113 | * return the URL of a redirect page (e.g. to login the user) or throw | |
| 114 | * a {@link SecurityException}.</p> | |
| 115 | * | |
| 116 | * @param roles The expected security roles. | |
| 117 | * @throws AuthenticationException With error message for security failure. | |
| 118 | */ | |
| 119 | public void check(String[] roles) throws AuthenticationException { | |
| 120 | 8 | for (int i = 0; i < roles.length; i++) { |
| 121 | 6 | String role = roles[i]; |
| 122 | 6 | if (role.endsWith(AUTHENTICATED)) { |
| 123 | 3 | if (isAuthenticated()) { |
| 124 | 2 | return; |
| 125 | } | |
| 126 | } else { | |
| 127 | 3 | if (isInRole(role)) { |
| 128 | 1 | return; |
| 129 | } | |
| 130 | } | |
| 131 | } | |
| 132 | 2 | throw new AuthenticationException(MESSAGE_USER_NOT_IN_ROLE); |
| 133 | } | |
| 134 | } |
|
this report was generated by version 1.0.5 of jcoverage. |
copyright © 2003, jcoverage ltd. all rights reserved. |