File Source: MathCommentAuthenticator.java
1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. The ASF licenses this file to You
4 * under the Apache License, Version 2.0 (the "License"); you may not
5 * use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License. For additional information regarding
15 * copyright in this work, please see the NOTICE file in the top level
16 * directory of this distribution.
17 */
18
19 package org.apache.roller.weblogger.ui.rendering.plugins.comments;
20
21 import java.util.ResourceBundle;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpSession;
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26
27
28 /**
29 * Asks the commenter to answer a simple math question.
30 */
/*
P/P * Method: void org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator()
*
* Postconditions:
* init'ed(this.bundle)
*/
31 public class MathCommentAuthenticator implements CommentAuthenticator {
32
33 private transient ResourceBundle bundle =
34 ResourceBundle.getBundle("ApplicationResources");
35
/*
P/P * Method: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init
*
* Postconditions:
* init'ed(mLogger)
*/
36 private static Log mLogger = LogFactory.getLog(MathCommentAuthenticator.class);
37
38
39 public String getHtml(HttpServletRequest request) {
40
/*
P/P * Method: String getHtml(HttpServletRequest)
*
* Preconditions:
* request != null
* this.bundle != null
*
* Presumptions:
* (int) (java.lang.Math:random(...)@46*10) in -231..232-1
* (int) (java.lang.Math:random(...)@46*10) + (int) (java.lang.Math:random(...)@47*100) in -231..232-1
* (int) (java.lang.Math:random(...)@47*100) in -231..232-1
* javax.servlet.http.HttpServletRequest:getSession(...)@43 != null
* javax.servlet.http.HttpServletRequest:getSession(...)@59 != null
* ...
*
* Postconditions:
* init'ed(java.lang.StringBuffer:toString(...)._tainted)
* return_value == &java.lang.StringBuffer:toString(...)
*
* Test Vectors:
* javax.servlet.http.HttpSession:getAttribute(...)@44: Inverse{null}, Addr_Set{null}
*/
41 String answer = "";
42
43 HttpSession session = request.getSession(true);
44 if (session.getAttribute("mathAnswer") == null) {
45 // starting a new test
46 int value1 = (int)(Math.random()*10.0);
47 int value2 = (int)(Math.random()*100.0);
48 int sum = value1 + value2;
49 session.setAttribute("mathValue1", new Integer(value1));
50 session.setAttribute("mathValue2", new Integer(value2));
51 session.setAttribute("mathAnswer", new Integer(sum));
52 } else {
53 // preserve user's answer
54 answer = request.getParameter("answer");
55 answer = (answer == null) ? "" : answer;
56 }
57
58 // pull existing values out of session
59 Integer value1o = (Integer)request.getSession().getAttribute("mathValue1");
60 Integer value2o = (Integer)request.getSession().getAttribute("mathValue2");
61
62 StringBuffer sb = new StringBuffer();
63
64 sb.append("<p>");
65 sb.append(bundle.getString("comments.mathAuthenticatorQuestion"));
66 sb.append("</p><p>");
67 sb.append(value1o);
68 sb.append(" + ");
69 sb.append(value2o);
70 sb.append(" = ");
71 sb.append("<input name=\"answer\" value=\"");
72 sb.append(answer);
73 sb.append("\" /></p>");
74
75 return sb.toString();
76 }
77
78
79 public boolean authenticate(HttpServletRequest request) {
80
/*
P/P * Method: bool authenticate(HttpServletRequest)
*
* Preconditions:
* request != null
* (soft) mLogger != null
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* javax.servlet.http.HttpServletRequest:getParameter(...)@84: Addr_Set{null}, Inverse{null}
* javax.servlet.http.HttpServletRequest:getSession(...)@83: Addr_Set{null}, Inverse{null}
* javax.servlet.http.HttpSession:getAttribute(...)@89: Addr_Set{null}, Inverse{null}
*/
81 boolean authentic = false;
82
83 HttpSession session = request.getSession(false);
84 String answerString = request.getParameter("answer");
85
86 if (answerString != null && session != null) {
87 try {
88 int answer = Integer.parseInt(answerString);
89 Integer sum = (Integer) session.getAttribute("mathAnswer");
90
91 if (sum != null && answer == sum.intValue()) {
92 authentic = true;
93 session.removeAttribute("mathAnswer");
94 session.removeAttribute("mathValue1");
95 session.removeAttribute("mathValue2");
96 }
97 } catch (NumberFormatException ignored) {
98 // ignored ... someone is just really bad at math
99 } catch (Exception e) {
100 // unexpected
101 mLogger.error(e);
102 }
103 }
104
105 return authentic;
106 }
107
108 }
109
SofCheck Inspector Build Version : 2.18479
| MathCommentAuthenticator.java |
2009-Jan-02 14:25:30 |
| MathCommentAuthenticator.class |
2009-Sep-04 03:12:45 |