//# 2 errors, 226 messages
//#
/*
    //#RollerSession.java:1:1: class: org.apache.roller.weblogger.ui.core.RollerSession
 * Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  The ASF licenses this file to You
 * under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.  For additional information regarding
 * copyright in this work, please see the NOTICE file in the top level
 * directory of this distribution.
 */

package org.apache.roller.weblogger.ui.core;

import java.io.Serializable;
import java.security.Principal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionActivationListener;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.business.UserManager;
import org.apache.roller.weblogger.pojos.User;
import org.apache.roller.weblogger.ui.core.security.AutoProvision;


/**
 * Roller session handles session startup and shutdown.
 *
 * @web.listener
 */
public class RollerSession 
    //#RollerSession.java:44: method: void org.apache.roller.weblogger.ui.core.RollerSession.org.apache.roller.weblogger.ui.core.RollerSession()
    //#input(void org.apache.roller.weblogger.ui.core.RollerSession()): this
    //#output(void org.apache.roller.weblogger.ui.core.RollerSession()): this.userId
    //#post(void org.apache.roller.weblogger.ui.core.RollerSession()): this.userId == null
        implements HttpSessionListener, HttpSessionActivationListener, Serializable {
    
    static final long serialVersionUID = 5890132909166913727L;
    
    // the id of the user represented by this session
    private String userId = null;
    //#RollerSession.java:50: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.org.apache.roller.weblogger.ui.core.RollerSession()
    
    private static Log log = LogFactory.getLog(RollerSession.class);
    //#RollerSession.java:52: method: org.apache.roller.weblogger.ui.core.RollerSession.org.apache.roller.weblogger.ui.core.RollerSession__static_init
    //#RollerSession.java:52: Warning: method not available
    //#    -- call on Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: org.apache.roller.weblogger.ui.core.RollerSession__static_init
    //#    unanalyzed callee: Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Descendant_Table[org/apache/roller/weblogger/ui/core/RollerSession]
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.clearSession(Ljavax/servlet/http/HttpSessionEvent;)V
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.getAuthenticatedUser()Lorg/apache/roller/weblogger/pojos/User;
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionCreated(Ljavax/servlet/http/HttpSessionEvent;)V
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionDestroyed(Ljavax/servlet/http/HttpSessionEvent;)V
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionDidActivate(Ljavax/servlet/http/HttpSessionEvent;)V
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionWillPassivate(Ljavax/servlet/http/HttpSessionEvent;)V
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.setAuthenticatedUser(Lorg/apache/roller/weblogger/pojos/User;)V
    //#output(org.apache.roller.weblogger.ui.core.RollerSession__static_init): log
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Descendant_Table[org/apache/roller/weblogger/ui/core/RollerSession] == &__Dispatch_Table
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.clearSession(Ljavax/servlet/http/HttpSessionEvent;)V == &clearSession
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.getAuthenticatedUser()Lorg/apache/roller/weblogger/pojos/User; == &getAuthenticatedUser
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionCreated(Ljavax/servlet/http/HttpSessionEvent;)V == &sessionCreated
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionDestroyed(Ljavax/servlet/http/HttpSessionEvent;)V == &sessionDestroyed
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionDidActivate(Ljavax/servlet/http/HttpSessionEvent;)V == &sessionDidActivate
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.sessionWillPassivate(Ljavax/servlet/http/HttpSessionEvent;)V == &sessionWillPassivate
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): __Dispatch_Table.setAuthenticatedUser(Lorg/apache/roller/weblogger/pojos/User;)V == &setAuthenticatedUser
    //#post(org.apache.roller.weblogger.ui.core.RollerSession__static_init): init'ed(log)
    //#RollerSession.java:52: end of method: org.apache.roller.weblogger.ui.core.RollerSession.org.apache.roller.weblogger.ui.core.RollerSession__static_init
    
    public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession";
    public static final String ERROR_MESSAGE   = "rollererror_message";
    public static final String STATUS_MESSAGE  = "rollerstatus_message";
    
    
    /**
     * Get RollerSession from request (and add user if not already present).
     */
    public static RollerSession getRollerSession(HttpServletRequest request) {
        RollerSession rollerSession = null;
    //#RollerSession.java:63: method: RollerSession org.apache.roller.weblogger.ui.core.RollerSession.getRollerSession(HttpServletRequest)
    //#input(RollerSession getRollerSession(HttpServletRequest)): "Error looking up authenticated user "._tainted
    //#input(RollerSession getRollerSession(HttpServletRequest)): "IllegalAccessException while creating: "._tainted
    //#input(RollerSession getRollerSession(HttpServletRequest)): "InstantiationException while creating: "._tainted
    //#input(RollerSession getRollerSession(HttpServletRequest)): __Descendant_Table[org/apache/roller/weblogger/ui/core/RollerSession]
    //#input(RollerSession getRollerSession(HttpServletRequest)): __Descendant_Table[others]
    //#input(RollerSession getRollerSession(HttpServletRequest)): __Dispatch_Table.getAuthenticatedUser()Lorg/apache/roller/weblogger/pojos/User;
    //#input(RollerSession getRollerSession(HttpServletRequest)): __Dispatch_Table.setAuthenticatedUser(Lorg/apache/roller/weblogger/pojos/User;)V
    //#input(RollerSession getRollerSession(HttpServletRequest)): log
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/RollerContext.log
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/AutoProvision.__Descendant_Table[org/apache/roller/weblogger/ui/core/security/AutoProvision]
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/AutoProvision.__Descendant_Table[org/apache/roller/weblogger/ui/core/security/BasicUserAutoProvision]
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/AutoProvision.__Descendant_Table[others]
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/AutoProvision.__Dispatch_Table.execute()Z
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/BasicUserAutoProvision.__Dispatch_Table.execute()Z
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/BasicUserAutoProvision.log
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_EMAIL_LDAP_ATTRIBUTE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_LOCALE_LDAP_ATTRIBUTE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_NAME_LDAP_ATTRIBUTE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_SNAME_LDAP_ATTRIBUTE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_TIMEZONE_LDAP_ATTRIBUTE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.EMAIL_LDAP_PROPERTY
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.LOCALE_LDAP_PROPERTY
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.NAME_LDAP_PROPERTY
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.SNAME_LDAP_PROPERTY
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.TIMEZONE_LDAP_PROPERTY
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java.lang.Boolean.FALSE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java.lang.Boolean.TRUE
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.log
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/RollerUserDetails.__Descendant_Table[org/apache/roller/weblogger/ui/core/security/RollerUserDetails]
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/RollerUserDetails.__Descendant_Table[others]
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/RollerUserDetails.__Dispatch_Table.getFullName()Ljava/lang/String;
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/RollerUserDetails.__Dispatch_Table.getLocale()Ljava/lang/String;
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/RollerUserDetails.__Dispatch_Table.getScreenName()Ljava/lang/String;
    //#input(RollerSession getRollerSession(HttpServletRequest)): org/apache/roller/weblogger/ui/core/security/RollerUserDetails.__Dispatch_Table.getTimeZone()Ljava/lang/String;
    //#input(RollerSession getRollerSession(HttpServletRequest)): request
    //#output(RollerSession getRollerSession(HttpServletRequest)): new RollerSession(getRollerSession#1) num objects
    //#output(RollerSession getRollerSession(HttpServletRequest)): new RollerSession(getRollerSession#1).__Tag
    //#output(RollerSession getRollerSession(HttpServletRequest)): new RollerSession(getRollerSession#1).userId
    //#output(RollerSession getRollerSession(HttpServletRequest)): return_value
    //#new obj(RollerSession getRollerSession(HttpServletRequest)): new RollerSession(getRollerSession#1)
    //#pre[15] (RollerSession getRollerSession(HttpServletRequest)): request != null
    //#pre[1] (RollerSession getRollerSession(HttpServletRequest)): (soft) log != null
    //#pre[2] (RollerSession getRollerSession(HttpServletRequest)): (soft) org/apache/roller/weblogger/ui/core/RollerContext.log != null
    //#pre[3] (RollerSession getRollerSession(HttpServletRequest)): (soft) org/apache/roller/weblogger/ui/core/security/BasicUserAutoProvision.log != null
    //#pre[4] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_EMAIL_LDAP_ATTRIBUTE)
    //#pre[5] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_LOCALE_LDAP_ATTRIBUTE)
    //#pre[6] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_NAME_LDAP_ATTRIBUTE)
    //#pre[7] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_SNAME_LDAP_ATTRIBUTE)
    //#pre[8] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_TIMEZONE_LDAP_ATTRIBUTE)
    //#pre[9] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.EMAIL_LDAP_PROPERTY)
    //#pre[10] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.LOCALE_LDAP_PROPERTY)
    //#pre[11] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.NAME_LDAP_PROPERTY)
    //#pre[12] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.SNAME_LDAP_PROPERTY)
    //#pre[13] (RollerSession getRollerSession(HttpServletRequest)): (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.TIMEZONE_LDAP_PROPERTY)
    //#pre[14] (RollerSession getRollerSession(HttpServletRequest)): (soft) org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.log != null
    //#presumption(RollerSession getRollerSession(HttpServletRequest)): javax.servlet.http.HttpSession:getAttribute(...).__Tag@66 == org/apache/roller/weblogger/ui/core/RollerSession
    //#presumption(RollerSession getRollerSession(HttpServletRequest)): org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@76 != null
    //#presumption(RollerSession getRollerSession(HttpServletRequest)): org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@76 != null
    //#presumption(RollerSession getRollerSession(HttpServletRequest)): org.apache.roller.weblogger.pojos.User:getEnabled(...)@93 != null
    //#presumption(RollerSession getRollerSession(HttpServletRequest)): rollerSession.__Tag@66 == org/apache/roller/weblogger/ui/core/RollerSession
    //#post(RollerSession getRollerSession(HttpServletRequest)): init'ed(return_value)
    //#post(RollerSession getRollerSession(HttpServletRequest)): new RollerSession(getRollerSession#1) num objects <= 1
    //#post(RollerSession getRollerSession(HttpServletRequest)): new RollerSession(getRollerSession#1).__Tag == org/apache/roller/weblogger/ui/core/RollerSession
    //#post(RollerSession getRollerSession(HttpServletRequest)): init'ed(new RollerSession(getRollerSession#1).userId)
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.business.Weblogger:getUserManager
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.business.UserManager:getUser
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.Throwable:__curr_excep_obj
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.StringBuilder
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.StringBuilder:append
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.StringBuilder:toString
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.commons.logging.Log:warn
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:getId
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.config.WebloggerConfig:getProperty
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.Class:forName
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.Class:getInterfaces
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.Object:equals
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.Class:newInstance
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:javax.naming.directory.Attributes:get
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:javax.naming.directory.Attribute:get
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.lang.Object:toString
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.commons.logging.Log:info
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.context.SecurityContextHolder:getContext
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.context.SecurityContext:getAuthentication
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.Authentication:getPrincipal
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.userdetails.UserDetails:instanceof
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.userdetails.UserDetails:getUsername
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.userdetails.UserDetails:getPassword
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.userdetails.UserDetails:isEnabled
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setId
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setUserName
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setPassword
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setEnabled
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.util.Locale:getDefault
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.util.Locale:toString
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setLocale
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.util.TimeZone:getDefault
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.util.TimeZone:getID
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setTimeZone
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:java.util.Date
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setDateCreated
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:getScreenName
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setScreenName
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:getFullName
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setFullName
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.pojos.User:setEmailAddress
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:getTimeZone
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:getLocale
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.userdetails.ldap.LdapUserDetails:instanceof
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.acegisecurity.userdetails.ldap.LdapUserDetails:getAttributes
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.business.UserManager:addUser
    //#unanalyzed(RollerSession getRollerSession(HttpServletRequest)): Effects-of-calling:org.apache.roller.weblogger.business.Weblogger:flush
    //#test_vector(RollerSession getRollerSession(HttpServletRequest)): java.lang.Boolean:booleanValue(...)@93: {0}, {1}
    //#test_vector(RollerSession getRollerSession(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getSession(...)@64: Addr_Set{null}, Inverse{null}
    //#test_vector(RollerSession getRollerSession(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getUserPrincipal(...)@73: Addr_Set{null}, Inverse{null}
    //#test_vector(RollerSession getRollerSession(HttpServletRequest)): javax.servlet.http.HttpSession:getAttribute(...)@66: Inverse{null}, Addr_Set{null}
    //#test_vector(RollerSession getRollerSession(HttpServletRequest)): org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@77: Inverse{null}, Addr_Set{null}
    //#test_vector(RollerSession getRollerSession(HttpServletRequest)): org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(...)@81: {0}, {1}
        HttpSession session = request.getSession(false);
        if (session != null) {
            rollerSession = (RollerSession)session.getAttribute(ROLLER_SESSION);
            if (rollerSession == null) {
                // HttpSession with no RollerSession?
                // Must be a session that was de-serialized from a previous run.
                rollerSession = new RollerSession();
                session.setAttribute(ROLLER_SESSION, rollerSession);
            }
            Principal principal = request.getUserPrincipal();
            if (rollerSession.getAuthenticatedUser() == null && principal != null) {
                try {
                    UserManager umgr = WebloggerFactory.getWeblogger().getUserManager();
    //#RollerSession.java:76: Warning: method not available
    //#    -- call on Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#RollerSession.java:76: Warning: method not available
    //#    -- call on UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
                    User user = umgr.getUserByUserName(principal.getName());
    //#RollerSession.java:77: Warning: method not available
    //#    -- call on User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
                    
                    // try one time to auto-provision, only happens if user==null
                    // which means installation has SSO-enabled in security.xml
                    if(user == null && WebloggerConfig.getBooleanProperty("users.sso.autoProvision.enabled")) {
    //#RollerSession.java:81: Warning: method not available
    //#    -- call on bool org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: bool org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(String)
                        // provisioning enabled, get provisioner and execute
                        AutoProvision provisioner = RollerContext.getAutoProvision();
                        if(provisioner != null) {
                            boolean userProvisioned = provisioner.execute();
    //#RollerSession.java:85: ?use of default init
    //#    init'ed(provisioner.__Tag)
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    basic block: bb_10
    //#    assertion: init'ed(provisioner.__Tag)
    //#    VN: java.lang.Class:newInstance(...)@374.__Tag
    //#    Expected: {-Inf..+Inf}
    //#    Bad: {Invalid}
    //#    Attribs:  Int  Bad only invalid
    //#RollerSession.java:85: ?null dereference
    //#    org/apache/roller/weblogger/ui/core/security/AutoProvision.__Descendant_Table[provisioner.__Tag] != null
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    basic block: bb_10
    //#    assertion: org/apache/roller/weblogger/ui/core/security/AutoProvision.__Descendant_Table[provisioner.__Tag] != null
    //#    VN: org/apache/roller/weblogger/ui/core/security/AutoProvision.__Descendant_Table[provisioner.__Tag]
    //#    Expected: Inverse{null}
    //#    Bad: Addr_Set{null}
    //#    Attribs:  Ptr  null in Bad
                            if(userProvisioned) {
    //#RollerSession.java:86: Warning: test always goes same way
    //#    test predetermined because userProvisioned == 1
    //#    severity: LOW
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    from bb: bb_10
    //#    live edge: bb_10-->bb_11
    //#    tested vn: 1
    //#    tested vn values: {1}
                                // try lookup again real quick
                                user = umgr.getUserByUserName(principal.getName());
    //#RollerSession.java:88: Warning: method not available
    //#    -- call on User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
                            }
                        }
                    }
                    // only set authenticated user if user is enabled
                    if(user != null && user.getEnabled().booleanValue()) {
    //#RollerSession.java:93: Warning: method not available
    //#    -- call on Boolean org.apache.roller.weblogger.pojos.User:getEnabled()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: Boolean org.apache.roller.weblogger.pojos.User:getEnabled()
                        rollerSession.setAuthenticatedUser(user);
                    }
                } catch (WebloggerException e) {
                    log.error("ERROR: getting user object",e);
    //#RollerSession.java:97: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:error(Object, Throwable)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: RollerSession getRollerSession(HttpServletRequest)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:error(Object, Throwable)
                }
            }
        }
        
        return rollerSession;
    //#RollerSession.java:102: end of method: RollerSession org.apache.roller.weblogger.ui.core.RollerSession.getRollerSession(HttpServletRequest)
    }
    
    
    /** Create session's Roller instance */
    public void sessionCreated(HttpSessionEvent se) {
        RollerSession rollerSession = new RollerSession();
    //#RollerSession.java:108: method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionCreated(HttpSessionEvent)
    //#input(void sessionCreated(HttpSessionEvent)): se
    //#pre[1] (void sessionCreated(HttpSessionEvent)): se != null
    //#presumption(void sessionCreated(HttpSessionEvent)): javax.servlet.http.HttpSessionEvent:getSession(...)@109 != null
        se.getSession().setAttribute(ROLLER_SESSION, rollerSession);
    }
    //#RollerSession.java:110: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionCreated(HttpSessionEvent)
    
    
    public void sessionDestroyed(HttpSessionEvent se) {
        clearSession(se);
    //#RollerSession.java:114: method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionDestroyed(HttpSessionEvent)
    //#input(void sessionDestroyed(HttpSessionEvent)): log
    //#input(void sessionDestroyed(HttpSessionEvent)): se
    //#input(void sessionDestroyed(HttpSessionEvent)): this
    //#pre[2] (void sessionDestroyed(HttpSessionEvent)): se != null
    //#pre[1] (void sessionDestroyed(HttpSessionEvent)): (soft) log != null
    //#unanalyzed(void sessionDestroyed(HttpSessionEvent)): Effects-of-calling:java.lang.Throwable:__curr_excep_obj
    //#unanalyzed(void sessionDestroyed(HttpSessionEvent)): Effects-of-calling:javax.servlet.http.HttpSessionEvent:getSession
    //#unanalyzed(void sessionDestroyed(HttpSessionEvent)): Effects-of-calling:javax.servlet.http.HttpSession:removeAttribute
    //#unanalyzed(void sessionDestroyed(HttpSessionEvent)): Effects-of-calling:org.apache.commons.logging.Log:isDebugEnabled
    //#unanalyzed(void sessionDestroyed(HttpSessionEvent)): Effects-of-calling:org.apache.commons.logging.Log:debug
    }
    //#RollerSession.java:115: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionDestroyed(HttpSessionEvent)
    
    
    /** Init session as if it was new */
    public void sessionDidActivate(HttpSessionEvent se) {
    }
    //#RollerSession.java:120: method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionDidActivate(HttpSessionEvent)
    //#RollerSession.java:120: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionDidActivate(HttpSessionEvent)
    
    
    /** 
     * Purge session before passivation. Because Roller currently does not
     * support session recovery, failover, migration, or whatever you want
     * to call it when sessions are saved and then restored at some later
     * point in time.
     */
    public void sessionWillPassivate(HttpSessionEvent se) {
        clearSession(se);
    //#RollerSession.java:130: method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionWillPassivate(HttpSessionEvent)
    //#input(void sessionWillPassivate(HttpSessionEvent)): log
    //#input(void sessionWillPassivate(HttpSessionEvent)): se
    //#input(void sessionWillPassivate(HttpSessionEvent)): this
    //#pre[2] (void sessionWillPassivate(HttpSessionEvent)): se != null
    //#pre[1] (void sessionWillPassivate(HttpSessionEvent)): (soft) log != null
    //#unanalyzed(void sessionWillPassivate(HttpSessionEvent)): Effects-of-calling:java.lang.Throwable:__curr_excep_obj
    //#unanalyzed(void sessionWillPassivate(HttpSessionEvent)): Effects-of-calling:javax.servlet.http.HttpSessionEvent:getSession
    //#unanalyzed(void sessionWillPassivate(HttpSessionEvent)): Effects-of-calling:javax.servlet.http.HttpSession:removeAttribute
    //#unanalyzed(void sessionWillPassivate(HttpSessionEvent)): Effects-of-calling:org.apache.commons.logging.Log:isDebugEnabled
    //#unanalyzed(void sessionWillPassivate(HttpSessionEvent)): Effects-of-calling:org.apache.commons.logging.Log:debug
    }
    //#RollerSession.java:131: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.sessionWillPassivate(HttpSessionEvent)
    
    
    /**
     * Authenticated user associated with this session.
     */
    public User getAuthenticatedUser() {
        
        User authenticUser = null;
    //#RollerSession.java:139: method: User org.apache.roller.weblogger.ui.core.RollerSession.getAuthenticatedUser()
    //#input(User getAuthenticatedUser()): "Error looking up authenticated user "._tainted
    //#input(User getAuthenticatedUser()): log
    //#input(User getAuthenticatedUser()): this
    //#input(User getAuthenticatedUser()): this.userId
    //#input(User getAuthenticatedUser()): this.userId._tainted
    //#output(User getAuthenticatedUser()): return_value
    //#pre[3] (User getAuthenticatedUser()): init'ed(this.userId)
    //#pre[1] (User getAuthenticatedUser()): (soft) log != null
    //#presumption(User getAuthenticatedUser()): org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@142 != null
    //#presumption(User getAuthenticatedUser()): org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@142 != null
    //#post(User getAuthenticatedUser()): init'ed(return_value)
    //#test_vector(User getAuthenticatedUser()): this.userId: Addr_Set{null}, Inverse{null}
        if(userId != null) {
            try {
                UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
    //#RollerSession.java:142: Warning: method not available
    //#    -- call on Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: User getAuthenticatedUser()
    //#    unanalyzed callee: Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#RollerSession.java:142: Warning: method not available
    //#    -- call on UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: User getAuthenticatedUser()
    //#    unanalyzed callee: UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
                authenticUser = mgr.getUser(userId);
    //#RollerSession.java:143: Warning: method not available
    //#    -- call on User org.apache.roller.weblogger.business.UserManager:getUser(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: User getAuthenticatedUser()
    //#    unanalyzed callee: User org.apache.roller.weblogger.business.UserManager:getUser(String)
            } catch (WebloggerException ex) {
                log.warn("Error looking up authenticated user "+userId, ex);
    //#RollerSession.java:145: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:warn(Object, Throwable)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: User getAuthenticatedUser()
    //#    unanalyzed callee: void org.apache.commons.logging.Log:warn(Object, Throwable)
            }
        }
        
        return authenticUser;
    //#RollerSession.java:149: end of method: User org.apache.roller.weblogger.ui.core.RollerSession.getAuthenticatedUser()
    }
    
    
    /**
     * Authenticated user associated with this session.
     */
    public void setAuthenticatedUser(User authenticatedUser) {
        this.userId = authenticatedUser.getId();
    //#RollerSession.java:157: method: void org.apache.roller.weblogger.ui.core.RollerSession.setAuthenticatedUser(User)
    //#RollerSession.java:157: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.pojos.User:getId()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: void setAuthenticatedUser(User)
    //#    unanalyzed callee: String org.apache.roller.weblogger.pojos.User:getId()
    //#input(void setAuthenticatedUser(User)): authenticatedUser
    //#input(void setAuthenticatedUser(User)): this
    //#output(void setAuthenticatedUser(User)): this.userId
    //#pre[1] (void setAuthenticatedUser(User)): authenticatedUser != null
    //#post(void setAuthenticatedUser(User)): init'ed(this.userId)
    }
    //#RollerSession.java:158: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.setAuthenticatedUser(User)
    
       
    private void clearSession(HttpSessionEvent se) {
        HttpSession session = se.getSession();
    //#RollerSession.java:162: method: void org.apache.roller.weblogger.ui.core.RollerSession.clearSession(HttpSessionEvent)
    //#input(void clearSession(HttpSessionEvent)): log
    //#input(void clearSession(HttpSessionEvent)): se
    //#pre[2] (void clearSession(HttpSessionEvent)): se != null
    //#pre[1] (void clearSession(HttpSessionEvent)): (soft) log != null
    //#presumption(void clearSession(HttpSessionEvent)): javax.servlet.http.HttpSessionEvent:getSession(...)@162 != null
        try {
            session.removeAttribute(ROLLER_SESSION);
        } catch (Throwable e) {
            if (log.isDebugEnabled()) {
    //#RollerSession.java:166: Warning: method not available
    //#    -- call on bool org.apache.commons.logging.Log:isDebugEnabled()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: void clearSession(HttpSessionEvent)
    //#    unanalyzed callee: bool org.apache.commons.logging.Log:isDebugEnabled()
                // ignore purge exceptions
                log.debug("EXCEPTION PURGING session attributes",e);
    //#RollerSession.java:168: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:debug(Object, Throwable)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.RollerSession
    //#    method: void clearSession(HttpSessionEvent)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:debug(Object, Throwable)
            }
        }
    }
    //#RollerSession.java:171: end of method: void org.apache.roller.weblogger.ui.core.RollerSession.clearSession(HttpSessionEvent)
    
}
    //#RollerSession.java:: end of class: org.apache.roller.weblogger.ui.core.RollerSession
