//# 1 errors, 116 messages
//#
/*
    //#SchemeEnforcementFilter.java:1:1: class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
* Licensed to the Apache Software Foundation (ASF) under one or more
*  contributor license agreements.  The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.  For additional information regarding
* copyright in this work, please see the NOTICE file in the top level
* directory of this distribution.
*/
/*
 * SchemeEnforcementFilter.java
 *
 * Created on September 16, 2005, 3:17 PM
 */

package org.apache.roller.weblogger.ui.core.filters;

import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.roller.weblogger.config.WebloggerConfig;


/**
 * The SchemeEnforcementFilter is provided for Roller sites that enable secure
 * logins and want to ensure that only login urls are used under https.
 *
 * @author  Allen Gilliland
 *
 * @web.filter name="SchemeEnforcementFilter"
 */
public class SchemeEnforcementFilter implements Filter {
    //#SchemeEnforcementFilter.java:51: method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()
    //#input(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): new HashSet(SchemeEnforcementFilter#1) num objects
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.allowedUrls
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.filterConfig
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpPort
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpsHeaderName
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpsHeaderValue
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpsPort
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.schemeEnforcementEnabled
    //#output(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.secureLoginEnabled
    //#new obj(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): new HashSet(SchemeEnforcementFilter#1)
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.allowedUrls == &new HashSet(SchemeEnforcementFilter#1)
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.filterConfig == null
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpsHeaderName == null
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpsHeaderValue == null
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpPort == 80
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.httpsPort == 443
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.schemeEnforcementEnabled == 0
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): this.secureLoginEnabled == 0
    //#post(void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()): new HashSet(SchemeEnforcementFilter#1) num objects == 1
    
    private static Log mLogger = 
    //#SchemeEnforcementFilter.java:53: method: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init
    //#SchemeEnforcementFilter.java:53: Warning: method not available
    //#    -- call on Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init
    //#    unanalyzed callee: Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#output(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Descendant_Table[org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter]
    //#output(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Dispatch_Table.destroy()V
    //#output(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Dispatch_Table.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljavax/servlet/FilterChain;)V
    //#output(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Dispatch_Table.init(Ljavax/servlet/FilterConfig;)V
    //#output(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): mLogger
    //#post(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Descendant_Table[org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter] == &__Dispatch_Table
    //#post(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Dispatch_Table.destroy()V == &destroy
    //#post(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Dispatch_Table.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljavax/servlet/FilterChain;)V == &doFilter
    //#post(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): __Dispatch_Table.init(Ljavax/servlet/FilterConfig;)V == &init
    //#post(org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init): init'ed(mLogger)
    //#SchemeEnforcementFilter.java:53: end of method: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter__static_init
            LogFactory.getLog(SchemeEnforcementFilter.class);
    
    private FilterConfig filterConfig = null;
    
    private boolean schemeEnforcementEnabled = false;
    private boolean secureLoginEnabled = false;
    private int httpPort = 80;
    private int httpsPort = 443;
    private String httpsHeaderName = null;
    private String httpsHeaderValue = null;
    
    private Set allowedUrls = new HashSet();
    //#SchemeEnforcementFilter.java:65: end of method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter()
    
    
    /**
     * Process filter.
     *
     * We'll take the incoming request and first determine if this is a
     * secure request.  If the request is secure then we'll see if it matches
     * one of the allowed secure urls, if not then we will redirect back out
     * of https.
     */
    public void doFilter(ServletRequest request, ServletResponse response,
                        FilterChain chain)
            throws IOException, ServletException {
        
        if(this.schemeEnforcementEnabled && this.secureLoginEnabled) {
    //#SchemeEnforcementFilter.java:80: method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.doFilter(ServletRequest, ServletResponse, FilterChain)
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): ":"._tainted
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): "?"._tainted
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): "Redirecting to "._tainted
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): "checking path = "._tainted
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): "http:.."._tainted
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): "https:.."._tainted
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): chain
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): mLogger
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): request
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): response
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): this
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.allowedUrls
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.httpPort
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.httpsPort
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.schemeEnforcementEnabled
    //#input(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.secureLoginEnabled
    //#pre[9] (void doFilter(ServletRequest, ServletResponse, FilterChain)): init'ed(this.schemeEnforcementEnabled)
    //#pre[1] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) chain != null
    //#pre[2] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) mLogger != null
    //#pre[3] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) request != null
    //#pre[4] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) response != null
    //#pre[6] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) this.allowedUrls != null
    //#pre[7] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) init'ed(this.httpPort)
    //#pre[8] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) init'ed(this.httpsPort)
    //#pre[12] (void doFilter(ServletRequest, ServletResponse, FilterChain)): (soft) init'ed(this.secureLoginEnabled)
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.httpPort: {80}, {-2_147_483_648..79, 81..4_294_967_295}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.httpsPort: {443}, {-2_147_483_648..442, 444..4_294_967_295}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.schemeEnforcementEnabled: {0}, {1}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): this.secureLoginEnabled: {0}, {1}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): java.util.Set:contains(...)@103: {1}, {0}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): java.util.Set:contains(...)@87: {0}, {1}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): javax.servlet.ServletRequest:isSecure(...)@103: {0}, {1}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): javax.servlet.ServletRequest:isSecure(...)@87: {1}, {0}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): javax.servlet.http.HttpServletRequest:getQueryString(...)@112: Addr_Set{null}, Inverse{null}
    //#test_vector(void doFilter(ServletRequest, ServletResponse, FilterChain)): javax.servlet.http.HttpServletRequest:getQueryString(...)@96: Addr_Set{null}, Inverse{null}
            
            HttpServletRequest req = (HttpServletRequest) request;
            HttpServletResponse res = (HttpServletResponse) response;
            
            mLogger.debug("checking path = "+req.getServletPath());
    //#SchemeEnforcementFilter.java:85: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:debug(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void doFilter(ServletRequest, ServletResponse, FilterChain)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:debug(Object)
            
            if(!request.isSecure() && allowedUrls.contains(req.getServletPath())) {
                // http insecure request that should be over https
                String redirect = "https://"+req.getServerName();
                
                if(this.httpsPort != 443)
                    redirect += ":"+this.httpsPort;
                
                redirect += req.getRequestURI();
                
                if(req.getQueryString() != null)
                    redirect += "?"+req.getQueryString();
                
                mLogger.debug("Redirecting to "+redirect);
    //#SchemeEnforcementFilter.java:99: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:debug(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void doFilter(ServletRequest, ServletResponse, FilterChain)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:debug(Object)
                res.sendRedirect(redirect);
                return;
                
            } else if(request.isSecure() && !allowedUrls.contains(req.getServletPath())) {
                // https secure request that should be over http
                String redirect = "http://"+req.getServerName();
                
                if(this.httpPort != 80)
                    redirect += ":"+this.httpPort;
                
                redirect += req.getRequestURI();
                
                if(req.getQueryString() != null)
                    redirect += "?"+req.getQueryString();
                
                mLogger.debug("Redirecting to "+redirect);
    //#SchemeEnforcementFilter.java:115: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:debug(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void doFilter(ServletRequest, ServletResponse, FilterChain)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:debug(Object)
                res.sendRedirect(redirect);
                return;
            }
        }
        
        chain.doFilter(request, response);
    }
    //#SchemeEnforcementFilter.java:122: end of method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.doFilter(ServletRequest, ServletResponse, FilterChain)
    
    
    public void destroy() {}
    //#SchemeEnforcementFilter.java:125: method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.destroy()
    //#SchemeEnforcementFilter.java:125: end of method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.destroy()
    
    
    /**
     * Filter init.
     *
     * We are just collecting init properties which we'll use for each request.
     */
    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    //#SchemeEnforcementFilter.java:134: method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.init(FilterConfig)
    //#input(void init(FilterConfig)): filterConfig
    //#input(void init(FilterConfig)): mLogger
    //#input(void init(FilterConfig)): this
    //#input(void init(FilterConfig)): this.allowedUrls
    //#output(void init(FilterConfig)): this.filterConfig
    //#output(void init(FilterConfig)): this.httpPort
    //#output(void init(FilterConfig)): this.httpsPort
    //#output(void init(FilterConfig)): this.schemeEnforcementEnabled
    //#output(void init(FilterConfig)): this.secureLoginEnabled
    //#pre[2] (void init(FilterConfig)): (soft) mLogger != null
    //#pre[6] (void init(FilterConfig)): (soft) this.allowedUrls != null
    //#presumption(void init(FilterConfig)): org.apache.roller.weblogger.config.WebloggerConfig:getProperty(...)@158 != null
    //#post(void init(FilterConfig)): this.filterConfig == filterConfig
    //#post(void init(FilterConfig)): init'ed(this.filterConfig)
    //#post(void init(FilterConfig)): possibly_updated(this.httpPort)
    //#post(void init(FilterConfig)): possibly_updated(this.httpsPort)
    //#post(void init(FilterConfig)): init'ed(this.schemeEnforcementEnabled)
    //#post(void init(FilterConfig)): init'ed(this.secureLoginEnabled)
    //#test_vector(void init(FilterConfig)): java.util.Iterator:hasNext(...)@168: {0}, {1}
    //#test_vector(void init(FilterConfig)): org.apache.commons.logging.Log:isDebugEnabled(...)@166: {0}, {1}
    //#test_vector(void init(FilterConfig)): org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(...)@137: {0}, {1}
    //#test_vector(void init(FilterConfig)): org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(...)@139: {0}, {1}
        
        // determine if we are doing scheme enforcement
        this.schemeEnforcementEnabled = 
    //#SchemeEnforcementFilter.java:137: Warning: method not available
    //#    -- call on bool org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: bool org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(String)
                WebloggerConfig.getBooleanProperty("schemeenforcement.enabled");
        this.secureLoginEnabled = 
    //#SchemeEnforcementFilter.java:139: Warning: method not available
    //#    -- call on bool org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: bool org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(String)
                WebloggerConfig.getBooleanProperty("securelogin.enabled");
        
        if(this.schemeEnforcementEnabled && this.secureLoginEnabled) {
            // gather some more properties
            String http_port = 
    //#SchemeEnforcementFilter.java:144: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
                    WebloggerConfig.getProperty("securelogin.http.port");
            String https_port = 
    //#SchemeEnforcementFilter.java:146: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
                    WebloggerConfig.getProperty("securelogin.https.port");
            
            try {
                this.httpPort = Integer.parseInt(http_port);
                this.httpsPort = Integer.parseInt(https_port);
            } catch(NumberFormatException nfe) {
                // ignored ... guess we'll have to use the defaults
                mLogger.warn("error with secure login ports", nfe);
    //#SchemeEnforcementFilter.java:154: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:warn(Object, Throwable)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:warn(Object, Throwable)
            }
            
            // finally, construct our list of allowable https urls
            String urls = 
    //#SchemeEnforcementFilter.java:158: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
                    WebloggerConfig.getProperty("schemeenforcement.https.urls");
            String[] urlsArray = urls.split(",");
            for(int i=0; i < urlsArray.length; i++)
    //#SchemeEnforcementFilter.java:161: ?use of default init
    //#    init'ed(urlsArray.length)
    //#    severity: LOW
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    basic block: bb_7
    //#    assertion: init'ed(urlsArray.length)
    //#    VN: undefined
    //#    Expected: {-Inf..+Inf}
    //#    Bad: {Invalid}
    //#    Attribs:  Int  Bad only invalid
    //#SchemeEnforcementFilter.java:161: Warning: test always goes same way
    //#    test predetermined because i == urlsArray.length
    //#    severity: LOW
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    from bb: bb_7
    //#    live edge: bb_7-->bb_9
    //#    tested vn: i - undefined
    //#    tested vn values: {0}
                this.allowedUrls.add(urlsArray[i]);
    //#SchemeEnforcementFilter.java:162: Warning: dead code
    //#    dead code here because i == urlsArray.length
    //#    severity: LOW
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    dead bb: bb_8
            
            // some logging for the curious
            mLogger.info("Scheme enforcement = enabled");
    //#SchemeEnforcementFilter.java:165: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:info(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:info(Object)
            if(mLogger.isDebugEnabled()) {
    //#SchemeEnforcementFilter.java:166: Warning: method not available
    //#    -- call on bool org.apache.commons.logging.Log:isDebugEnabled()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: bool org.apache.commons.logging.Log:isDebugEnabled()
                mLogger.debug("allowed urls are:");
    //#SchemeEnforcementFilter.java:167: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:debug(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:debug(Object)
                for(Iterator it = this.allowedUrls.iterator(); it.hasNext();)
                    mLogger.debug(it.next());
    //#SchemeEnforcementFilter.java:169: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:debug(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
    //#    method: void init(FilterConfig)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:debug(Object)
            }
        }
    }
    //#SchemeEnforcementFilter.java:172: end of method: void org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter.init(FilterConfig)
    
}
    //#SchemeEnforcementFilter.java:: end of class: org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter
