File Source: securityutils.java
/*
P/P * Method: net.sourceforge.pebble.util.SecurityUtils__static_init
*
* Postconditions:
* init'ed(log)
*/
1 /*
2 * Copyright (c) 2003-2006, Simon Brown
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * - Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * - Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * - Neither the name of Pebble nor the names of its contributors may
17 * be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32 package net.sourceforge.pebble.util;
33
34 import net.sourceforge.pebble.Constants;
35 import net.sourceforge.pebble.PebbleContext;
36 import net.sourceforge.pebble.domain.Blog;
37 import net.sourceforge.pebble.security.PebbleUserDetails;
38 import net.sourceforge.pebble.security.SecurityRealm;
39 import net.sourceforge.pebble.security.SecurityRealmException;
40 import org.acegisecurity.Authentication;
41 import org.acegisecurity.GrantedAuthority;
42 import org.acegisecurity.GrantedAuthorityImpl;
43 import org.acegisecurity.context.SecurityContext;
44 import org.acegisecurity.context.SecurityContextHolder;
45 import org.acegisecurity.providers.TestingAuthenticationToken;
46 import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
47 import org.acegisecurity.providers.encoding.PasswordEncoder;
48 import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
49 import org.acegisecurity.providers.encoding.ShaPasswordEncoder;
50 import org.apache.commons.logging.Log;
51 import org.apache.commons.logging.LogFactory;
52
53 import java.util.List;
54
55 /**
56 * A collection of utility methods for security.
57 *
58 * @author Simon Brown
59 */
60 public final class SecurityUtils {
61
62 private static final Log log = LogFactory.getLog(SecurityUtils.class);
63
/*
P/P * Method: String getUsername()
*
* Presumptions:
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@65 != null
*
* Postconditions:
* init'ed(return_value)
*/
64 public static String getUsername() {
65 SecurityContext ctx = SecurityContextHolder.getContext();
66 Authentication auth = ctx.getAuthentication();
67 return getUsername(auth);
68 }
69
/*
P/P * Method: String getUsername(Authentication)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* auth: Addr_Set{null}, Inverse{null}
*/
70 public static String getUsername(Authentication auth) {
71 if (auth != null) {
72 return auth.getName();
73 } else {
74 return null;
75 }
76 }
77
/*
P/P * Method: PebbleUserDetails getUserDetails()
*
* Preconditions:
* (soft) net.sourceforge.pebble.PebbleContext__static_init.new PebbleContext(PebbleContext__static_init#1).configuration != null
*
* Presumptions:
* net.sourceforge.pebble.Configuration:getSecurityRealm(...)@80 != null
* org.apache.commons.logging.LogFactory:getLog(...)@62 != null
* realm.configuration@80 != null
*
* Postconditions:
* return_value in Addr_Set{null,&new PebbleUserDetails(getUser#4)}
* new HashMap(PebbleUserDetails#1) num objects <= 1
* new HashMap(getUser#3) num objects <= 1
* new PebbleUserDetails(getUser#4) num objects <= 1
* init'ed(new PebbleUserDetails(getUser#4).detailsUpdateable)
* init'ed(new PebbleUserDetails(getUser#4).emailAddress)
* init'ed(new PebbleUserDetails(getUser#4).grantedAuthories)
* init'ed(new PebbleUserDetails(getUser#4).name)
* init'ed(new PebbleUserDetails(getUser#4).password)
* new PebbleUserDetails(getUser#4).preferences == &new HashMap(getUser#3)
* ...
*/
78 public static PebbleUserDetails getUserDetails() {
79 try {
80 SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
81 return realm.getUser(getUsername());
82 } catch (SecurityRealmException e) {
83 log.error("Exception encountered", e);
84 return null;
85 }
86 }
87
/*
P/P * Method: bool isUserInRole(String)
*
* Presumptions:
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@89 != null
*
* Postconditions:
* init'ed(return_value)
*/
88 public static boolean isUserInRole(String role) {
89 SecurityContext ctx = SecurityContextHolder.getContext();
90 Authentication auth = ctx.getAuthentication();
91 return isUserInRole(auth, role);
92 }
93
/*
P/P * Method: bool isUserInRole(Authentication, String)
*
* Presumptions:
* Local_6[Local_4]@96 != null
* authorities.length@96 <= 232-1
* org.acegisecurity.GrantedAuthority:getAuthority(...)@99 != null
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* auth: Addr_Set{null}, Inverse{null}
* java.lang.String:equals(...)@99: {0}, {1}
* org.acegisecurity.Authentication:getAuthorities(...)@96: Addr_Set{null}, Inverse{null}
*/
94 public static boolean isUserInRole(Authentication auth, String role) {
95 if (auth != null) {
96 GrantedAuthority[] authorities = auth.getAuthorities();
97 if (authorities != null) {
98 for (GrantedAuthority authority : authorities) {
99 if (authority.getAuthority().equals(role)) {
100 return true;
101 }
102 }
103 }
104 }
105 return false;
106 }
107
108 /**
109 * Determines whether this user is a Pebble admin user.
110 *
111 * @return true if the user is a Pebble admin, false otherwise
112 */
/*
P/P * Method: bool isBlogAdmin()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_ADMIN_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
113 public static boolean isBlogAdmin() {
114 return isUserInRole(Constants.BLOG_ADMIN_ROLE);
115 }
116
117 /**
118 * Determines whether this user is a blog owner.
119 *
120 * @return true if the user is a blog owner, false otherwise
121 */
/*
P/P * Method: bool isBlogOwner()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
122 public static boolean isBlogOwner() {
123 return isUserInRole(Constants.BLOG_OWNER_ROLE);
124 }
125
126 /**
127 * Determines whether this user is a blog publisher.
128 *
129 * @return true if the user is a blog publisher, false otherwise
130 */
/*
P/P * Method: bool isBlogPublisher()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_PUBLISHER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
131 public static boolean isBlogPublisher() {
132 return isUserInRole(Constants.BLOG_PUBLISHER_ROLE);
133 }
134
135 /**
136 * Determines whether this user is a blog contributor.
137 *
138 * @return true if the user is a blog contributor, false otherwise
139 */
/*
P/P * Method: bool isBlogContributor()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_CONTRIBUTOR_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
140 public static boolean isBlogContributor() {
141 return isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE);
142 }
143
144 /**
145 * Determines whether this user is a Pebble admin user.
146 *
147 * @return true if the user is a Pebble admin, false otherwise
148 */
/*
P/P * Method: bool isBlogAdmin(Authentication)
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_ADMIN_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
149 public static boolean isBlogAdmin(Authentication auth) {
150 return isUserInRole(auth, Constants.BLOG_ADMIN_ROLE);
151 }
152
153 /**
154 * Determines whether this user is a blog owner.
155 *
156 * @return true if the user is a blog owner, false otherwise
157 */
/*
P/P * Method: bool isBlogOwner(Authentication)
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
158 public static boolean isBlogOwner(Authentication auth) {
159 return isUserInRole(auth, Constants.BLOG_OWNER_ROLE);
160 }
161
162 /**
163 * Determines whether this user is a blog publisher.
164 *
165 * @return true if the user is a blog publisher, false otherwise
166 */
/*
P/P * Method: bool isBlogPublisher(Authentication)
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_PUBLISHER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
167 public static boolean isBlogPublisher(Authentication auth) {
168 return isUserInRole(auth, Constants.BLOG_PUBLISHER_ROLE);
169 }
170
171 /**
172 * Determines whether this user is a blog contributor.
173 *
174 * @return true if the user is a blog contributor, false otherwise
175 */
/*
P/P * Method: bool isBlogContributor(Authentication)
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_CONTRIBUTOR_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
176 public static boolean isBlogContributor(Authentication auth) {
177 return isUserInRole(auth, Constants.BLOG_CONTRIBUTOR_ROLE);
178 }
179
/*
P/P * Method: void runAsBlogOwner()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE)
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@182 != null
*/
180 public static void runAsBlogOwner() {
181 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_OWNER_ROLE)});
182 SecurityContextHolder.getContext().setAuthentication(auth);
183 }
184
/*
P/P * Method: void runAsBlogPublisher()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_PUBLISHER_ROLE)
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@187 != null
*/
185 public static void runAsBlogPublisher() {
186 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_PUBLISHER_ROLE)});
187 SecurityContextHolder.getContext().setAuthentication(auth);
188 }
189
/*
P/P * Method: void runAsBlogContributor()
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_CONTRIBUTOR_ROLE)
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@192 != null
*/
190 public static void runAsBlogContributor() {
191 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_CONTRIBUTOR_ROLE)});
192 SecurityContextHolder.getContext().setAuthentication(auth);
193 }
194
/*
P/P * Method: void runAsAnonymous()
*
* Presumptions:
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@197 != null
*/
195 public static void runAsAnonymous() {
196 Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {});
197 SecurityContextHolder.getContext().setAuthentication(auth);
198 }
199
/*
P/P * Method: void runAsUnauthenticated()
*
* Presumptions:
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@201 != null
*/
200 public static void runAsUnauthenticated() {
201 SecurityContextHolder.getContext().setAuthentication(null);
202 }
203
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogOwner(Blog)
*
* Preconditions:
* (soft) blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* net.sourceforge.pebble.domain.Blog:isUserInRole(...)@206: {0}, {1}
*/
204 public static boolean isUserAuthorisedForBlogAsBlogOwner(Blog blog) {
205 String currentUser = SecurityUtils.getUsername();
206 return isBlogOwner() && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
207 }
208
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogPublisher(Blog)
*
* Preconditions:
* (soft) blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_PUBLISHER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* net.sourceforge.pebble.domain.Blog:isUserInRole(...)@211: {0}, {1}
*/
209 public static boolean isUserAuthorisedForBlogAsBlogPublisher(Blog blog) {
210 String currentUser = SecurityUtils.getUsername();
211 return isBlogPublisher() && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
212 }
213
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogContributor(Blog)
*
* Preconditions:
* (soft) blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_CONTRIBUTOR_ROLE)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* net.sourceforge.pebble.domain.Blog:isUserInRole(...)@216: {0}, {1}
*/
214 public static boolean isUserAuthorisedForBlogAsBlogContributor(Blog blog) {
215 String currentUser = SecurityUtils.getUsername();
216 return isBlogContributor() && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
217 }
218
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogOwner(Authentication, Blog)
*
* Preconditions:
* (soft) blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* net.sourceforge.pebble.domain.Blog:isUserInRole(...)@221: {0}, {1}
*/
219 public static boolean isUserAuthorisedForBlogAsBlogOwner(Authentication auth, Blog blog) {
220 String currentUser = SecurityUtils.getUsername(auth);
221 return isBlogOwner(auth) && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser);
222 }
223
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogPublisher(Authentication, Blog)
*
* Preconditions:
* (soft) blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_PUBLISHER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* net.sourceforge.pebble.domain.Blog:isUserInRole(...)@226: {0}, {1}
*/
224 public static boolean isUserAuthorisedForBlogAsBlogPublisher(Authentication auth, Blog blog) {
225 String currentUser = SecurityUtils.getUsername(auth);
226 return isBlogPublisher(auth) && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser);
227 }
228
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogContributor(Authentication, Blog)
*
* Preconditions:
* (soft) blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_CONTRIBUTOR_ROLE)
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* net.sourceforge.pebble.domain.Blog:isUserInRole(...)@231: {0}, {1}
*/
229 public static boolean isUserAuthorisedForBlogAsBlogContributor(Authentication auth, Blog blog) {
230 String currentUser = SecurityUtils.getUsername(auth);
231 return isBlogContributor(auth) && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser);
232 }
233
/*
P/P * Method: bool isUserAuthorisedForBlogAsBlogReader(Authentication, Blog)
*
* Preconditions:
* blog != null
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.BLOG_READER_ROLE)
*
* Postconditions:
* init'ed(return_value)
*/
234 public static boolean isUserAuthorisedForBlogAsBlogReader(Authentication auth, Blog blog) {
235 String currentUser = SecurityUtils.getUsername(auth);
236 return blog.isUserInRole(Constants.BLOG_READER_ROLE, currentUser);
237 }
238
/*
P/P * Method: bool isUserAuthorisedForBlog(Blog)
*
* Preconditions:
* (soft) blog != null
*
* Postconditions:
* init'ed(return_value)
*/
239 public static boolean isUserAuthorisedForBlog(Blog blog) {
240 return isUserAuthorisedForBlogAsBlogOwner(blog) ||
241 isUserAuthorisedForBlogAsBlogPublisher(blog) ||
242 isUserAuthorisedForBlogAsBlogContributor(blog);
243 }
244
/*
P/P * Method: bool isUserAuthorisedForBlog(Authentication, Blog)
*
* Preconditions:
* (soft) blog != null
*
* Postconditions:
* init'ed(return_value)
*/
245 public static boolean isUserAuthorisedForBlog(Authentication auth, Blog blog) {
246 return isUserAuthorisedForBlogAsBlogOwner(auth, blog) ||
247 isUserAuthorisedForBlogAsBlogPublisher(auth, blog) ||
248 isUserAuthorisedForBlogAsBlogContributor(auth, blog);
249 }
250
/*
P/P * Method: bool isUserAuthenticated()
*
* Presumptions:
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@252 != null
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* org.acegisecurity.context.SecurityContext:getAuthentication(...)@253: Addr_Set{null}, Inverse{null}
*/
251 public static boolean isUserAuthenticated() {
252 SecurityContext ctx = SecurityContextHolder.getContext();
253 return ctx.getAuthentication() != null;
254 }
255
256 public static void main(String[] args) {
257 if (args.length != 3) {
258 System.out.println("Usage : [md5|sha|plaintext] username password");
259 } else if (args[0].equals("md5")) {
260 PasswordEncoder encoder = new Md5PasswordEncoder();
/*
P/P * Method: void main(String[])
*
* Preconditions:
* args != null
* (soft) args[0] != null
* (soft) init'ed(args[1])
* (soft) init'ed(args[2])
*
* Presumptions:
* java.lang.System.out != null
*
* Test Vectors:
* args.length: {3}, {0..2, 4..+Inf}
* java.lang.String:equals(...)@259: {0}, {1}
* java.lang.String:equals(...)@262: {0}, {1}
* java.lang.String:equals(...)@265: {0}, {1}
*/
261 System.out.println(encoder.encodePassword(args[2], args[1]));
262 } else if (args[0].equals("sha")) {
263 PasswordEncoder encoder = new ShaPasswordEncoder();
264 System.out.println(encoder.encodePassword(args[2], args[1]));
265 } else if (args[0].equals("plaintext")) {
266 PasswordEncoder encoder = new PlaintextPasswordEncoder();
267 System.out.println(encoder.encodePassword(args[2], args[1]));
268 } else {
269 System.out.println("Algorithm must be md5, sha or plaintext");
270 }
271 }
272
273 }
SofCheck Inspector Build Version : 2.22510
| securityutils.java |
2010-Jun-25 19:40:32 |
| securityutils.class |
2010-Jul-19 20:23:38 |