File Source: abstractapihandler.java
/*
P/P * Method: net.sourceforge.pebble.webservice.AbstractAPIHandler__static_init
*/
1 /*
2 * Copyright (c) 2003-2006, Simon Brown
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * - Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * - Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * - Neither the name of Pebble nor the names of its contributors may
17 * be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32 package net.sourceforge.pebble.webservice;
33
34 import net.sourceforge.pebble.domain.BlogManager;
35 import net.sourceforge.pebble.domain.Blog;
36 import net.sourceforge.pebble.util.SecurityUtils;
37 import org.acegisecurity.Authentication;
38 import org.acegisecurity.AuthenticationException;
39 import org.acegisecurity.AuthenticationManager;
40 import org.acegisecurity.context.SecurityContextHolder;
41 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/*
P/P * Method: void net.sourceforge.pebble.webservice.AbstractAPIHandler()
*/
42 import org.apache.xmlrpc.XmlRpcException;
43
44 /**
45 * A handler for the XML-RPC blogging APIs.
46 *
47 * @author Simon Brown
48 */
49 public abstract class AbstractAPIHandler {
50
51 /** character used to separate blog and post IDs in multi-user mode */
52 static final char BLOG_ID_SEPARATOR = '/';
53
54 private AuthenticationManager authenticationManager;
55
/*
P/P * Method: AuthenticationManager getAuthenticationManager()
*
* Preconditions:
* init'ed(this.authenticationManager)
*
* Postconditions:
* return_value == this.authenticationManager
* init'ed(return_value)
*/
56 public AuthenticationManager getAuthenticationManager() {
57 return authenticationManager;
58 }
59
/*
P/P * Method: void setAuthenticationManager(AuthenticationManager)
*
* Postconditions:
* this.authenticationManager == authenticationManager
* init'ed(this.authenticationManager)
*/
60 public void setAuthenticationManager(AuthenticationManager authenticationManager) {
61 this.authenticationManager = authenticationManager;
62 }
63
64 /**
65 * A helper method to authenticate a username/password pair against the
66 * properties for the specified Blog instance.
67 *
68 * @param blog the Blog instance to test against
69 * @param username the username used for logging in via XML-RPC
70 * @param password the password used for logging in via XML-RPC
71 */
/*
P/P * Method: void authenticate(Blog, String, String)
*
* Preconditions:
* this.authenticationManager != null
*
* Presumptions:
* net.sourceforge.pebble.util.SecurityUtils:isUserAuthorisedForBlogAsBlogContributor(...)@77 == 1
* org.acegisecurity.context.SecurityContextHolder:getContext(...)@75 != null
*
* Test Vectors:
* blog: Addr_Set{null}, Inverse{null}
*/
72 protected void authenticate(Blog blog, String username, String password) throws XmlRpcAuthenticationException {
73 try {
74 Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
75 SecurityContextHolder.getContext().setAuthentication(auth);
76
77 if (blog != null && !SecurityUtils.isUserAuthorisedForBlogAsBlogContributor(blog)) {
78 throw new XmlRpcAuthenticationException("Not authorised for this blog.");
79 }
80 } catch (AuthenticationException ae) {
81 throw new XmlRpcAuthenticationException("Username and password did not pass authentication.");
82 }
83 }
84
85 /**
86 * Gets the blog from a given String.
87 * <br /><br />
88 * In single-user mode, blog IDs are irrelevant since there is only one blog.
89 * In multi-user mode, the post ID is composed of "blog ID/post ID"
90 * (this is Pebble's way of uniquely identifying a blog entry across all
91 * users' blogs).
92 *
93 * @param s the String containing the post ID
94 * @return the post ID (blog entry ID)
95 */
/*
P/P * Method: Blog getBlogWithPostId(String)
*
* Preconditions:
* s != null
*
* Presumptions:
* net.sourceforge.pebble.domain.BlogManager:getBlog(...)@109 != null
* net.sourceforge.pebble.domain.BlogManager:getInstance(...)@109 != null
*
* Postconditions:
* (soft) return_value != null
*
* Test Vectors:
* java.lang.String:lastIndexOf(...)@104: {-231..-1}, {0..232-1}
*/
96 protected Blog getBlogWithPostId(String s) throws XmlRpcException {
97 if (s == null) {
98 throw new XmlRpcException(0, "Blog with ID of " + null + " not found.");
99 }
100
101 String blogId = null;
102 Blog blog;
103
104 int index = s.lastIndexOf(BLOG_ID_SEPARATOR);
105 if (index > -1) {
106 blogId = s.substring(0, index);
107 }
108
109 blog = BlogManager.getInstance().getBlog(blogId);
110 if (blog == null) {
111 throw new XmlRpcException(0, "Blog with ID of " + blogId + " not found.");
112 } else {
113 return blog;
114 }
115 }
116
117 /**
118 * Gets the blog from a given String.
119 * <br /><br />
120 * In single-user mode, blog IDs are irrelevant since there is only one blog.
121 * In multi-user mode, the post ID is composed of "blog ID/post ID"
122 * (this is Pebble's way of uniquely identifying a blog entry across all
123 * users' blogs).
124 *
125 * @param blogId the String containing the post ID
126 * @return the blog ID
127 */
/*
P/P * Method: Blog getBlogWithBlogId(String)
*
* Presumptions:
* net.sourceforge.pebble.domain.BlogManager:getBlog(...)@129 != null
* net.sourceforge.pebble.domain.BlogManager:getInstance(...)@129 != null
*
* Postconditions:
* (soft) return_value != null
*/
128 protected Blog getBlogWithBlogId(String blogId) throws XmlRpcException {
129 Blog blog = BlogManager.getInstance().getBlog(blogId);
130 if (blog == null) {
131 throw new XmlRpcException(0, "Blog with ID of " + blogId + " not found.");
132 } else {
133 return blog;
134 }
135 }
136
137 /**
138 * Gets the post ID (blog entry ID) from a given String.
139 * <br /><br />
140 * In single-user mode, post IDs
141 * are specified as just the blog ID. In multi-user mode, the post ID
142 * is composed of "blog ID/post ID" (this is Pebble's way of uniquely
143 * identifying a blog entry across all users' blogs).
144 *
145 * @param s the String containing the post ID
146 * @return the post ID (blog entry ID)
147 */
/*
P/P * Method: String getPostId(String)
*
* Presumptions:
* java.lang.String:lastIndexOf(...)@153 <= 232-2
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* s: Inverse{null}, Addr_Set{null}
* java.lang.String:lastIndexOf(...)@153: {-231..-1}, {0..232-2}
*/
148 protected String getPostId(String s) {
149 if (s == null) {
150 return null;
151 }
152
153 int index = s.lastIndexOf(BLOG_ID_SEPARATOR);
154 if (index > -1) {
155 return s.substring(index+1);
156 } else {
157 return null;
158 }
159 }
160
161 /**
162 * Formats a post ID for the blogger client.
163 *
164 * @param blogid the blog ID
165 * @param postid the post ID
166 * @return if running in multi-user mode, returns "blogid/postid",
167 * otherwise just returns "postid"
168 */
/*
P/P * Method: String formatPostId(String, String)
*
* Postconditions:
* return_value != null
*/
169 protected String formatPostId(String blogid, String postid) {
170 return blogid + BLOG_ID_SEPARATOR + postid;
171 }
172
173 }
SofCheck Inspector Build Version : 2.22510
| abstractapihandler.java |
2010-Jun-25 19:40:32 |
| abstractapihandler.class |
2010-Jul-19 20:23:38 |