//# 0 errors, 67 messages
//#
/*
    //#privateblogfilterinvocationdefinitionsource.java:1:1: class: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource
 * Copyright (c) 2003-2006, Simon Brown
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *
 *   - Neither the name of Pebble nor the names of its contributors may
 *     be used to endorse or promote products derived from this software
 *     without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
package net.sourceforge.pebble.security;

import net.sourceforge.pebble.Constants;
import net.sourceforge.pebble.domain.AbstractBlog;
import net.sourceforge.pebble.domain.Blog;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.intercept.web.FilterInvocation;
import org.acegisecurity.intercept.web.FilterInvocationDefinitionSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import javax.servlet.http.HttpServletRequest;
import java.util.Iterator;
import java.util.List;

/**
 * Bespoke FilterInvocationDefinitionSource that holds a mapping between blog
 * IDs and the roles that can access them. This is used when blog owners mark
 * their blog as "private", which forces authentication before the content
 * can be accessed. This implementation allows mappings to be removed
 * and added at runtime, making it possible to make blogs private
 * without restarting the web/application server.
 *
 * @author Simon Brown
 */
public class PrivateBlogFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {
    //#privateblogfilterinvocationdefinitionsource.java:57: method: void net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource()
    //#privateblogfilterinvocationdefinitionsource.java:57: end of method: void net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource()

  private static final Log log = LogFactory.getLog(PrivateBlogFilterInvocationDefinitionSource.class);
    //#privateblogfilterinvocationdefinitionsource.java:59: method: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init
    //#privateblogfilterinvocationdefinitionsource.java:59: Warning: method not available
    //#    -- call on Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource
    //#    method: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init
    //#    unanalyzed callee: Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#output(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Descendant_Table[net/sourceforge/pebble/security/PrivateBlogFilterInvocationDefinitionSource]
    //#output(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Dispatch_Table.getAttributes(Ljava/lang/Object;)Lorg/acegisecurity/ConfigAttributeDefinition;
    //#output(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Dispatch_Table.getConfigAttributeDefinitions()Ljava/util/Iterator;
    //#output(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Dispatch_Table.supports(Ljava/lang/Class;)Z
    //#output(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): log
    //#post(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Descendant_Table[net/sourceforge/pebble/security/PrivateBlogFilterInvocationDefinitionSource] == &__Dispatch_Table
    //#post(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Dispatch_Table.getAttributes(Ljava/lang/Object;)Lorg/acegisecurity/ConfigAttributeDefinition; == &getAttributes
    //#post(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Dispatch_Table.getConfigAttributeDefinitions()Ljava/util/Iterator; == &getConfigAttributeDefinitions
    //#post(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): __Dispatch_Table.supports(Ljava/lang/Class;)Z == &supports
    //#post(net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init): init'ed(log)
    //#privateblogfilterinvocationdefinitionsource.java:59: end of method: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource__static_init


  /**
   * Accesses the <code>ConfigAttributeDefinition</code> that applies to a given secure object.<P>Returns
   * <code>null</code> if no <code>ConfigAttribiteDefinition</code> applies.</p>
   *
   * @param object the object being secured
   * @return the <code>ConfigAttributeDefinition</code> that applies to the passed object
   * @throws IllegalArgumentException if the passed object is not of a type supported by the
   *                                  <code>ObjectDefinitionSource</code> implementation
   */
  public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException {
    if ((object == null) || !this.supports(object.getClass())) {
    //#privateblogfilterinvocationdefinitionsource.java:72: method: ConfigAttributeDefinition net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.getAttributes(Object)
    //#input(ConfigAttributeDefinition getAttributes(Object)): __Descendant_Table[net/sourceforge/pebble/security/PrivateBlogFilterInvocationDefinitionSource]
    //#input(ConfigAttributeDefinition getAttributes(Object)): __Descendant_Table[others]
    //#input(ConfigAttributeDefinition getAttributes(Object)): __Dispatch_Table.supports(Ljava/lang/Class;)Z
    //#input(ConfigAttributeDefinition getAttributes(Object)): object
    //#input(ConfigAttributeDefinition getAttributes(Object)): this
    //#input(ConfigAttributeDefinition getAttributes(Object)): this.__Tag
    //#output(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1) num objects
    //#output(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1).__Tag
    //#output(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1).blog
    //#output(ConfigAttributeDefinition getAttributes(Object)): return_value
    //#new obj(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1)
    //#pre[1] (ConfigAttributeDefinition getAttributes(Object)): object != null
    //#pre[3] (ConfigAttributeDefinition getAttributes(Object)): this.__Tag == net/sourceforge/pebble/security/PrivateBlogFilterInvocationDefinitionSource
    //#presumption(ConfigAttributeDefinition getAttributes(Object)): java.lang.Class:isAssignableFrom(...)@124 == 1
    //#presumption(ConfigAttributeDefinition getAttributes(Object)): javax.servlet.http.HttpServletRequest:getAttribute(...)@77 != null
    //#presumption(ConfigAttributeDefinition getAttributes(Object)): org.acegisecurity.intercept.web.FilterInvocation:getHttpRequest(...)@76 != null
    //#presumption(ConfigAttributeDefinition getAttributes(Object)): org.acegisecurity.intercept.web.FilterInvocation:getHttpRequest(...)@93 != null
    //#post(ConfigAttributeDefinition getAttributes(Object)): return_value in Addr_Set{null,&new PrivateBlogConfigAttributeDefinition(getAttributes#1)}
    //#post(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1) num objects <= 1
    //#post(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1).__Tag == net/sourceforge/pebble/security/PrivateBlogConfigAttributeDefinition
    //#post(ConfigAttributeDefinition getAttributes(Object)): new PrivateBlogConfigAttributeDefinition(getAttributes#1).blog != null
    //#unanalyzed(ConfigAttributeDefinition getAttributes(Object)): Effects-of-calling:java.lang.Class:isAssignableFrom
    //#unanalyzed(ConfigAttributeDefinition getAttributes(Object)): Effects-of-calling:org.acegisecurity.ConfigAttributeDefinition
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:endsWith(...)@79: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:endsWith(...)@80: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:equals(...)@85: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:equals(...)@86: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:equals(...)@87: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:startsWith(...)@81: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:startsWith(...)@82: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:startsWith(...)@83: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:startsWith(...)@84: {1}, {0}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.lang.String:startsWith(...)@88: {0}, {1}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): java.util.List:size(...)@97: {-2_147_483_648..0}, {1..4_294_967_295}
    //#test_vector(ConfigAttributeDefinition getAttributes(Object)): net.sourceforge.pebble.domain.Blog:getBlogReaders(...)@96: Addr_Set{null}, Inverse{null}
        throw new IllegalArgumentException("Object must be a FilterInvocation");
    }

    HttpServletRequest request = ((FilterInvocation)object).getHttpRequest();
    //#privateblogfilterinvocationdefinitionsource.java:76: Warning: method not available
    //#    -- call on HttpServletRequest org.acegisecurity.intercept.web.FilterInvocation:getHttpRequest()
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource
    //#    method: ConfigAttributeDefinition getAttributes(Object)
    //#    unanalyzed callee: HttpServletRequest org.acegisecurity.intercept.web.FilterInvocation:getHttpRequest()
    String uri = (String)request.getAttribute(Constants.INTERNAL_URI);
    if (
        uri.endsWith("loginPage.action") ||
        uri.endsWith(".secureaction") ||
        uri.startsWith("/themes/") ||
        uri.startsWith("/scripts/") ||
        uri.startsWith("/common/") ||
        uri.startsWith("/dwr/") ||
        uri.equals("/robots.txt") ||
        uri.equals("/pebble.css") ||
        uri.equals("/favicon.ico") ||
        uri.startsWith("/FCKeditor/")
        ) {
      return null;
    }
    
    AbstractBlog ab = (AbstractBlog)((FilterInvocation)object).getHttpRequest().getAttribute(Constants.BLOG_KEY);
    //#privateblogfilterinvocationdefinitionsource.java:93: Warning: method not available
    //#    -- call on HttpServletRequest org.acegisecurity.intercept.web.FilterInvocation:getHttpRequest()
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource
    //#    method: ConfigAttributeDefinition getAttributes(Object)
    //#    unanalyzed callee: HttpServletRequest org.acegisecurity.intercept.web.FilterInvocation:getHttpRequest()
    if (ab instanceof Blog) {
      Blog blog = (Blog)ab;
      List<String> blogReaders = blog.getBlogReaders();
    //#privateblogfilterinvocationdefinitionsource.java:96: Warning: method not available
    //#    -- call on List net.sourceforge.pebble.domain.Blog:getBlogReaders()
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource
    //#    method: ConfigAttributeDefinition getAttributes(Object)
    //#    unanalyzed callee: List net.sourceforge.pebble.domain.Blog:getBlogReaders()
      if (blogReaders != null && blogReaders.size() > 0) {
        return new PrivateBlogConfigAttributeDefinition(blog);
      }
    }

    return null;
    //#privateblogfilterinvocationdefinitionsource.java:102: end of method: ConfigAttributeDefinition net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.getAttributes(Object)
  }

  /**
   * If available, all of the <code>ConfigAttributeDefinition</code>s defined by the implementing class.<P>This
   * is used by the {@link org.acegisecurity.intercept.AbstractSecurityInterceptor} to perform startup time validation of each
   * <code>ConfigAttribute</code> configured against it.</p>
   *
   * @return an iterator over all the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported
   */
  public Iterator getConfigAttributeDefinitions() {
    return null;
    //#privateblogfilterinvocationdefinitionsource.java:113: method: Iterator net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.getConfigAttributeDefinitions()
    //#output(Iterator getConfigAttributeDefinitions()): return_value
    //#post(Iterator getConfigAttributeDefinitions()): return_value == null
    //#privateblogfilterinvocationdefinitionsource.java:113: end of method: Iterator net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.getConfigAttributeDefinitions()
  }

  /**
   * Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
   * <code>ConfigAttributeDefinition</code>s for the indicated secure object type.
   *
   * @param clazz the class that is being queried
   * @return true if the implementation can process the indicated class
   */
  public boolean supports(Class clazz) {
    if (FilterInvocation.class.isAssignableFrom(clazz)) {
    //#privateblogfilterinvocationdefinitionsource.java:124: method: bool net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.supports(Class)
    //#input(bool supports(Class)): clazz
    //#output(bool supports(Class)): return_value
    //#post(bool supports(Class)): init'ed(return_value)
    //#test_vector(bool supports(Class)): java.lang.Class:isAssignableFrom(...)@124: {0}, {1}
        return true;
    } else {
        return false;
    //#privateblogfilterinvocationdefinitionsource.java:127: end of method: bool net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource.supports(Class)
    }
  }
}    //#privateblogfilterinvocationdefinitionsource.java:: end of class: net.sourceforge.pebble.security.PrivateBlogFilterInvocationDefinitionSource
