//# 1 errors, 299 messages
//#
/*
    //#httpcontroller.java:1:1: class: net.sourceforge.pebble.web.controller.HttpController
 * Copyright (c) 2003-2006, Simon Brown
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *
 *   - Neither the name of Pebble nor the names of its contributors may
 *     be used to endorse or promote products derived from this software
 *     without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
package net.sourceforge.pebble.web.controller;

import net.sourceforge.pebble.Constants;
import net.sourceforge.pebble.domain.AbstractBlog;
import net.sourceforge.pebble.domain.Blog;
import net.sourceforge.pebble.util.SecurityUtils;
import net.sourceforge.pebble.util.Utilities;
import net.sourceforge.pebble.web.action.Action;
import net.sourceforge.pebble.web.action.ActionFactory;
import net.sourceforge.pebble.web.action.ActionNotFoundException;
import net.sourceforge.pebble.web.action.SecureAction;
import net.sourceforge.pebble.web.model.Model;
import net.sourceforge.pebble.web.security.RequireSecurityToken;
import net.sourceforge.pebble.web.security.SecurityTokenValidator;
import net.sourceforge.pebble.web.view.View;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import javax.servlet.ServletException;
import javax.servlet.http.*;
import java.io.IOException;
import java.security.SecureRandom;

/**
 * An implementation of the front controller pattern, using the command
 * and controller strategy.
 *
 * @author Simon Brown
 */
public class HttpController extends HttpServlet {
    //#httpcontroller.java:61: method: void net.sourceforge.pebble.web.controller.HttpController.net.sourceforge.pebble.web.controller.HttpController()
    //#input(void net.sourceforge.pebble.web.controller.HttpController()): this
    //#output(void net.sourceforge.pebble.web.controller.HttpController()): this.actionExtension
    //#post(void net.sourceforge.pebble.web.controller.HttpController()): this.actionExtension == &".action"

  /**
   * the log used by this class
   */
  private static Log log = LogFactory.getLog(HttpController.class);
    //#httpcontroller.java:66: method: net.sourceforge.pebble.web.controller.HttpController.net.sourceforge.pebble.web.controller.HttpController__static_init
    //#httpcontroller.java:66: Warning: method not available
    //#    -- call on Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: net.sourceforge.pebble.web.controller.HttpController__static_init
    //#    unanalyzed callee: Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Descendant_Table[net/sourceforge/pebble/web/controller/HttpController]
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.doGet(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.doPost(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.init()V
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.isAuthorised(Ljavax/servlet/http/HttpServletRequest;Lnet/sourceforge/pebble/web/action/Action;)Z
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.isUserInRole(Ljavax/servlet/http/HttpServletRequest;Lnet/sourceforge/pebble/web/action/SecureAction;)Z
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.processRequest(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V
    //#output(net.sourceforge.pebble.web.controller.HttpController__static_init): log
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Descendant_Table[net/sourceforge/pebble/web/controller/HttpController] == &__Dispatch_Table
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.doGet(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V == &doGet
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.doPost(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V == &doPost
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.init()V == &init
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.isAuthorised(Ljavax/servlet/http/HttpServletRequest;Lnet/sourceforge/pebble/web/action/Action;)Z == &isAuthorised
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.isUserInRole(Ljavax/servlet/http/HttpServletRequest;Lnet/sourceforge/pebble/web/action/SecureAction;)Z == &isUserInRole
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): __Dispatch_Table.processRequest(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V == &processRequest
    //#post(net.sourceforge.pebble.web.controller.HttpController__static_init): init'ed(log)
    //#httpcontroller.java:66: end of method: net.sourceforge.pebble.web.controller.HttpController.net.sourceforge.pebble.web.controller.HttpController__static_init

  /**
   * a reference to the factory used to create Action instances
   */
  private ActionFactory actionFactory;

  /**
   * the extension used to refer to actions
   */
  private String actionExtension = ".action";
    //#httpcontroller.java:76: end of method: void net.sourceforge.pebble.web.controller.HttpController.net.sourceforge.pebble.web.controller.HttpController()

  /**
   * The security token validator
   */
  private SecurityTokenValidator securityTokenValidator;

  /**
   * Initialises this instance.
   */
  public void init() {
    String actions = getServletConfig().getInitParameter("actions");
    //#httpcontroller.java:87: method: void net.sourceforge.pebble.web.controller.HttpController.init()
    //#httpcontroller.java:87: Warning: method not available
    //#    -- call on ServletConfig net.sourceforge.pebble.web.controller.HttpController:getServletConfig()
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: void init()
    //#    unanalyzed callee: ServletConfig net.sourceforge.pebble.web.controller.HttpController:getServletConfig()
    //#input(void init()): net/sourceforge/pebble/web/action/ActionFactory.log
    //#input(void init()): this
    //#output(void init()): new ActionFactory(init#1) num objects
    //#output(void init()): this.actionFactory.__Tag
    //#output(void init()): this.actionFactory.actionMappingFileName
    //#output(void init()): this.actionFactory.actions
    //#output(void init()): new HashMap(ActionFactory#1) num objects
    //#output(void init()): new SecurityTokenValidator(init#2) num objects
    //#output(void init()): this.securityTokenValidator.__Tag
    //#output(void init()): this.actionExtension
    //#output(void init()): this.actionFactory
    //#output(void init()): this.securityTokenValidator
    //#new obj(void init()): new ActionFactory(init#1)
    //#new obj(void init()): new HashMap(ActionFactory#1)
    //#new obj(void init()): new SecurityTokenValidator(init#2)
    //#pre[1] (void init()): (soft) net/sourceforge/pebble/web/action/ActionFactory.log != null
    //#presumption(void init()): net.sourceforge.pebble.web.controller.HttpController:getServletConfig(...)@87 != null
    //#presumption(void init()): net.sourceforge.pebble.web.controller.HttpController:getServletConfig(...)@88 != null
    //#post(void init()): init'ed(this.actionExtension)
    //#post(void init()): this.actionFactory == &new ActionFactory(init#1)
    //#post(void init()): this.securityTokenValidator == &new SecurityTokenValidator(init#2)
    //#post(void init()): new ActionFactory(init#1) num objects == 1
    //#post(void init()): new HashMap(ActionFactory#1) num objects == 1
    //#post(void init()): new SecurityTokenValidator(init#2) num objects == 1
    //#post(void init()): this.actionFactory.__Tag == net/sourceforge/pebble/web/action/ActionFactory
    //#post(void init()): init'ed(this.actionFactory.actionMappingFileName)
    //#post(void init()): this.actionFactory.actions == &new HashMap(ActionFactory#1)
    //#post(void init()): this.securityTokenValidator.__Tag == net/sourceforge/pebble/web/security/SecurityTokenValidator
    //#unanalyzed(void init()): Effects-of-calling:java.lang.Object:getClass
    //#unanalyzed(void init()): Effects-of-calling:java.lang.Class:getClassLoader
    //#unanalyzed(void init()): Effects-of-calling:java.lang.ClassLoader:getResourceAsStream
    //#unanalyzed(void init()): Effects-of-calling:java.util.Properties
    //#unanalyzed(void init()): Effects-of-calling:java.util.Properties:load
    //#unanalyzed(void init()): Effects-of-calling:java.util.Properties:propertyNames
    //#unanalyzed(void init()): Effects-of-calling:java.util.Enumeration:hasMoreElements
    //#unanalyzed(void init()): Effects-of-calling:java.util.Enumeration:nextElement
    //#unanalyzed(void init()): Effects-of-calling:java.util.Properties:getProperty
    //#unanalyzed(void init()): Effects-of-calling:java.util.Map:put
    //#unanalyzed(void init()): Effects-of-calling:java.lang.Exception:getMessage
    //#unanalyzed(void init()): Effects-of-calling:org.apache.commons.logging.Log:error
    //#unanalyzed(void init()): Effects-of-calling:java.lang.Exception:printStackTrace
    //#unanalyzed(void init()): Effects-of-calling:java.util.HashMap
    this.actionExtension = getServletConfig().getInitParameter("actionExtension");
    //#httpcontroller.java:88: Warning: method not available
    //#    -- call on ServletConfig net.sourceforge.pebble.web.controller.HttpController:getServletConfig()
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: void init()
    //#    unanalyzed callee: ServletConfig net.sourceforge.pebble.web.controller.HttpController:getServletConfig()
    this.actionFactory = new ActionFactory(actions);
    this.securityTokenValidator = new SecurityTokenValidator();
  }
    //#httpcontroller.java:91: end of method: void net.sourceforge.pebble.web.controller.HttpController.init()

  /**
   * Processes the request - this is delegated to from doGet and doPost.
   *
   * @param request  the HttpServletRequest instance
   * @param response the HttpServletResponse instance
   */
  protected void processRequest(HttpServletRequest request,
                                HttpServletResponse response)
          throws ServletException, IOException {

    AbstractBlog blog = (AbstractBlog) request.getAttribute(Constants.BLOG_KEY);

    // find which action should be used
    String actionName = request.getRequestURI();
    if (actionName.indexOf("?") > -1) {
      // strip of the query string - some servers leave this on
      actionName = actionName.substring(0, actionName.indexOf("?"));
    }
    int index = actionName.lastIndexOf("/");
    actionName = actionName.substring(index + 1, (actionName.length() - actionExtension.length()));
    Action action;

    try {
      log.debug("Action is " + actionName);
      action = actionFactory.getAction(actionName);
    } catch (ActionNotFoundException anfe) {
      log.warn(anfe.getMessage());
      response.sendError(HttpServletResponse.SC_NOT_FOUND);
      return;
    }

    boolean authorised = isAuthorised(request, action);
    if (!authorised) {
      response.sendError(HttpServletResponse.SC_FORBIDDEN);
    } else {
      boolean validated = securityTokenValidator.validateSecurityToken(request, response, action);
      if (!validated) {
        // Forward to no security url
        request.getRequestDispatcher("/noSecurityToken.action").forward(request, response);
      } else {
        try {
          Model model = new Model();
          model.put(Constants.BLOG_KEY, blog);
          String calculatedBaseUrl = Utilities.calcBaseUrl(request.getScheme(), blog.getUrl());
          model.put(Constants.BLOG_URL, blog.getUrl());
          action.setModel(model);
          View view = action.process(request, response);
          if (view != null) {

            view.setModel(model);
            view.setServletContext(this.getServletContext());

            view.prepare();

            for (Object key : model.keySet()) {
              request.setAttribute(key.toString(), model.get(key.toString()));
            }

            response.setContentType(view.getContentType());
            view.dispatch(request, response, getServletContext());

          }
        } catch (Exception e) {
          request.setAttribute("exception", e);
          throw new ServletException(e);
        }
      }
    }
  }

  private boolean isAuthorised(HttpServletRequest request, Action action) {
    if (action instanceof SecureAction) {
    //#httpcontroller.java:164: method: bool net.sourceforge.pebble.web.controller.HttpController.isAuthorised(HttpServletRequest, Action)
    //#input(bool isAuthorised(HttpServletRequest, Action)): action
    //#input(bool isAuthorised(HttpServletRequest, Action)): action.__Tag
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AboutBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AbstractFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AbstractLogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AddBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AddBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AddCategoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AddRefererFiltersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AddStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/AddUserAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ChangePasswordAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ClearMessagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/CopyFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/CreateDirectoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/EditBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/EditCategoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/EditFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/EditStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/EditUserDetailsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/EditUserPreferencesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ExportBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/GarbageCollectAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ManageBlogEntriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ManageBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ManageResponsesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ManageStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ManageUsersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/PublishBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ReindexBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ReloadBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/RemoveCategoriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/RemoveFilesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/RemoveRefererFiltersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/RemoveStaticPagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ResetPluginsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ResetThemeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/RestoreThemeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveBlogPropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveBlogSecurityAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveCategoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SavePebblePropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SavePluginsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveUserAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveUserDetailsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SaveUserPreferencesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SecureAction.__Descendant_Table[others]
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SecureAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/SendTrackBackAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/UnlockStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/UploadFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/UploadFileToBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/UploadFileToThemeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/UploadImageToBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/UtilitiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewBlogPropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewBlogSecurityAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewBlogsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewCategoriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewCountriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewEmailSubscribersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewFilesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewHelpAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewLogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewLogSummaryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewMessagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewPebblePropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewPluginsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewRefererFiltersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewReferersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewRequestsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewRequestsByHourAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewRequestsByTypeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewResponsesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewStaticPagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewUnpublishedBlogEntriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewUserAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewUserAgentsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ViewUsersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): net/sourceforge/pebble/web/action/ZipDirectoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isAuthorised(HttpServletRequest, Action)): request
    //#input(bool isAuthorised(HttpServletRequest, Action)): this
    //#output(bool isAuthorised(HttpServletRequest, Action)): return_value
    //#pre[2] (bool isAuthorised(HttpServletRequest, Action)): (soft) action.__Tag != net/sourceforge/pebble/web/action/SaveStaticPageAction
    //#pre[3] (bool isAuthorised(HttpServletRequest, Action)): (soft) request != null
    //#post(bool isAuthorised(HttpServletRequest, Action)): init'ed(return_value)
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:javax.servlet.http.HttpServletRequest:getAttribute
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:org.acegisecurity.Authentication:getName
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:org.acegisecurity.context.SecurityContextHolder:getContext
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:org.acegisecurity.context.SecurityContext:getAuthentication
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:getRoles
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:java.lang.String:equals
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:org.acegisecurity.Authentication:getAuthorities
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:org.acegisecurity.GrantedAuthority:getAuthority
    //#unanalyzed(bool isAuthorised(HttpServletRequest, Action)): Effects-of-calling:net.sourceforge.pebble.domain.Blog:isUserInRole
      SecureAction secureAction = (SecureAction) action;
      return isUserInRole(request, secureAction);
    } else {
      return true;
    //#httpcontroller.java:168: end of method: bool net.sourceforge.pebble.web.controller.HttpController.isAuthorised(HttpServletRequest, Action)
    }
  }

  /**
   * Determines whether the current user in one of the roles specified
   * by the secure action.
   *
   * @param request the HttpServletRequest
   * @param action  the SecureAction to check against
   * @return true if the user is in one of the roles, false otherwise
   */
  private boolean isUserInRole(HttpServletRequest request, SecureAction action) {
    AbstractBlog ab = (AbstractBlog) request.getAttribute(Constants.BLOG_KEY);
    //#httpcontroller.java:181: method: bool net.sourceforge.pebble.web.controller.HttpController.isUserInRole(HttpServletRequest, SecureAction)
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): action
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): action.__Tag
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AboutBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AbstractFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AbstractLogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AddBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AddBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AddCategoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AddRefererFiltersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AddStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/AddUserAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ChangePasswordAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ClearMessagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/CopyFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/CreateDirectoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/EditBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/EditCategoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/EditFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/EditStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/EditUserDetailsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/EditUserPreferencesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ExportBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/GarbageCollectAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ManageBlogEntriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ManageBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ManageResponsesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ManageStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ManageUsersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/PublishBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ReindexBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ReloadBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/RemoveCategoriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/RemoveFilesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/RemoveRefererFiltersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/RemoveStaticPagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ResetPluginsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ResetThemeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/RestoreThemeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveBlogEntryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveBlogPropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveBlogSecurityAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveCategoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SavePebblePropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SavePluginsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveUserAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveUserDetailsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SaveUserPreferencesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SecureAction.__Descendant_Table[others]
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SecureAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/SendTrackBackAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/UnlockStaticPageAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/UploadFileAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/UploadFileToBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/UploadFileToThemeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/UploadImageToBlogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/UtilitiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewBlogPropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewBlogSecurityAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewBlogsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewCategoriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewCountriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewEmailSubscribersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewFilesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewHelpAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewLogAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewLogSummaryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewMessagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewPebblePropertiesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewPluginsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewRefererFiltersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewReferersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewRequestsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewRequestsByHourAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewRequestsByTypeAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewResponsesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewStaticPagesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewUnpublishedBlogEntriesAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewUserAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewUserAgentsAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ViewUsersAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): net/sourceforge/pebble/web/action/ZipDirectoryAction.__Dispatch_Table.getRoles(Ljavax/servlet/http/HttpServletRequest;)[Ljava/lang/String;
    //#input(bool isUserInRole(HttpServletRequest, SecureAction)): request
    //#output(bool isUserInRole(HttpServletRequest, SecureAction)): return_value
    //#pre[1] (bool isUserInRole(HttpServletRequest, SecureAction)): action != null
    //#pre[2] (bool isUserInRole(HttpServletRequest, SecureAction)): action.__Tag != net/sourceforge/pebble/web/action/SaveStaticPageAction
    //#pre[3] (bool isUserInRole(HttpServletRequest, SecureAction)): request != null
    //#presumption(bool isUserInRole(HttpServletRequest, SecureAction)): Local_9[Local_7]@183 != null
    //#presumption(bool isUserInRole(HttpServletRequest, SecureAction)): getRoles(...)@183 != null
    //#presumption(bool isUserInRole(HttpServletRequest, SecureAction)): roles.length@183 <= 4_294_967_295
    //#post(bool isUserInRole(HttpServletRequest, SecureAction)): init'ed(return_value)
    //#unanalyzed(bool isUserInRole(HttpServletRequest, SecureAction)): Effects-of-calling:org.acegisecurity.Authentication:getName
    //#unanalyzed(bool isUserInRole(HttpServletRequest, SecureAction)): Effects-of-calling:org.acegisecurity.context.SecurityContextHolder:getContext
    //#unanalyzed(bool isUserInRole(HttpServletRequest, SecureAction)): Effects-of-calling:org.acegisecurity.context.SecurityContext:getAuthentication
    //#unanalyzed(bool isUserInRole(HttpServletRequest, SecureAction)): Effects-of-calling:org.acegisecurity.Authentication:getAuthorities
    //#unanalyzed(bool isUserInRole(HttpServletRequest, SecureAction)): Effects-of-calling:org.acegisecurity.GrantedAuthority:getAuthority
    //#unanalyzed(bool isUserInRole(HttpServletRequest, SecureAction)): Effects-of-calling:java.lang.String:equals
    //#test_vector(bool isUserInRole(HttpServletRequest, SecureAction)): java.lang.String:equals(...)@185: {0}, {1}
    //#test_vector(bool isUserInRole(HttpServletRequest, SecureAction)): net.sourceforge.pebble.domain.Blog:isUserInRole(...)@190: {0}, {1}
    String currentUser = SecurityUtils.getUsername();
    String roles[] = action.getRoles(request);
    //#httpcontroller.java:183: ?null dereference
    //#    net/sourceforge/pebble/web/action/SecureAction.__Descendant_Table[action.__Tag] != null
    //#    severity: SUPPRESSED
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: bool isUserInRole(HttpServletRequest, SecureAction)
    //#    basic block: Entry_BB_1
    //#    assertion: net/sourceforge/pebble/web/action/SecureAction.__Descendant_Table[action.__Tag] != null
    //#    VN: net/sourceforge/pebble/web/action/SecureAction.__Descendant_Table[action.__Tag]
    //#    Expected: Inverse{null}
    //#    Bad: Addr_Set{null}
    //#    Attribs:  Ptr  null in Bad
    //#httpcontroller.java:183: Warning: call too complex - analysis skipped
    //#    -- call on String[] getRoles(HttpServletRequest)
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: bool isUserInRole(HttpServletRequest, SecureAction)
    //#    unanalyzed callee: String[] getRoles(HttpServletRequest)
    for (String role : roles) {
      if (role.equals(Constants.ANY_ROLE)) {
        return true;
      } else if (SecurityUtils.isUserInRole(role)) {
        if (ab instanceof Blog) {
          Blog blog = (Blog) ab;
          if (blog.isUserInRole(role, currentUser)) {
    //#httpcontroller.java:190: Warning: method not available
    //#    -- call on bool net.sourceforge.pebble.domain.Blog:isUserInRole(String, String)
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: bool isUserInRole(HttpServletRequest, SecureAction)
    //#    unanalyzed callee: bool net.sourceforge.pebble.domain.Blog:isUserInRole(String, String)
            return true;
          }
        } else {
          return true;
        }
      }
    }
    return false;
    //#httpcontroller.java:198: end of method: bool net.sourceforge.pebble.web.controller.HttpController.isUserInRole(HttpServletRequest, SecureAction)
  }


  /**
   * A default implementation of doGet that delegates to the processRequest method.
   *
   * @param req the HttpServletRequest instance
   * @param res the HttpServletResponse instance
   */
  protected void doGet(HttpServletRequest req, HttpServletResponse res)
          throws ServletException, IOException {
    processRequest(req, res);
    //#httpcontroller.java:210: method: void net.sourceforge.pebble.web.controller.HttpController.doGet(HttpServletRequest, HttpServletResponse)
    //#httpcontroller.java:210: Warning: method not available
    //#    -- call on void processRequest(HttpServletRequest, HttpServletResponse)
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: void doGet(HttpServletRequest, HttpServletResponse)
    //#    unanalyzed callee: void processRequest(HttpServletRequest, HttpServletResponse)
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): __Descendant_Table[net/sourceforge/pebble/web/controller/HttpController]
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): __Descendant_Table[others]
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): __Dispatch_Table.processRequest(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): req
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): res
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): this
    //#input(void doGet(HttpServletRequest, HttpServletResponse)): this.__Tag
    //#pre[4] (void doGet(HttpServletRequest, HttpServletResponse)): this.__Tag == net/sourceforge/pebble/web/controller/HttpController
  }
    //#httpcontroller.java:211: end of method: void net.sourceforge.pebble.web.controller.HttpController.doGet(HttpServletRequest, HttpServletResponse)

  /**
   * A default implementation of doPost that delegates to the processRequest method.
   *
   * @param req the HttpServletRequest instance
   * @param res the HttpServletResponse instance
   */
  protected void doPost(HttpServletRequest req, HttpServletResponse res)
          throws ServletException, IOException {
    processRequest(req, res);
    //#httpcontroller.java:221: method: void net.sourceforge.pebble.web.controller.HttpController.doPost(HttpServletRequest, HttpServletResponse)
    //#httpcontroller.java:221: Warning: method not available
    //#    -- call on void processRequest(HttpServletRequest, HttpServletResponse)
    //#    severity: INFORMATIONAL
    //#    class: net.sourceforge.pebble.web.controller.HttpController
    //#    method: void doPost(HttpServletRequest, HttpServletResponse)
    //#    unanalyzed callee: void processRequest(HttpServletRequest, HttpServletResponse)
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): __Descendant_Table[net/sourceforge/pebble/web/controller/HttpController]
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): __Descendant_Table[others]
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): __Dispatch_Table.processRequest(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): req
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): res
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): this
    //#input(void doPost(HttpServletRequest, HttpServletResponse)): this.__Tag
    //#pre[4] (void doPost(HttpServletRequest, HttpServletResponse)): this.__Tag == net/sourceforge/pebble/web/controller/HttpController
  }
    //#httpcontroller.java:222: end of method: void net.sourceforge.pebble.web.controller.HttpController.doPost(HttpServletRequest, HttpServletResponse)

}
    //#httpcontroller.java:: end of class: net.sourceforge.pebble.web.controller.HttpController
