| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> |
| <title>Coverage Report</title> |
| <link title="Style" type="text/css" rel="stylesheet" href="css/main.css"/> |
| <script type="text/javascript" src="js/popup.js"></script> |
| </head> |
| <body> |
| <h5>Coverage Report - org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter</h5> |
| <div class="separator"> </div> |
| <table class="report"> |
| <thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead> |
| <tr><td><a href="org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter.html">HttpMethodPermissionFilter</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">73%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:73px"><span class="text">22/30</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">72%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:72px"><span class="text">13/18</span></div></div></td></tr></table></td><td class="value"><span class="hidden">2.111111111111111;</span>2.111</td></tr> |
| <tr><td><a href="org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter.html">HttpMethodPermissionFilter$HttpMethodAction</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">100%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:100px"><span class="text">13/13</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">N/A</a></td><td class="percentgraph"><div class="percentgraph"><div class="na" style="width:100px"><span class="text"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">N/A</a></span></div></div></td></tr></table></td><td class="value"><span class="hidden">2.111111111111111;</span>2.111</td></tr> |
| |
| </table> |
| <div class="separator"> </div> |
| <table cellspacing="0" cellpadding="0" class="src"> |
| <tr> <td class="numLine"> 1</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*</span></pre></td></tr> |
| <tr> <td class="numLine"> 2</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Licensed to the Apache Software Foundation (ASF) under one</span></pre></td></tr> |
| <tr> <td class="numLine"> 3</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * or more contributor license agreements. See the NOTICE file</span></pre></td></tr> |
| <tr> <td class="numLine"> 4</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * distributed with this work for additional information</span></pre></td></tr> |
| <tr> <td class="numLine"> 5</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * regarding copyright ownership. The ASF licenses this file</span></pre></td></tr> |
| <tr> <td class="numLine"> 6</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to you under the Apache License, Version 2.0 (the</span></pre></td></tr> |
| <tr> <td class="numLine"> 7</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * "License"); you may not use this file except in compliance</span></pre></td></tr> |
| <tr> <td class="numLine"> 8</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * with the License. You may obtain a copy of the License at</span></pre></td></tr> |
| <tr> <td class="numLine"> 9</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 10</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * http://www.apache.org/licenses/LICENSE-2.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 11</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 12</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Unless required by applicable law or agreed to in writing,</span></pre></td></tr> |
| <tr> <td class="numLine"> 13</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * software distributed under the License is distributed on an</span></pre></td></tr> |
| <tr> <td class="numLine"> 14</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</span></pre></td></tr> |
| <tr> <td class="numLine"> 15</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * KIND, either express or implied. See the License for the</span></pre></td></tr> |
| <tr> <td class="numLine"> 16</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * specific language governing permissions and limitations</span></pre></td></tr> |
| <tr> <td class="numLine"> 17</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * under the License.</span></pre></td></tr> |
| <tr> <td class="numLine"> 18</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 19</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">package</span> org.apache.shiro.web.filter.authz;</pre></td></tr> |
| <tr> <td class="numLine"> 20</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 21</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.util.StringUtils;</pre></td></tr> |
| <tr> <td class="numLine"> 22</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.slf4j.Logger;</pre></td></tr> |
| <tr> <td class="numLine"> 23</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.slf4j.LoggerFactory;</pre></td></tr> |
| <tr> <td class="numLine"> 24</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 25</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> javax.servlet.ServletRequest;</pre></td></tr> |
| <tr> <td class="numLine"> 26</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> javax.servlet.ServletResponse;</pre></td></tr> |
| <tr> <td class="numLine"> 27</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> javax.servlet.http.HttpServletRequest;</pre></td></tr> |
| <tr> <td class="numLine"> 28</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.io.IOException;</pre></td></tr> |
| <tr> <td class="numLine"> 29</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.util.HashMap;</pre></td></tr> |
| <tr> <td class="numLine"> 30</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.util.Map;</pre></td></tr> |
| <tr> <td class="numLine"> 31</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 32</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 33</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * A filter that translates an HTTP Request's Method (eg GET, POST, etc)</span></pre></td></tr> |
| <tr> <td class="numLine"> 34</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * into an corresponding action (verb) and uses that verb to construct a permission that will be checked to determine</span></pre></td></tr> |
| <tr> <td class="numLine"> 35</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * access.</span></pre></td></tr> |
| <tr> <td class="numLine"> 36</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 37</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This Filter is primarily provided to support REST environments where the type (Method)</span></pre></td></tr> |
| <tr> <td class="numLine"> 38</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * of request translates to an action being performed on one or more resources. This paradigm works well with Shiro's</span></pre></td></tr> |
| <tr> <td class="numLine"> 39</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * concepts of using permissions for access control and can be leveraged to easily perform permission checks.</span></pre></td></tr> |
| <tr> <td class="numLine"> 40</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 41</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This filter functions as follows:</span></pre></td></tr> |
| <tr> <td class="numLine"> 42</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 43</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>The incoming HTTP request's Method (GET, POST, PUT, DELETE, etc) is discovered.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 44</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>The Method is translated into a more 'application friendly' verb, such as 'create', edit', 'delete', etc.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 45</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>The verb is appended to any configured permissions for the</span></pre></td></tr> |
| <tr> <td class="numLine"> 46</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.web.filter.PathMatchingFilter currently matching path}.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 47</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>If the current {@code Subject} {@link org.apache.shiro.subject.Subject#isPermitted(String) isPermitted} to</span></pre></td></tr> |
| <tr> <td class="numLine"> 48</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * perform the resolved action, the request is allowed to continue.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 49</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 50</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 51</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * For example, if the following filter chain was defined, where 'rest' was the name given to a filter instance of</span></pre></td></tr> |
| <tr> <td class="numLine"> 52</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * this class:</span></pre></td></tr> |
| <tr> <td class="numLine"> 53</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <pre></span></pre></td></tr> |
| <tr> <td class="numLine"> 54</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * /user/** = rest[user]</pre></span></pre></td></tr> |
| <tr> <td class="numLine"> 55</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Then an HTTP {@code GET} request to {@code /user/1234} would translate to the constructed permission</span></pre></td></tr> |
| <tr> <td class="numLine"> 56</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code user:read} (GET is mapped to the 'read' action) and execute the permission check</span></pre></td></tr> |
| <tr> <td class="numLine"> 57</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <code>Subject.isPermitted(&quot;user:read&quot;)</code> in order to allow the request to continue.</span></pre></td></tr> |
| <tr> <td class="numLine"> 58</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 59</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Similarly, an HTTP {@code POST} to {@code /user} would translate to the constructed permission</span></pre></td></tr> |
| <tr> <td class="numLine"> 60</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code user:create} (POST is mapped to the 'create' action) and execute the permission check</span></pre></td></tr> |
| <tr> <td class="numLine"> 61</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <code>Subject.isPermitted(&quot;user:create&quot;)</code> in order to allow the request to continue.</span></pre></td></tr> |
| <tr> <td class="numLine"> 62</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 63</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h3>Method To Verb Mapping</h3></span></pre></td></tr> |
| <tr> <td class="numLine"> 64</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The following table represents the default HTTP Method-to-action verb mapping:</span></pre></td></tr> |
| <tr> <td class="numLine"> 65</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <table></span></pre></td></tr> |
| <tr> <td class="numLine"> 66</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><th>HTTP Method</th><th>Mapped Action</th><th>Example Permission</th><th>Runtime Check</th></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 67</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>head</td><td>read</td><td>perm1</td><td>perm1:read</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 68</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>get</td><td>read</td><td>perm2</td><td>perm2:read</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 69</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>put</td><td>update</td><td>perm3</td><td>perm3:update</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 70</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>post</td><td>create</td><td>perm4</td><td>perm4:create</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 71</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>mkcol</td><td>create</td><td>perm5</td><td>perm5:create</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 72</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>options</td><td>read</td><td>perm6</td><td>perm6:read</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 73</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <tr><td>trace</td><td>read</td><td>perm7</td><td>perm7:read</td></tr></span></pre></td></tr> |
| <tr> <td class="numLine"> 74</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </table></span></pre></td></tr> |
| <tr> <td class="numLine"> 75</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 76</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 77</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 78</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">class</span> HttpMethodPermissionFilter <span class="keyword">extends</span> PermissionsAuthorizationFilter {</pre></td></tr> |
| <tr> <td class="numLine"> 79</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 80</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 81</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This class's private logger.</span></pre></td></tr> |
| <tr> <td class="numLine"> 82</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 83</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> Logger log = LoggerFactory.getLogger(HttpMethodPermissionFilter.<span class="keyword">class</span>);</pre></td></tr> |
| <tr> <td class="numLine"> 84</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 85</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 86</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Map that contains a mapping between http methods to permission actions (verbs)</span></pre></td></tr> |
| <tr> <td class="numLine"> 87</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 88</td> <td class="nbHitsCovered"> 48</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> Map<String, String> httpMethodActions = <span class="keyword">new</span> HashMap<String, String>();</pre></td></tr> |
| <tr> <td class="numLine"> 89</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 90</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//Actions representing HTTP Method values (GET -> read, POST -> create, etc)</span></pre></td></tr> |
| <tr> <td class="numLine"> 91</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> String CREATE_ACTION = <span class="string">"create"</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 92</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> String READ_ACTION = <span class="string">"read"</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 93</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> String UPDATE_ACTION = <span class="string">"update"</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 94</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> String DELETE_ACTION = <span class="string">"delete"</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 95</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 96</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 97</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Enum of constants for well-defined mapping values. Used in the Filter's constructor to perform the map instance</span></pre></td></tr> |
| <tr> <td class="numLine"> 98</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * used at runtime.</span></pre></td></tr> |
| <tr> <td class="numLine"> 99</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 100</td> <td class="nbHitsCovered"> 49</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> enum HttpMethodAction {</pre></td></tr> |
| <tr> <td class="numLine"> 101</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 102</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> DELETE(DELETE_ACTION),</pre></td></tr> |
| <tr> <td class="numLineCover"> 103</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> GET(READ_ACTION),</pre></td></tr> |
| <tr> <td class="numLineCover"> 104</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> HEAD(READ_ACTION),</pre></td></tr> |
| <tr> <td class="numLineCover"> 105</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> MKCOL(CREATE_ACTION), <span class="comment">//webdav, but useful here</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 106</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> OPTIONS(READ_ACTION),</pre></td></tr> |
| <tr> <td class="numLineCover"> 107</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> POST(CREATE_ACTION),</pre></td></tr> |
| <tr> <td class="numLineCover"> 108</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> PUT(UPDATE_ACTION),</pre></td></tr> |
| <tr> <td class="numLineCover"> 109</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> TRACE(READ_ACTION);</pre></td></tr> |
| <tr> <td class="numLine"> 110</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 111</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> String action;</pre></td></tr> |
| <tr> <td class="numLine"> 112</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 113</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> <span class="keyword">private</span> HttpMethodAction(String action) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 114</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.action = action;</pre></td></tr> |
| <tr> <td class="numLineCover"> 115</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 116</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 117</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> String getAction() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 118</td> <td class="nbHitsCovered"> 384</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">this</span>.action;</pre></td></tr> |
| <tr> <td class="numLine"> 119</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 120</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 121</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 122</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 123</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Creates the filter instance with default method-to-action values in the instance's</span></pre></td></tr> |
| <tr> <td class="numLine"> 124</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getHttpMethodActions() http method actions map}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 125</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 126</td> <td class="nbHitsCovered"> 48</td> <td class="src"><pre class="src"> <span class="keyword">public</span> HttpMethodPermissionFilter() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 127</td> <td class="nbHitsCovered"><a title="Line 127: Conditional coverage 100% (2/2)."> 432</a></td> <td class="src"><pre class="src"> <a title="Line 127: Conditional coverage 100% (2/2)."> <span class="keyword">for</span> (HttpMethodAction methodAction : HttpMethodAction.values()) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 128</td> <td class="nbHitsCovered"> 384</td> <td class="src"><pre class="src"> httpMethodActions.put(methodAction.name().toLowerCase(), methodAction.getAction());</pre></td></tr> |
| <tr> <td class="numLine"> 129</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 130</td> <td class="nbHitsCovered"> 48</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 131</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 132</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 133</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the HTTP Method name (key) to action verb (value) mapping used to resolve actions based on an</span></pre></td></tr> |
| <tr> <td class="numLine"> 134</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * incoming {@code HttpServletRequest}. All keys and values are lower-case. The</span></pre></td></tr> |
| <tr> <td class="numLine"> 135</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * default key/value pairs are defined in the top class-level JavaDoc.</span></pre></td></tr> |
| <tr> <td class="numLine"> 136</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 137</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the HTTP Method lower-case name (key) to lower-case action verb (value) mapping</span></pre></td></tr> |
| <tr> <td class="numLine"> 138</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 139</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> Map<String, String> getHttpMethodActions() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 140</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">this</span>.httpMethodActions;</pre></td></tr> |
| <tr> <td class="numLine"> 141</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 142</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 143</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 144</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Determines the action (verb) attempting to be performed on the filtered resource by the current request.</span></pre></td></tr> |
| <tr> <td class="numLine"> 145</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 146</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation expects the incoming request to be an {@link HttpServletRequest} and returns a mapped</span></pre></td></tr> |
| <tr> <td class="numLine"> 147</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * action based on the HTTP request {@link javax.servlet.http.HttpServletRequest#getMethod() method}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 148</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 149</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param request to pull the method from.</span></pre></td></tr> |
| <tr> <td class="numLine"> 150</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return The string equivalent verb of the http method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 151</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 152</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String getHttpMethodAction(ServletRequest request) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 153</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String method = ((HttpServletRequest) request).getMethod();</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 154</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> getHttpMethodAction(method);</span></pre></td></tr> |
| <tr> <td class="numLine"> 155</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 156</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 157</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 158</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Determines the corresponding application action that will be performed on the filtered resource based on the</span></pre></td></tr> |
| <tr> <td class="numLine"> 159</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * specified HTTP method (GET, POST, etc).</span></pre></td></tr> |
| <tr> <td class="numLine"> 160</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 161</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param method to be translated into the verb.</span></pre></td></tr> |
| <tr> <td class="numLine"> 162</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return The string equivalent verb of the method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 163</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 164</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String getHttpMethodAction(String method) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 165</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> String lc = method.toLowerCase();</pre></td></tr> |
| <tr> <td class="numLineCover"> 166</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> String resolved = getHttpMethodActions().get(lc);</pre></td></tr> |
| <tr> <td class="numLineCover"> 167</td> <td class="nbHitsUncovered"><a title="Line 167: Conditional coverage 50% (1/2)."> 8</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 167: Conditional coverage 50% (1/2)."> <span class="keyword">return</span> resolved != <span class="keyword">null</span> ? resolved : method;</a></span></pre></td></tr> |
| <tr> <td class="numLine"> 168</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 169</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 170</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 171</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns a collection of String permissions with which to perform a permission check to determine if the filter</span></pre></td></tr> |
| <tr> <td class="numLine"> 172</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * will allow the request to continue.</span></pre></td></tr> |
| <tr> <td class="numLine"> 173</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 174</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation merely delegates to {@link #buildPermissions(String[], String)} and ignores the inbound</span></pre></td></tr> |
| <tr> <td class="numLine"> 175</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * HTTP servlet request, but it can be overridden by subclasses for more complex request-specific building logic</span></pre></td></tr> |
| <tr> <td class="numLine"> 176</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * if necessary.</span></pre></td></tr> |
| <tr> <td class="numLine"> 177</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 178</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param request the inbound HTTP request - ignored in this implementation, but available to</span></pre></td></tr> |
| <tr> <td class="numLine"> 179</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * subclasses for more complex construction building logic if necessary</span></pre></td></tr> |
| <tr> <td class="numLine"> 180</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param configuredPerms any url-specific permissions mapped to this filter in the URL rules mappings.</span></pre></td></tr> |
| <tr> <td class="numLine"> 181</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param action the application-friendly action (verb) resolved based on the HTTP Method name.</span></pre></td></tr> |
| <tr> <td class="numLine"> 182</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return a collection of String permissions with which to perform a permission check to determine if the filter</span></pre></td></tr> |
| <tr> <td class="numLine"> 183</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * will allow the request to continue.</span></pre></td></tr> |
| <tr> <td class="numLine"> 184</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 185</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String[] buildPermissions(HttpServletRequest request, String[] configuredPerms, String action) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 186</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> buildPermissions(configuredPerms, action);</span></pre></td></tr> |
| <tr> <td class="numLine"> 187</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 188</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 189</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 190</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Builds a new array of permission strings based on the original argument, appending the specified action verb</span></pre></td></tr> |
| <tr> <td class="numLine"> 191</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to each one per {@link org.apache.shiro.authz.permission.WildcardPermission WildcardPermission} conventions. The</span></pre></td></tr> |
| <tr> <td class="numLine"> 192</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * built permission strings will be the ones used at runtime during the permission check that determines if filter</span></pre></td></tr> |
| <tr> <td class="numLine"> 193</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * access should be allowed to continue or not.</span></pre></td></tr> |
| <tr> <td class="numLine"> 194</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 195</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * For example, if the {@code configuredPerms} argument contains the following 3 permission strings:</span></pre></td></tr> |
| <tr> <td class="numLine"> 196</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 197</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 198</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>permission:one</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 199</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>permission:two</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 200</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>permission:three</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 201</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 202</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * And the action is {@code read}, then the return value will be:</span></pre></td></tr> |
| <tr> <td class="numLine"> 203</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 204</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>permission:one:read</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 205</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>permission:two:read</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 206</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>permission:three:read</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 207</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 208</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * per {@link org.apache.shiro.authz.permission.WildcardPermission WildcardPermission} conventions. Subclasses</span></pre></td></tr> |
| <tr> <td class="numLine"> 209</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * are of course free to override this method or the</span></pre></td></tr> |
| <tr> <td class="numLine"> 210</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #buildPermissions(javax.servlet.http.HttpServletRequest, String[], String) buildPermissions} request</span></pre></td></tr> |
| <tr> <td class="numLine"> 211</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * variant for custom building logic or with different permission formats.</span></pre></td></tr> |
| <tr> <td class="numLine"> 212</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 213</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param configuredPerms list of configuredPerms to be converted.</span></pre></td></tr> |
| <tr> <td class="numLine"> 214</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param action the resolved action based on the request method to be appended to permission strings.</span></pre></td></tr> |
| <tr> <td class="numLine"> 215</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return an array of permission strings with each element appended with the action.</span></pre></td></tr> |
| <tr> <td class="numLine"> 216</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 217</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String[] buildPermissions(String[] configuredPerms, String action) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 218</td> <td class="nbHitsUncovered"><a title="Line 218: Conditional coverage 50% (3/6) [each condition: 50%, 50%, 50%]."> 8</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 218: Conditional coverage 50% (3/6) [each condition: 50%, 50%, 50%]."> <span class="keyword">if</span> (configuredPerms == <span class="keyword">null</span> || configuredPerms.length <= 0 || !StringUtils.hasText(action)) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 219</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> configuredPerms;</span></pre></td></tr> |
| <tr> <td class="numLine"> 220</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 221</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 222</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> String[] mappedPerms = <span class="keyword">new</span> String[configuredPerms.length];</pre></td></tr> |
| <tr> <td class="numLine"> 223</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 224</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// loop and append :action</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 225</td> <td class="nbHitsCovered"><a title="Line 225: Conditional coverage 100% (2/2)."> 24</a></td> <td class="src"><pre class="src"> <a title="Line 225: Conditional coverage 100% (2/2)."> <span class="keyword">for</span> (<span class="keyword">int</span> i = 0; i < configuredPerms.length; i++) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 226</td> <td class="nbHitsCovered"> 16</td> <td class="src"><pre class="src"> mappedPerms[i] = configuredPerms[i] + <span class="string">":"</span> + action;</pre></td></tr> |
| <tr> <td class="numLine"> 227</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 228</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 229</td> <td class="nbHitsUncovered"><a title="Line 229: Conditional coverage 50% (1/2)."> 8</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 229: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (log.isTraceEnabled()) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 230</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> StringBuilder sb = <span class="keyword">new</span> StringBuilder();</pre></td></tr> |
| <tr> <td class="numLineCover"> 231</td> <td class="nbHitsCovered"><a title="Line 231: Conditional coverage 100% (2/2)."> 24</a></td> <td class="src"><pre class="src"> <a title="Line 231: Conditional coverage 100% (2/2)."> <span class="keyword">for</span> (<span class="keyword">int</span> i = 0; i < mappedPerms.length; i++) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 232</td> <td class="nbHitsCovered"><a title="Line 232: Conditional coverage 100% (2/2)."> 16</a></td> <td class="src"><pre class="src"> <a title="Line 232: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (i > 0) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 233</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> sb.append(<span class="string">", "</span>);</pre></td></tr> |
| <tr> <td class="numLine"> 234</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 235</td> <td class="nbHitsCovered"> 16</td> <td class="src"><pre class="src"> sb.append(mappedPerms[i]);</pre></td></tr> |
| <tr> <td class="numLine"> 236</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 237</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> log.trace(<span class="string">"MAPPED '{}' action to permission(s) '{}'"</span>, action, sb);</pre></td></tr> |
| <tr> <td class="numLine"> 238</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 239</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 240</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> <span class="keyword">return</span> mappedPerms;</pre></td></tr> |
| <tr> <td class="numLine"> 241</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 242</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 243</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 244</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Resolves an 'application friendly' action verb based on the {@code HttpServletRequest}'s method, appends that</span></pre></td></tr> |
| <tr> <td class="numLine"> 245</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * action to each configured permission (the {@code mappedValue} argument is a {@code String[]} array), and</span></pre></td></tr> |
| <tr> <td class="numLine"> 246</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * delegates the permission check for the newly constructed permission(s) to the superclass</span></pre></td></tr> |
| <tr> <td class="numLine"> 247</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link PermissionsAuthorizationFilter#isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Object) isAccessAllowed}</span></pre></td></tr> |
| <tr> <td class="numLine"> 248</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * implementation to perform the actual permission check.</span></pre></td></tr> |
| <tr> <td class="numLine"> 249</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 250</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param request the inbound {@code ServletRequest}</span></pre></td></tr> |
| <tr> <td class="numLine"> 251</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param response the outbound {@code ServletResponse}</span></pre></td></tr> |
| <tr> <td class="numLine"> 252</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param mappedValue the filter-specific config value mapped to this filter in the URL rules mappings.</span></pre></td></tr> |
| <tr> <td class="numLine"> 253</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return {@code true} if the request should proceed through the filter normally, {@code false} if the</span></pre></td></tr> |
| <tr> <td class="numLine"> 254</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * request should be processed by this filter's</span></pre></td></tr> |
| <tr> <td class="numLine"> 255</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #onAccessDenied(ServletRequest,ServletResponse,Object)} method instead.</span></pre></td></tr> |
| <tr> <td class="numLine"> 256</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws IOException</span></pre></td></tr> |
| <tr> <td class="numLine"> 257</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 258</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @Override</pre></td></tr> |
| <tr> <td class="numLine"> 259</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">boolean</span> isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) <span class="keyword">throws</span> IOException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 260</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String[] perms = (String[]) mappedValue;</span></pre></td></tr> |
| <tr> <td class="numLine"> 261</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// append the http action to the end of the permissions and then back to super</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 262</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String action = getHttpMethodAction(request);</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 263</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String[] resolvedPerms = buildPermissions(perms, action);</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 264</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> <span class="keyword">super</span>.isAccessAllowed(request, response, resolvedPerms);</span></pre></td></tr> |
| <tr> <td class="numLine"> 265</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 266</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| </table> |
| |
| <div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1 on 3/4/16 6:05 PM.</div> |
| </body> |
| </html> |
