Package com.evolveum.midpoint.security.api

Class SecurityUtil

java.lang.Object
com.evolveum.midpoint.security.api.SecurityUtil
public class SecurityUtil extends Object
Author:
Radovan Semancik

  • Field Details

    • PUBLIC_SESSION_ID_ATTR

      public static final String PUBLIC_SESSION_ID_ATTR
      HTTP session attribute key under which the public session identifier is stored. This is intentionally different from the container-assigned JSESSION ID.
      See Also:

  • Constructor Details

    • SecurityUtil

      public SecurityUtil()

  • Method Details

    • getActions

      public static Collection<String> getActions(Collection<org.springframework.security.access.ConfigAttribute> configAttributes)

    • logSecurityDeny

      public static void logSecurityDeny(Object object, String message)

    • logSecurityDeny

      public static void logSecurityDeny(MidPointPrincipal midPointPrincipal, Object object, String message)

    • logSecurityDeny

      public static void logSecurityDeny(Object object, String message, Throwable cause, Collection<String> requiredAuthorizations)

    • getSubjectDescription

      public static String getSubjectDescription()
      Returns short description of the subject suitable for log and error messages. Does not throw errors. Safe to toString-like methods. May return null (means anonymous or unknown)

    • getCredentialPolicyItem

      public static <T> T getCredentialPolicyItem(CredentialPolicyType defaultPolicy, CredentialPolicyType policy, Function<CredentialPolicyType,T> getter)

    • getEffectivePasswordCredentialsPolicy

      public static PasswordCredentialsPolicyType getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy)

    • getInvitationSequenceIdentifier

      public static String getInvitationSequenceIdentifier(SecurityPolicyType securityPolicy)

    • getEffectiveSecurityQuestionsCredentialsPolicy

      public static SecurityQuestionsCredentialsPolicyType getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy)

    • getEffectiveAttributeVerificationCredentialsPolicy

      public static AttributeVerificationCredentialsPolicyType getEffectiveAttributeVerificationCredentialsPolicy(SecurityPolicyType securityPolicy)

    • getEffectiveNonceCredentialsPolicies

      public static List<NonceCredentialsPolicyType> getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy)

    • getEffectiveNonceCredentialsPolicy

      public static NonceCredentialsPolicyType getEffectiveNonceCredentialsPolicy(SecurityPolicyType securityPolicy) throws SchemaException
      Throws:
      SchemaException

    • getCredentialHistoryLength

      public static int getCredentialHistoryLength(CredentialPolicyType credentialPolicy)

    • isHistoryAllowExistingPasswordReuse

      public static boolean isHistoryAllowExistingPasswordReuse(CredentialPolicyType credentialPolicy)

    • getCredentialStorageTypeType

      public static CredentialsStorageTypeType getCredentialStorageTypeType(CredentialsStorageMethodType storageMethod)

    • getPasswordPolicy

      public static ValuePolicyType getPasswordPolicy(SecurityPolicyType securityPolicy)
      Not very systematic. Used mostly in hacks.

    • setRemoteHostAddressHeaders

      public static void setRemoteHostAddressHeaders(SystemConfigurationType config)

    • getOrCreateAuditSessionId

      public static String getOrCreateAuditSessionId(@Nullable @Nullable jakarta.servlet.http.HttpServletRequest request)
      Returns a stable audit session ID for the given HttpServletRequest or null if request is null.
      See Also:

    • getOrCreateAuditSessionId

      public static String getOrCreateAuditSessionId(@Nullable @Nullable jakarta.servlet.http.HttpSession session)
      Returns a stable audit session ID for the given HTTP session. The ID is a random UUID generated on first call and stored as a session attribute ("PUBLIC_SESSION_ID"). It intentionally differs from the container-assigned JSESSION ID so that audit logs do not expose the real session token.
      Returns:
      the UUID string, or null if session is null

    • getCurrentConnectionInformation

      public static HttpConnectionInformation getCurrentConnectionInformation()
      Returns current connection information, as derived from HTTP request stored in current thread. May be null if the thread is not associated with any HTTP request (e.g. task threads, operations invoked from GUI but executing in background).

    • getPrincipalSilent

      public static MidPointPrincipal getPrincipalSilent()
      Consider using more benevolent getPrincipalIfExists().

    • getPrincipal

      public static MidPointPrincipal getPrincipal() throws SecurityViolationException
      Returns principal representing currently logged-in user. Returns null if the user is anonymous.
      Throws:
      SecurityViolationException

    • getPrincipalIfExists

      @Nullable public static @Nullable MidPointPrincipal getPrincipalIfExists()
      Benevolent version of getPrincipal()

    • getPrincipalRequired

      public static MidPointPrincipal getPrincipalRequired() throws SecurityViolationException
      Returns the principal, insisting on that it exists.
      Throws:
      SecurityViolationException

    • getPrincipalOidIfAuthenticated

      public static String getPrincipalOidIfAuthenticated()

    • isAuthenticated

      public static boolean isAuthenticated()

    • getAuthentication

      public static org.springframework.security.core.Authentication getAuthentication()

    • isRecordSessionLessAccessChannel

      public static boolean isRecordSessionLessAccessChannel(String channel)

    • isRestAndActuatorChannel

      public static boolean isRestAndActuatorChannel(String channel)

    • isAuditedLoginAndLogout

      public static boolean isAuditedLoginAndLogout(SystemConfigurationType systemConfiguration, String channel)

    • isOverFailedLockoutAttempts

      public static boolean isOverFailedLockoutAttempts(int failedLogins, CredentialPolicyType credentialsPolicy)

    • createPrivilegedAuthorization

      @NotNull public static @NotNull Authorization createPrivilegedAuthorization()