Package com.evolveum.midpoint.security.api

Class SecurityUtil

java.lang.Object

com.evolveum.midpoint.security.api.SecurityUtil

public class SecurityUtil
extends Object

Author:

Radovan Semancik

Constructor Summary

Constructors

Constructor	Description
SecurityUtil()

Method Summary

Modifier and Type	Method	Description
static @NotNull Authorization	createPrivilegedAuthorization()
static Collection<String>	getActions(Collection<org.springframework.security.access.ConfigAttribute> configAttributes)
static org.springframework.security.core.Authentication	getAuthentication()
static int	getCredentialHistoryLength(CredentialPolicyType credentialPolicy)
static <T> T	getCredentialPolicyItem(CredentialPolicyType defaultPolicy, CredentialPolicyType policy, Function<CredentialPolicyType,T> getter)
static CredentialsStorageTypeType	getCredentialStorageTypeType(CredentialsStorageMethodType storageMethod)
static HttpConnectionInformation	getCurrentConnectionInformation()	Returns current connection information, as derived from HTTP request stored in current thread.
static AttributeVerificationCredentialsPolicyType	getEffectiveAttributeVerificationCredentialsPolicy(SecurityPolicyType securityPolicy)
static List<NonceCredentialsPolicyType>	getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy)
static NonceCredentialsPolicyType	getEffectiveNonceCredentialsPolicy(SecurityPolicyType securityPolicy)
static PasswordCredentialsPolicyType	getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy)
static SecurityQuestionsCredentialsPolicyType	getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy)
static String	getInvitationSequenceIdentifier(SecurityPolicyType securityPolicy)
static ValuePolicyType	getPasswordPolicy(SecurityPolicyType securityPolicy)	Not very systematic.
static MidPointPrincipal	getPrincipal()	Returns principal representing currently logged-in user.
static @Nullable MidPointPrincipal	getPrincipalIfExists()	Benevolent version of getPrincipal()
static String	getPrincipalOidIfAuthenticated()
static MidPointPrincipal	getPrincipalRequired()	Returns the principal, insisting on that it exists.
static MidPointPrincipal	getPrincipalSilent()	Consider using more benevolent getPrincipalIfExists().
static String	getSubjectDescription()	Returns short description of the subject suitable for log and error messages.
static boolean	isAuditedLoginAndLogout(SystemConfigurationType systemConfiguration, String channel)
static boolean	isAuthenticated()
static boolean	isHistoryAllowExistingPasswordReuse(CredentialPolicyType credentialPolicy)
static boolean	isOverFailedLockoutAttempts(int failedLogins, CredentialPolicyType credentialsPolicy)
static boolean	isRecordSessionLessAccessChannel(String channel)
static boolean	isRestAndActuatorChannel(String channel)
static void	logSecurityDeny(MidPointPrincipal midPointPrincipal, Object object, String message)
static void	logSecurityDeny(Object object, String message)
static void	logSecurityDeny(Object object, String message, Throwable cause, Collection<String> requiredAuthorizations)
static void	setRemoteHostAddressHeaders(SystemConfigurationType config)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityUtil

public SecurityUtil()

Method Details

getActions

public static Collection<String> getActions(Collection<org.springframework.security.access.ConfigAttribute> configAttributes)

logSecurityDeny

public static void logSecurityDeny(Object object,
 String message)

logSecurityDeny

public static void logSecurityDeny(MidPointPrincipal midPointPrincipal,
 Object object,
 String message)

logSecurityDeny

public static void logSecurityDeny(Object object,
 String message,
 Throwable cause,
 Collection<String> requiredAuthorizations)

getSubjectDescription

public static String getSubjectDescription()

Returns short description of the subject suitable for log and error messages. Does not throw errors. Safe to toString-like methods. May return null (means anonymous or unknown)

getCredentialPolicyItem

public static <T> T getCredentialPolicyItem(CredentialPolicyType defaultPolicy,
 CredentialPolicyType policy,
 Function<CredentialPolicyType,T> getter)

getEffectivePasswordCredentialsPolicy

public static PasswordCredentialsPolicyType getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy)

getInvitationSequenceIdentifier

public static String getInvitationSequenceIdentifier(SecurityPolicyType securityPolicy)

getEffectiveSecurityQuestionsCredentialsPolicy

public static SecurityQuestionsCredentialsPolicyType getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy)

getEffectiveAttributeVerificationCredentialsPolicy

public static AttributeVerificationCredentialsPolicyType getEffectiveAttributeVerificationCredentialsPolicy(SecurityPolicyType securityPolicy)

getEffectiveNonceCredentialsPolicies

public static List<NonceCredentialsPolicyType> getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy)

getEffectiveNonceCredentialsPolicy

public static NonceCredentialsPolicyType getEffectiveNonceCredentialsPolicy(SecurityPolicyType securityPolicy)
                                                                     throws SchemaException

Throws:

SchemaException

getCredentialHistoryLength

public static int getCredentialHistoryLength(CredentialPolicyType credentialPolicy)

isHistoryAllowExistingPasswordReuse

public static boolean isHistoryAllowExistingPasswordReuse(CredentialPolicyType credentialPolicy)

getCredentialStorageTypeType

public static CredentialsStorageTypeType getCredentialStorageTypeType(CredentialsStorageMethodType storageMethod)

getPasswordPolicy

public static ValuePolicyType getPasswordPolicy(SecurityPolicyType securityPolicy)

Not very systematic. Used mostly in hacks.

setRemoteHostAddressHeaders

public static void setRemoteHostAddressHeaders(SystemConfigurationType config)

getCurrentConnectionInformation

public static HttpConnectionInformation getCurrentConnectionInformation()

Returns current connection information, as derived from HTTP request stored in current thread. May be null if the thread is not associated with any HTTP request (e.g. task threads, operations invoked from GUI but executing in background).

getPrincipalSilent

public static MidPointPrincipal getPrincipalSilent()

Consider using more benevolent getPrincipalIfExists().

getPrincipal

public static MidPointPrincipal getPrincipal()
                                      throws SecurityViolationException

Returns principal representing currently logged-in user. Returns null if the user is anonymous.

Throws:

SecurityViolationException

getPrincipalIfExists

@Nullable
public static @Nullable MidPointPrincipal getPrincipalIfExists()

Benevolent version of getPrincipal()

getPrincipalRequired

public static MidPointPrincipal getPrincipalRequired()
                                              throws SecurityViolationException

Returns the principal, insisting on that it exists.

Throws:

SecurityViolationException

getPrincipalOidIfAuthenticated

public static String getPrincipalOidIfAuthenticated()

isAuthenticated

public static boolean isAuthenticated()

getAuthentication

public static org.springframework.security.core.Authentication getAuthentication()

isRecordSessionLessAccessChannel

public static boolean isRecordSessionLessAccessChannel(String channel)

isRestAndActuatorChannel

public static boolean isRestAndActuatorChannel(String channel)

isAuditedLoginAndLogout

public static boolean isAuditedLoginAndLogout(SystemConfigurationType systemConfiguration,
 String channel)

isOverFailedLockoutAttempts

public static boolean isOverFailedLockoutAttempts(int failedLogins,
 CredentialPolicyType credentialsPolicy)

createPrivilegedAuthorization

@NotNull
public static @NotNull Authorization createPrivilegedAuthorization()