Package org.rapidcontext.core.security

Class SecurityContext

java.lang.Object
org.rapidcontext.core.security.SecurityContext
public final class SecurityContext extends Object
The application security context. This class provides static methods for authentication and resource authorization. It stores the currently authenticated user in a thread-local storage, so user credentials must be provided separately for each execution thread. It is important that the manager is initialized before any authentication calls are made, or they will fail.

  • Method Details

    • init

      public static void init(Storage storage) throws StorageException
      Initializes the security context. It can be called multiple times in order to re-read the configuration data from the data storage. The data store specified will be used for reading and writing users and roles both during initialization and later.
      Parameters:
      storage - the data storage to use
      Throws:
      StorageException - if the storage couldn't be read or written

    • currentUser

      @Deprecated(forRemoval=true) public static User currentUser()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use ThreadContext.user() instead.
      Returns the currently authenticated user for this thread.
      Returns:
      the currently authenticated user, or null if no user is currently authenticated

    • hasInternalAccess

      @Deprecated(forRemoval=true) public static boolean hasInternalAccess(String path)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use ThreadContext.hasAccess(String, String) instead.
      Checks if the currently authenticated user has internal access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has internal access, or false otherwise

    • hasReadAccess

      @Deprecated(forRemoval=true) public static boolean hasReadAccess(String path)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use ThreadContext.hasReadAccess(String) instead.
      Checks if the currently authenticated user has read access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has read access, or false otherwise

    • hasSearchAccess

      @Deprecated(forRemoval=true) public static boolean hasSearchAccess(String path)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use ThreadContext.hasSearchAccess(String) instead.
      Checks if the currently authenticated user has search access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has search access, or false otherwise

    • hasWriteAccess

      @Deprecated(forRemoval=true) public static boolean hasWriteAccess(String path)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use ThreadContext.hasWriteAccess(String) instead.
      Checks if the currently authenticated user has write access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has write access, or false otherwise

    • hasAccess

      @Deprecated(forRemoval=true) public static boolean hasAccess(String path, String permission)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use ThreadContext.hasAccess(String,String) instead.
      Checks if the currently authenticated user has has access permission for a storage path.
      Parameters:
      path - the object storage path
      permission - the requested permission
      Returns:
      true if the current user has access, or false otherwise
      See Also:

    • hasAccess

      @Deprecated(forRemoval=true) public static boolean hasAccess(User user, String path, String permission)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use #hasAccess(User, String, String, String) instead.
      Checks if the specified user has has access permission for a storage path.
      Parameters:
      user - the user to check, or null or anonymous
      path - the object storage path
      permission - the requested permission
      Returns:
      true if the current user has access, or false otherwise

    • hasAccess

      public static boolean hasAccess(User user, String path, String via, String permission)
      Checks if the specified user has has access permission for a storage path.
      Parameters:
      user - the user to check, or null or anonymous
      path - the object storage path
      via - the caller path, or null to use context
      permission - the requested permission
      Returns:
      true if the current user has access, or false otherwise
      See Also:

    • nonce

      public static String nonce()
      Creates a unique number to be used once for hashing.
      Returns:
      the unique hash number

    • verifyNonce

      public static void verifyNonce(String nonce) throws SecurityException
      Verifies that the specified nonce is sufficiently recently generated to be acceptable.
      Parameters:
      nonce - the nonce to check
      Throws:
      SecurityException - if the nonce was invalid

    • auth

      @Deprecated(forRemoval=true) public static User auth(String id) throws SecurityException
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use RequestContext.auth() instead.
      Authenticates the specified user. This method will verify that the user exists and is enabled. It should only be called if a previous user authentication can be trusted, either via a cookie, command-line login or similar. After a successful authentication the current user will be set to the specified user.
      Parameters:
      id - the unique user id
      Returns:
      the authenticated user, same as currentUser()
      Throws:
      SecurityException - if the user failed authentication
      See Also:

    • authHash

      @Deprecated(forRemoval=true) public static User authHash(String id, String suffix, String hash) throws SecurityException
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use RequestContext.authByMd5Hash() instead.
      Authenticates the specified user with an MD5 two-step hash. This method will verify that the user exists, is enabled and that the password hash plus the specified suffix will MD5 hash to the specified string, After a successful authentication the current user will be set to the specified user.
      Parameters:
      id - the unique user id
      suffix - the user password hash suffix to append
      hash - the expected hashed result
      Returns:
      the authenticated user
      Throws:
      SecurityException - if the authentication failed
      See Also:

    • authToken

      @Deprecated(forRemoval=true) public static User authToken(String token) throws Exception
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use RequestContext.authByToken() instead.
      Authenticates with a user authentication token. This method will verify that the user exists, is enabled and that the token is valid for the current user password. After a successful authentication the current user will be set to the user in the token.
      Parameters:
      token - the authentication token
      Returns:
      the authenticated user
      Throws:
      Exception - if the authentication failed
      See Also:

    • deauth

      @Deprecated(forRemoval=true) public static void deauth()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use RequestContext.close() instead.
      Deauthenticates this context, i.e. the current user will be reset to the anonymous user.
      See Also: