org.rapidcontext.core.security

Class SecurityContext

java.lang.Object

org.rapidcontext.core.security.SecurityContext

public class SecurityContext
extends java.lang.Object

The application security context. This class provides static methods for authentication and resource authorization. It stores the currently authenticated user in a thread-local storage, so user credentials must be provided separately for each execution thread. It is important that the manager is initialized before any authentication calls are made, or they will fail.

Version:

1.0

Author:

Per Cederberg

Constructor Summary

Constructors

Constructor and Description
SecurityContext()

Method Summary

Modifier and Type	Method and Description
static void	auth(java.lang.String id) Authenticates the specified user.
static void	authClear() Removes any previous authentication.
static void	authHash(java.lang.String id, java.lang.String suffix, java.lang.String hash) Authenticates the specified user with an MD5 two-step hash.
static void	authToken(java.lang.String token) Authenticates with a user authentication token.
static User	currentUser() Returns the currently authenticated user for this thread.
static boolean	hasAccess(java.lang.String path, java.lang.String permission) Checks if the currently authenticated user has has access permission for a storage path.
static boolean	hasAccess(User user, java.lang.String path, java.lang.String permission) Checks if the specified user has has access permission for a storage path.
static boolean	hasInternalAccess(java.lang.String path) Checks if the currently authenticated user has internal access to a storage path.
static boolean	hasReadAccess(java.lang.String path) Checks if the currently authenticated user has read access to a storage path.
static boolean	hasSearchAccess(java.lang.String path) Checks if the currently authenticated user has search access to a storage path.
static boolean	hasWriteAccess(java.lang.String path) Checks if the currently authenticated user has write access to a storage path.
static void	init(Storage storage) Initializes the security context.
static java.lang.String	nonce() Creates a unique number to be used once for hashing.
static void	verifyNonce(java.lang.String nonce) Verifies that the specified nonce is sufficiently recently generated to be acceptable.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityContext

public SecurityContext()

Method Detail

init

public static void init(Storage storage)
                 throws StorageException

Initializes the security context. It can be called multiple times in order to re-read the configuration data from the data storage. The data store specified will be used for reading and writing users and roles both during initialization and later.

Parameters:

storage - the data storage to use

Throws:

StorageException - if the storage couldn't be read or written

currentUser

public static User currentUser()

Returns the currently authenticated user for this thread.

Returns:

the currently authenticated user, or null if no user is currently authenticated

hasInternalAccess

public static boolean hasInternalAccess(java.lang.String path)

Checks if the currently authenticated user has internal access to a storage path.

Parameters:

path - the object storage path

Returns:

true if the current user has internal access, or false otherwise

hasReadAccess

public static boolean hasReadAccess(java.lang.String path)

Checks if the currently authenticated user has read access to a storage path.

Parameters:

path - the object storage path

Returns:

true if the current user has read access, or false otherwise

hasSearchAccess

public static boolean hasSearchAccess(java.lang.String path)

Checks if the currently authenticated user has search access to a storage path.

Parameters:

path - the object storage path

Returns:

true if the current user has search access, or false otherwise

hasWriteAccess

public static boolean hasWriteAccess(java.lang.String path)

Checks if the currently authenticated user has write access to a storage path.

Parameters:

path - the object storage path

Returns:

true if the current user has write access, or false otherwise

hasAccess

public static boolean hasAccess(java.lang.String path,
                                java.lang.String permission)

Checks if the currently authenticated user has has access permission for a storage path.

Parameters:

path - the object storage path

permission - the requested permission

Returns:

true if the current user has access, or false otherwise

See Also:

Role.hasAccess(String, String)

hasAccess

public static boolean hasAccess(User user,
                                java.lang.String path,
                                java.lang.String permission)

Checks if the specified user has has access permission for a storage path.

Parameters:

user - the user to check, or null or anonymous

path - the object storage path

permission - the requested permission

Returns:

true if the current user has access, or false otherwise

See Also:

Role.hasAccess(String, String)

nonce

public static java.lang.String nonce()

Creates a unique number to be used once for hashing.

Returns:

the unique hash number

verifyNonce

public static void verifyNonce(java.lang.String nonce)
                        throws java.lang.SecurityException

Verifies that the specified nonce is sufficiently recently generated to be acceptable.

Parameters:

nonce - the nonce to check

Throws:

java.lang.SecurityException - if the nonce was invalid

auth

public static void auth(java.lang.String id)
                 throws java.lang.SecurityException

Authenticates the specified user. This method will verify that the user exists and is enabled. It should only be called if a previous user authentication can be trusted, either via a cookie, command-line login or similar. After a successful authentication the current user will be set to the specified user.

Parameters:

id - the unique user id

Throws:

java.lang.SecurityException - if the user failed authentication

authHash

public static void authHash(java.lang.String id,
                            java.lang.String suffix,
                            java.lang.String hash)
                     throws java.lang.Exception

Authenticates the specified user with an MD5 two-step hash. This method will verify that the user exists, is enabled and that the password hash plus the specified suffix will MD5 hash to the specified string, After a successful authentication the current user will be set to the specified user.

Parameters:

id - the unique user id

suffix - the user password hash suffix to append

hash - the expected hashed result

Throws:

java.lang.Exception - if the authentication failed

authToken

public static void authToken(java.lang.String token)
                      throws java.lang.Exception

Authenticates with a user authentication token. This method will verify that the user exists, is enabled and that the token is valid for the current user password. After a successful authentication the current user will be set to the user in the token.

Parameters:

token - the authentication token

Throws:

java.lang.Exception - if the authentication failed

authClear

public static void authClear()

Removes any previous authentication. I.e. the current user will be reset to the anonymous user.