Package org.rapidcontext.core.security

Class SecurityContext

java.lang.Object
org.rapidcontext.core.security.SecurityContext
public final class SecurityContext extends Object
The application security context. This class provides static methods for authentication and resource authorization. It stores the currently authenticated user in a thread-local storage, so user credentials must be provided separately for each execution thread. It is important that the manager is initialized before any authentication calls are made, or they will fail.
Version:
1.0

  • Method Summary

    Modifier and Type
    Method
    Description
    static User
    auth(String id)
    Authenticates the specified user.
    static User
    authHash(String id, String suffix, String hash)
    Authenticates the specified user with an MD5 two-step hash.
    static User
    authToken(String token)
    Authenticates with a user authentication token.
    static User
    currentUser()
    Returns the currently authenticated user for this thread.
    static void
    deauth()
    Deauthenticates this context, i.e.
    static boolean
    hasAccess(String path, String permission)
    Checks if the currently authenticated user has has access permission for a storage path.
    static boolean
    hasAccess(User user, String path, String permission)
    Checks if the specified user has has access permission for a storage path.
    static boolean
    hasInternalAccess(String path)
    Checks if the currently authenticated user has internal access to a storage path.
    static boolean
    hasReadAccess(String path)
    Checks if the currently authenticated user has read access to a storage path.
    static boolean
    hasSearchAccess(String path)
    Checks if the currently authenticated user has search access to a storage path.
    static boolean
    hasWriteAccess(String path)
    Checks if the currently authenticated user has write access to a storage path.
    static void
    init(Storage storage)
    Initializes the security context.
    static String
    nonce()
    Creates a unique number to be used once for hashing.
    static void
    verifyNonce(String nonce)
    Verifies that the specified nonce is sufficiently recently generated to be acceptable.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • init

      public static void init(Storage storage) throws StorageException
      Initializes the security context. It can be called multiple times in order to re-read the configuration data from the data storage. The data store specified will be used for reading and writing users and roles both during initialization and later.
      Parameters:
      storage - the data storage to use
      Throws:
      StorageException - if the storage couldn't be read or written

    • currentUser

      public static User currentUser()
      Returns the currently authenticated user for this thread.
      Returns:
      the currently authenticated user, or null if no user is currently authenticated

    • hasInternalAccess

      public static boolean hasInternalAccess(String path)
      Checks if the currently authenticated user has internal access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has internal access, or false otherwise

    • hasReadAccess

      public static boolean hasReadAccess(String path)
      Checks if the currently authenticated user has read access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has read access, or false otherwise

    • hasSearchAccess

      public static boolean hasSearchAccess(String path)
      Checks if the currently authenticated user has search access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has search access, or false otherwise

    • hasWriteAccess

      public static boolean hasWriteAccess(String path)
      Checks if the currently authenticated user has write access to a storage path.
      Parameters:
      path - the object storage path
      Returns:
      true if the current user has write access, or false otherwise

    • hasAccess

      public static boolean hasAccess(String path, String permission)
      Checks if the currently authenticated user has has access permission for a storage path.
      Parameters:
      path - the object storage path
      permission - the requested permission
      Returns:
      true if the current user has access, or false otherwise
      See Also:

    • hasAccess

      public static boolean hasAccess(User user, String path, String permission)
      Checks if the specified user has has access permission for a storage path.
      Parameters:
      user - the user to check, or null or anonymous
      path - the object storage path
      permission - the requested permission
      Returns:
      true if the current user has access, or false otherwise
      See Also:

    • nonce

      public static String nonce()
      Creates a unique number to be used once for hashing.
      Returns:
      the unique hash number

    • verifyNonce

      public static void verifyNonce(String nonce) throws SecurityException
      Verifies that the specified nonce is sufficiently recently generated to be acceptable.
      Parameters:
      nonce - the nonce to check
      Throws:
      SecurityException - if the nonce was invalid

    • auth

      public static User auth(String id) throws SecurityException
      Authenticates the specified user. This method will verify that the user exists and is enabled. It should only be called if a previous user authentication can be trusted, either via a cookie, command-line login or similar. After a successful authentication the current user will be set to the specified user.
      Parameters:
      id - the unique user id
      Returns:
      the authenticated user, same as currentUser()
      Throws:
      SecurityException - if the user failed authentication

    • authHash

      public static User authHash(String id, String suffix, String hash) throws SecurityException
      Authenticates the specified user with an MD5 two-step hash. This method will verify that the user exists, is enabled and that the password hash plus the specified suffix will MD5 hash to the specified string, After a successful authentication the current user will be set to the specified user.
      Parameters:
      id - the unique user id
      suffix - the user password hash suffix to append
      hash - the expected hashed result
      Returns:
      the authenticated user
      Throws:
      SecurityException - if the authentication failed

    • authToken

      public static User authToken(String token) throws Exception
      Authenticates with a user authentication token. This method will verify that the user exists, is enabled and that the token is valid for the current user password. After a successful authentication the current user will be set to the user in the token.
      Parameters:
      token - the authentication token
      Returns:
      the authenticated user
      Throws:
      Exception - if the authentication failed

    • deauth

      public static void deauth()
      Deauthenticates this context, i.e. the current user will be reset to the anonymous user.