Package org.rapidcontext.core.security
Class SecurityContext
java.lang.Object
org.rapidcontext.core.security.SecurityContext
The application security context. This class provides static
methods for authentication and resource authorization. It stores
the currently authenticated user in a thread-local storage, so
user credentials must be provided separately for each execution
thread. It is important that the manager is initialized before
any authentication calls are made, or they will fail.
- Version:
- 1.0
-
Method Summary
Modifier and TypeMethodDescriptionstatic User
Authenticates the specified user.static User
Authenticates the specified user with an MD5 two-step hash.static User
Authenticates with a user authentication token.static User
Returns the currently authenticated user for this thread.static void
deauth()
Deauthenticates this context, i.e.static boolean
Checks if the currently authenticated user has has access permission for a storage path.static boolean
Checks if the specified user has has access permission for a storage path.static boolean
hasInternalAccess
(String path) Checks if the currently authenticated user has internal access to a storage path.static boolean
hasReadAccess
(String path) Checks if the currently authenticated user has read access to a storage path.static boolean
hasSearchAccess
(String path) Checks if the currently authenticated user has search access to a storage path.static boolean
hasWriteAccess
(String path) Checks if the currently authenticated user has write access to a storage path.static void
Initializes the security context.static String
nonce()
Creates a unique number to be used once for hashing.static void
verifyNonce
(String nonce) Verifies that the specified nonce is sufficiently recently generated to be acceptable.
-
Method Details
-
init
Initializes the security context. It can be called multiple times in order to re-read the configuration data from the data storage. The data store specified will be used for reading and writing users and roles both during initialization and later.- Parameters:
storage
- the data storage to use- Throws:
StorageException
- if the storage couldn't be read or written
-
currentUser
Returns the currently authenticated user for this thread.- Returns:
- the currently authenticated user, or null if no user is currently authenticated
-
hasInternalAccess
Checks if the currently authenticated user has internal access to a storage path.- Parameters:
path
- the object storage path- Returns:
- true if the current user has internal access, or false otherwise
-
hasReadAccess
Checks if the currently authenticated user has read access to a storage path.- Parameters:
path
- the object storage path- Returns:
- true if the current user has read access, or false otherwise
-
hasSearchAccess
Checks if the currently authenticated user has search access to a storage path.- Parameters:
path
- the object storage path- Returns:
- true if the current user has search access, or false otherwise
-
hasWriteAccess
Checks if the currently authenticated user has write access to a storage path.- Parameters:
path
- the object storage path- Returns:
- true if the current user has write access, or false otherwise
-
hasAccess
Checks if the currently authenticated user has has access permission for a storage path.- Parameters:
path
- the object storage pathpermission
- the requested permission- Returns:
- true if the current user has access, or false otherwise
- See Also:
-
hasAccess
Checks if the specified user has has access permission for a storage path.- Parameters:
user
- the user to check, or null or anonymouspath
- the object storage pathpermission
- the requested permission- Returns:
- true if the current user has access, or false otherwise
- See Also:
-
nonce
Creates a unique number to be used once for hashing.- Returns:
- the unique hash number
-
verifyNonce
Verifies that the specified nonce is sufficiently recently generated to be acceptable.- Parameters:
nonce
- the nonce to check- Throws:
SecurityException
- if the nonce was invalid
-
auth
Authenticates the specified user. This method will verify that the user exists and is enabled. It should only be called if a previous user authentication can be trusted, either via a cookie, command-line login or similar. After a successful authentication the current user will be set to the specified user.- Parameters:
id
- the unique user id- Returns:
- the authenticated user, same as currentUser()
- Throws:
SecurityException
- if the user failed authentication
-
authHash
Authenticates the specified user with an MD5 two-step hash. This method will verify that the user exists, is enabled and that the password hash plus the specified suffix will MD5 hash to the specified string, After a successful authentication the current user will be set to the specified user.- Parameters:
id
- the unique user idsuffix
- the user password hash suffix to appendhash
- the expected hashed result- Returns:
- the authenticated user
- Throws:
SecurityException
- if the authentication failed
-
authToken
Authenticates with a user authentication token. This method will verify that the user exists, is enabled and that the token is valid for the current user password. After a successful authentication the current user will be set to the user in the token.- Parameters:
token
- the authentication token- Returns:
- the authenticated user
- Throws:
Exception
- if the authentication failed
-
deauth
public static void deauth()Deauthenticates this context, i.e. the current user will be reset to the anonymous user.
-