Class SecurityUtil
java.lang.Object
com.evolveum.midpoint.security.api.SecurityUtil
- Author:
- Radovan Semancik
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic @NotNull Authorization
static Collection<String>
getActions
(Collection<org.springframework.security.access.ConfigAttribute> configAttributes) static org.springframework.security.core.Authentication
static int
getCredentialHistoryLength
(CredentialPolicyType credentialPolicy) static <T> T
getCredentialPolicyItem
(CredentialPolicyType defaultPolicy, CredentialPolicyType policy, Function<CredentialPolicyType, T> getter) static CredentialsStorageTypeType
getCredentialStorageTypeType
(CredentialsStorageMethodType storageMethod) static HttpConnectionInformation
Returns current connection information, as derived from HTTP request stored in current thread.getEffectiveAttributeVerificationCredentialsPolicy
(SecurityPolicyType securityPolicy) static List<NonceCredentialsPolicyType>
getEffectiveNonceCredentialsPolicies
(SecurityPolicyType securityPolicy) static NonceCredentialsPolicyType
getEffectiveNonceCredentialsPolicy
(SecurityPolicyType securityPolicy) getEffectivePasswordCredentialsPolicy
(SecurityPolicyType securityPolicy) getEffectiveSecurityQuestionsCredentialsPolicy
(SecurityPolicyType securityPolicy) static String
getInvitationSequenceIdentifier
(SecurityPolicyType securityPolicy) static ValuePolicyType
getPasswordPolicy
(SecurityPolicyType securityPolicy) Not very systematic.static MidPointPrincipal
Returns principal representing currently logged-in user.static @Nullable MidPointPrincipal
Benevolent version ofgetPrincipal()
static String
static MidPointPrincipal
Returns the principal, insisting on that it exists.static MidPointPrincipal
Consider using more benevolentgetPrincipalIfExists()
.static String
Returns short description of the subject suitable for log and error messages.static boolean
isAuditedLoginAndLogout
(SystemConfigurationType systemConfiguration, String channel) static boolean
static boolean
isHistoryAllowExistingPasswordReuse
(CredentialPolicyType credentialPolicy) static boolean
isOverFailedLockoutAttempts
(int failedLogins, CredentialPolicyType credentialsPolicy) static boolean
isRecordSessionLessAccessChannel
(String channel) static void
logSecurityDeny
(MidPointPrincipal midPointPrincipal, Object object, String message) static void
logSecurityDeny
(Object object, String message) static void
logSecurityDeny
(Object object, String message, Throwable cause, Collection<String> requiredAuthorizations) static void
-
Constructor Details
-
SecurityUtil
public SecurityUtil()
-
-
Method Details
-
getActions
public static Collection<String> getActions(Collection<org.springframework.security.access.ConfigAttribute> configAttributes) -
logSecurityDeny
-
logSecurityDeny
public static void logSecurityDeny(MidPointPrincipal midPointPrincipal, Object object, String message) -
logSecurityDeny
public static void logSecurityDeny(Object object, String message, Throwable cause, Collection<String> requiredAuthorizations) -
getSubjectDescription
Returns short description of the subject suitable for log and error messages. Does not throw errors. Safe to toString-like methods. May return null (means anonymous or unknown) -
getCredentialPolicyItem
public static <T> T getCredentialPolicyItem(CredentialPolicyType defaultPolicy, CredentialPolicyType policy, Function<CredentialPolicyType, T> getter) -
getEffectivePasswordCredentialsPolicy
public static PasswordCredentialsPolicyType getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy) -
getInvitationSequenceIdentifier
-
getEffectiveSecurityQuestionsCredentialsPolicy
public static SecurityQuestionsCredentialsPolicyType getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy) -
getEffectiveAttributeVerificationCredentialsPolicy
public static AttributeVerificationCredentialsPolicyType getEffectiveAttributeVerificationCredentialsPolicy(SecurityPolicyType securityPolicy) -
getEffectiveNonceCredentialsPolicies
public static List<NonceCredentialsPolicyType> getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy) -
getEffectiveNonceCredentialsPolicy
public static NonceCredentialsPolicyType getEffectiveNonceCredentialsPolicy(SecurityPolicyType securityPolicy) throws SchemaException - Throws:
SchemaException
-
getCredentialHistoryLength
-
isHistoryAllowExistingPasswordReuse
-
getCredentialStorageTypeType
public static CredentialsStorageTypeType getCredentialStorageTypeType(CredentialsStorageMethodType storageMethod) -
getPasswordPolicy
Not very systematic. Used mostly in hacks. -
setRemoteHostAddressHeaders
-
getCurrentConnectionInformation
Returns current connection information, as derived from HTTP request stored in current thread. May be null if the thread is not associated with any HTTP request (e.g. task threads, operations invoked from GUI but executing in background). -
getPrincipalSilent
Consider using more benevolentgetPrincipalIfExists()
. -
getPrincipal
Returns principal representing currently logged-in user. Returns null if the user is anonymous.- Throws:
SecurityViolationException
-
getPrincipalIfExists
Benevolent version ofgetPrincipal()
-
getPrincipalRequired
Returns the principal, insisting on that it exists.- Throws:
SecurityViolationException
-
getPrincipalOidIfAuthenticated
-
isAuthenticated
public static boolean isAuthenticated() -
getAuthentication
public static org.springframework.security.core.Authentication getAuthentication() -
isRecordSessionLessAccessChannel
-
isAuditedLoginAndLogout
public static boolean isAuditedLoginAndLogout(SystemConfigurationType systemConfiguration, String channel) -
isOverFailedLockoutAttempts
public static boolean isOverFailedLockoutAttempts(int failedLogins, CredentialPolicyType credentialsPolicy) -
createPrivilegedAuthorization
-