Class SecurityUtil
java.lang.Object
com.evolveum.midpoint.security.api.SecurityUtil
- Author:
- Radovan Semancik
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic @NotNull Authorizationstatic Collection<String>getActions(Collection<org.springframework.security.access.ConfigAttribute> configAttributes) static org.springframework.security.core.Authenticationstatic intgetCredentialHistoryLength(CredentialPolicyType credentialPolicy) static @NotNull CredentialsStorageTypeTypegetCredentialStorageType(@Nullable CredentialPolicyType defaultPolicy, @Nullable CredentialPolicyType specificPolicy) static CredentialsStorageTypeTypegetCredentialStorageTypeType(CredentialsStorageMethodType storageMethod) static HttpConnectionInformationReturns current connection information, as derived from HTTP request stored in current thread.getEffectiveAttributeVerificationCredentialsPolicy(SecurityPolicyType securityPolicy) static List<NonceCredentialsPolicyType>getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy) static NonceCredentialsPolicyTypegetEffectiveNonceCredentialsPolicy(SecurityPolicyType securityPolicy) getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy) getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy) static StringgetInvitationSequenceIdentifier(SecurityPolicyType securityPolicy) static ValuePolicyTypegetPasswordPolicy(SecurityPolicyType securityPolicy) Not very systematic.static @NotNull CredentialsStorageTypeTypegetPasswordStorageType(@Nullable CredentialsPolicyType credentialsPolicy) static MidPointPrincipalReturns principal representing currently logged-in user.static @Nullable MidPointPrincipalBenevolent version ofgetPrincipal()static Stringstatic MidPointPrincipalReturns the principal, insisting on that it exists.static MidPointPrincipalConsider using more benevolentgetPrincipalIfExists().static StringReturns short description of the subject suitable for log and error messages.static booleanisAuditedLoginAndLogout(SystemConfigurationType systemConfiguration, String channel) static booleanstatic booleanisHistoryAllowExistingPasswordReuse(CredentialPolicyType credentialPolicy) static booleanisOverFailedLockoutAttempts(int failedLogins, CredentialPolicyType credentialsPolicy) static booleanisRecordSessionLessAccessChannel(String channel) static booleanisRestAndActuatorChannel(String channel) static voidlogSecurityDeny(MidPointPrincipal midPointPrincipal, Object object, String message) static voidlogSecurityDeny(Object object, String message) static voidlogSecurityDeny(Object object, String message, Throwable cause, Collection<String> requiredAuthorizations) static void
-
Constructor Details
-
SecurityUtil
public SecurityUtil()
-
-
Method Details
-
getActions
public static Collection<String> getActions(Collection<org.springframework.security.access.ConfigAttribute> configAttributes) -
logSecurityDeny
-
logSecurityDeny
public static void logSecurityDeny(MidPointPrincipal midPointPrincipal, Object object, String message) -
logSecurityDeny
public static void logSecurityDeny(Object object, String message, Throwable cause, Collection<String> requiredAuthorizations) -
getSubjectDescription
Returns short description of the subject suitable for log and error messages. Does not throw errors. Safe to toString-like methods. May return null (means anonymous or unknown) -
getPasswordStorageType
@NotNull public static @NotNull CredentialsStorageTypeType getPasswordStorageType(@Nullable @Nullable CredentialsPolicyType credentialsPolicy) -
getCredentialStorageType
@NotNull public static @NotNull CredentialsStorageTypeType getCredentialStorageType(@Nullable @Nullable CredentialPolicyType defaultPolicy, @Nullable @Nullable CredentialPolicyType specificPolicy) -
getEffectivePasswordCredentialsPolicy
public static PasswordCredentialsPolicyType getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy) -
getInvitationSequenceIdentifier
-
getEffectiveSecurityQuestionsCredentialsPolicy
public static SecurityQuestionsCredentialsPolicyType getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy) -
getEffectiveAttributeVerificationCredentialsPolicy
public static AttributeVerificationCredentialsPolicyType getEffectiveAttributeVerificationCredentialsPolicy(SecurityPolicyType securityPolicy) -
getEffectiveNonceCredentialsPolicies
public static List<NonceCredentialsPolicyType> getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy) -
getEffectiveNonceCredentialsPolicy
public static NonceCredentialsPolicyType getEffectiveNonceCredentialsPolicy(SecurityPolicyType securityPolicy) throws SchemaException - Throws:
SchemaException
-
getCredentialHistoryLength
-
isHistoryAllowExistingPasswordReuse
-
getCredentialStorageTypeType
public static CredentialsStorageTypeType getCredentialStorageTypeType(CredentialsStorageMethodType storageMethod) -
getPasswordPolicy
Not very systematic. Used mostly in hacks. -
setRemoteHostAddressHeaders
-
getCurrentConnectionInformation
Returns current connection information, as derived from HTTP request stored in current thread. May be null if the thread is not associated with any HTTP request (e.g. task threads, operations invoked from GUI but executing in background). -
getPrincipalSilent
Consider using more benevolentgetPrincipalIfExists(). -
getPrincipal
Returns principal representing currently logged-in user. Returns null if the user is anonymous.- Throws:
SecurityViolationException
-
getPrincipalIfExists
Benevolent version ofgetPrincipal() -
getPrincipalRequired
Returns the principal, insisting on that it exists.- Throws:
SecurityViolationException
-
getPrincipalOidIfAuthenticated
-
isAuthenticated
public static boolean isAuthenticated() -
getAuthentication
public static org.springframework.security.core.Authentication getAuthentication() -
isRecordSessionLessAccessChannel
-
isRestAndActuatorChannel
-
isAuditedLoginAndLogout
public static boolean isAuditedLoginAndLogout(SystemConfigurationType systemConfiguration, String channel) -
isOverFailedLockoutAttempts
public static boolean isOverFailedLockoutAttempts(int failedLogins, CredentialPolicyType credentialsPolicy) -
createPrivilegedAuthorization
-