Class SecurityUtils

java.lang.Object
com.erudika.para.server.security.SecurityUtils
public final class SecurityUtils extends Object
Utility class with helper methods for authentication.
Author:
Alex Bogdanovski [[email protected]]

  • Method Details

    • getAuthenticatedUser

      public static com.erudika.para.core.User getAuthenticatedUser()
      Extracts a User object from the security context.
      Returns:
      an authenticated user or null if a user is not authenticated

    • getAuthenticatedUser

      public static com.erudika.para.core.User getAuthenticatedUser(org.springframework.security.core.Authentication auth)
      Extracts a User object from the security context.
      Parameters:
      auth - the authentication object
      Returns:
      an authenticated user or null if a user is not authenticated

    • getAuthenticatedApp

      public static com.erudika.para.core.App getAuthenticatedApp()
      Extracts a App object from the security context.
      Returns:
      an authenticated app or null if a app is not authenticated

    • getAppFromJWTAuthentication

      public static com.erudika.para.core.App getAppFromJWTAuthentication()
      getter.
      Returns:
      returns the current app associated with the authenticated user

    • getAppFromLdapAuthentication

      public static com.erudika.para.core.App getAppFromLdapAuthentication()
      getter.
      Returns:
      returns the current app associated with the authenticated user

    • getPrincipalApp

      public static com.erudika.para.core.App getPrincipalApp()
      Returns the current authenticated App object.
      Returns:
      an App object or null

    • checkImplicitAppPermissions

      public static boolean checkImplicitAppPermissions(com.erudika.para.core.App app, com.erudika.para.core.ParaObject object)
      An app can edit itself or delete itself. It can't read, edit, overwrite or delete other apps, unless it is the root app.
      Parameters:
      app - an app
      object - another object
      Returns:
      true if app passes the check

    • isNotAnApp

      public static boolean isNotAnApp(String type)
      checker.
      Parameters:
      type - some type
      Returns:
      true if type of object is not "app"

    • checkIfUserCanModifyObject

      public static boolean checkIfUserCanModifyObject(com.erudika.para.core.App app, com.erudika.para.core.ParaObject object)
      Check if a user can modify an object. If there's no user principal found, this returns true.
      Parameters:
      app - app in context
      object - some object
      Returns:
      true if user is the owner/creator of the object.

    • clearSession

      public static void clearSession(jakarta.servlet.http.HttpServletRequest req)
      Clears the session. Deletes cookies and clears the security context.
      Parameters:
      req - HTTP request

    • isValidJWToken

      public static boolean isValidJWToken(String secret, com.nimbusds.jwt.SignedJWT jwt)
      Validates a JWT token.
      Parameters:
      secret - secret used for generating the token
      jwt - token to validate
      Returns:
      true if token is valid

    • generateSuperJWToken

      public static com.nimbusds.jwt.SignedJWT generateSuperJWToken(com.erudika.para.core.App app)
      Generates a new "super" JWT token for apps.
      Parameters:
      app - the app object
      Returns:
      a new JWT or null

    • generateJWToken

      public static com.nimbusds.jwt.SignedJWT generateJWToken(com.erudika.para.core.User user, com.erudika.para.core.App app)
      Generates a new JWT token.
      Parameters:
      user - a User object belonging to the app
      app - the app object
      Returns:
      a new JWT or null

    • generateIdToken

      public static com.nimbusds.jwt.SignedJWT generateIdToken(com.erudika.para.core.User user, com.erudika.para.core.App app)
      Short-lived identity token, proving that a Para user has been successfully authenticated against an IDP. Works with the passwordless auth filter.
      Parameters:
      user - user object
      app - app object
      Returns:
      a signed JWT or null

    • checkIfActive

      public static UserAuthentication checkIfActive(UserAuthentication userAuth, com.erudika.para.core.User user, boolean throwException)
      Checks if account is active.
      Parameters:
      userAuth - user authentication object
      user - user object
      throwException - throw or not
      Returns:
      the authentication object if user.active == true

    • isValidSignature

      public static boolean isValidSignature(jakarta.servlet.http.HttpServletRequest incoming, String secretKey)
      Validates the signature of the request.
      Parameters:
      incoming - the incoming HTTP request containing a signature
      secretKey - the app's secret key
      Returns:
      true if the signature is valid

    • getRedirectUrl

      public static String getRedirectUrl(jakarta.servlet.http.HttpServletRequest request)
      getter.
      Parameters:
      request - HTTP request
      Returns:
      the URL with the correct protocol, read from X-Forwarded-Proto and CloudFront-Forwarded-Proto headers.

    • getAppidFromAuthRequest

      public static String getAppidFromAuthRequest(jakarta.servlet.http.HttpServletRequest request)
      getter.
      Parameters:
      request - HTTP request
      Returns:
      the appid if it's present in either the 'state' or 'appid' query parameters

    • getHostUrlAliasesForReturn

      public static Set<String> getHostUrlAliasesForReturn(com.erudika.para.core.App app)
      getter.
      Parameters:
      app - the Para app object
      Returns:
      a set of host URLs if found in app settings

    • getHostUrlFromQueryStringOrStateParam

      public static String getHostUrlFromQueryStringOrStateParam(Set<String> hostUrlAliases, jakarta.servlet.http.HttpServletRequest request)
      getter.
      Parameters:
      hostUrlAliases - host URL aliases
      request - request
      Returns:
      a host URL or null