Module com.erudika.para.server
Package com.erudika.para.server.security

Class SecurityUtils

java.lang.Object
com.erudika.para.server.security.SecurityUtils
public final class SecurityUtils extends Object
Utility class with helper methods for authentication.
Author:
Alex Bogdanovski [[email protected]]

  • Method Details

    • getAuthenticatedUser

      public static User getAuthenticatedUser()
      Extracts a User object from the security context.
      Returns:
      an authenticated user or null if a user is not authenticated

    • getAuthenticatedUser

      public static User getAuthenticatedUser(org.springframework.security.core.Authentication auth)
      Extracts a User object from the security context.
      Parameters:
      auth - the authentication object
      Returns:
      an authenticated user or null if a user is not authenticated

    • getAuthenticatedApp

      public static App getAuthenticatedApp()
      Extracts a App object from the security context.
      Returns:
      an authenticated app or null if a app is not authenticated

    • getAppFromJWTAuthentication

      public static App getAppFromJWTAuthentication()
      Returns:
      returns the current app associated with the authenticated user

    • getAppFromLdapAuthentication

      public static App getAppFromLdapAuthentication()
      Returns:
      returns the current app associated with the authenticated user

    • getPrincipalApp

      public static App getPrincipalApp()
      Returns the current authenticated App object.
      Returns:
      an App object or null

    • checkImplicitAppPermissions

      public static boolean checkImplicitAppPermissions(App app, ParaObject object)
      An app can edit itself or delete itself. It can't read, edit, overwrite or delete other apps, unless it is the root app.
      Parameters:
      app - an app
      object - another object
      Returns:
      true if app passes the check

    • isNotAnApp

      public static boolean isNotAnApp(String type)
      Parameters:
      type - some type
      Returns:
      true if type of object is not "app"

    • checkIfUserCanModifyObject

      public static boolean checkIfUserCanModifyObject(App app, ParaObject object)
      Check if a user can modify an object. If there's no user principal found, this returns true.
      Parameters:
      app - app in context
      object - some object
      Returns:
      true if user is the owner/creator of the object.

    • clearSession

      public static void clearSession(javax.servlet.http.HttpServletRequest req)
      Clears the session. Deletes cookies and clears the security context.
      Parameters:
      req - HTTP request

    • isValidJWToken

      public static boolean isValidJWToken(String secret, com.nimbusds.jwt.SignedJWT jwt)
      Validates a JWT token.
      Parameters:
      secret - secret used for generating the token
      jwt - token to validate
      Returns:
      true if token is valid

    • generateSuperJWToken

      public static com.nimbusds.jwt.SignedJWT generateSuperJWToken(App app)
      Generates a new "super" JWT token for apps.
      Parameters:
      app - the app object
      Returns:
      a new JWT or null

    • generateJWToken

      public static com.nimbusds.jwt.SignedJWT generateJWToken(User user, App app)
      Generates a new JWT token.
      Parameters:
      user - a User object belonging to the app
      app - the app object
      Returns:
      a new JWT or null

    • generateIdToken

      public static com.nimbusds.jwt.SignedJWT generateIdToken(User user, App app)
      Short-lived identity token, proving that a Para user has been successfully authenticated against an IDP. Works with the passwordless auth filter.
      Parameters:
      user - user object
      app - app object
      Returns:
      a signed JWT or null

    • checkIfActive

      public static UserAuthentication checkIfActive(UserAuthentication userAuth, User user, boolean throwException)
      Checks if account is active.
      Parameters:
      userAuth - user authentication object
      user - user object
      throwException - throw or not
      Returns:
      the authentication object if user.active == true

    • isValidSignature

      public static boolean isValidSignature(javax.servlet.http.HttpServletRequest incoming, String secretKey)
      Validates the signature of the request.
      Parameters:
      incoming - the incoming HTTP request containing a signature
      secretKey - the app's secret key
      Returns:
      true if the signature is valid

    • getRedirectUrl

      public static String getRedirectUrl(javax.servlet.http.HttpServletRequest request)
      Parameters:
      request - HTTP request
      Returns:
      the URL with the correct protocol, read from X-Forwarded-Proto and CloudFront-Forwarded-Proto headers.

    • getAppidFromAuthRequest

      public static String getAppidFromAuthRequest(javax.servlet.http.HttpServletRequest request)
      Parameters:
      request - HTTP request
      Returns:
      the appid if it's present in either the 'state' or 'appid' query parameters

    • getHostUrlAliasesForReturn

      public static Set<String> getHostUrlAliasesForReturn(App app)
      Parameters:
      app - the Para app object
      Returns:
      a set of host URLs if found in app settings

    • getHostUrlFromQueryStringOrStateParam

      public static String getHostUrlFromQueryStringOrStateParam(Set<String> hostUrlAliases, javax.servlet.http.HttpServletRequest request)
      Parameters:
      hostUrlAliases - host URL aliases
      request - request
      Returns:
      a host URL or null