com.sibvisions.rad.server.security
Class AbstractSecurityManager

java.lang.Object
  com.sibvisions.rad.server.security.AbstractSecurityManager

All Implemented Interfaces:

ISecurityManager, IPasswordValidator

Direct Known Subclasses:

DBSecurityManager, XmlSecurityManager

public abstract class AbstractSecurityManager
extends Object
implements ISecurityManager, IPasswordValidator

The AbstractSecurityManager is the base class for ISecurityManager implementations but it does not implement the security methods. It supports security managers with important and usable methods.

Constructor Summary

AbstractSecurityManager()

Method Summary

static void	addHiddenPackage(String pPackage) Adds a package name to the hidden package list.
void	checkPassword(ISession pSession, String pPassword) Checks if a password is strength enough to be used.
protected boolean	comparePassword(IConfiguration pConfig, String pPassword, String pConfirmPassword) Compares two passwords to be identical.
static ISecurityManager	createSecurityManager(ISession pSession) Creates a new ISecurityManager for the given session.
static ISecurityManager	createSecurityManager(String pApplicationName) Creates a new ISecurityManager for the given application.
static String	getEncryptedPassword(IConfiguration pConfig, String pPassword) Gets the password, encrypted with the algorithm specified in an application configuration.
protected IPasswordValidator	getPasswordValidator(IConfiguration pConfig) Gets the password validator from an application configuration.
static boolean	isHiddenPackage(String pJavaName) Checks if a class or package name is excluded through the hidden package list.
static boolean	isPasswordEncryptionEnabled(IConfiguration pConfig) Checks if the password encryption is enabled.
static Throwable	prepareException(Throwable pException) Hides the StackTraceElements of "com.sibvisions.rad.*" when the given exception is a SecurityException.
static Throwable	prepareException(Throwable pException, boolean pForce) Hides the StackTraceElements of "com.sibvisions.rad.*" when the given exception is a SecurityException.
static void	removeHiddenPackage(String pPackage) Removes a package name from the hidden package list.
protected void	validatePassword(ISession pSession, String pOldPassword, String pNewPassword) Validates a new password against an old password an uses a preconfigured password validator for checking the strength of the new password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.sibvisions.rad.server.security.ISecurityManager

changePassword, getAccessController, logout, release, validateAuthentication

Constructor Detail

AbstractSecurityManager

public AbstractSecurityManager()

Method Detail

checkPassword

public void checkPassword(ISession pSession,
                          String pPassword)

Checks if a password is strength enough to be used.

Specified by:

checkPassword in interface IPasswordValidator

Parameters:

pSession - the session which wants to change the password

pPassword - the new password

comparePassword

protected boolean comparePassword(IConfiguration pConfig,
                                  String pPassword,
                                  String pConfirmPassword)
                           throws Exception

Compares two passwords to be identical.

Parameters:

pConfig - the application configuration

pPassword - base password (plain text)

pConfirmPassword - confirmation password (encrypted or plain text)

Returns:

true if the passwords are identical, otherwise false

Throws:

Exception - if the password encryption causes an error

getPasswordValidator

protected IPasswordValidator getPasswordValidator(IConfiguration pConfig)

Gets the password validator from an application configuration.

Parameters:

pConfig - the application configuration

Returns:

the IPasswordValidator or null if no validator is specified

validatePassword

protected void validatePassword(ISession pSession,
                                String pOldPassword,
                                String pNewPassword)
                         throws Exception

Validates a new password against an old password an uses a preconfigured password validator for checking the strength of the new password.

Parameters:

pSession - the session which changes the password

pOldPassword - the old/current password

pNewPassword - the new password

Throws:

Exception - if the password validation failed, e.g. old = new, new is not strength enough, ...

getEncryptedPassword

public static String getEncryptedPassword(IConfiguration pConfig,
                                          String pPassword)
                                   throws Exception

Gets the password, encrypted with the algorithm specified in an application configuration.

Parameters:

pConfig - the application configuration

pPassword - the plain text password

Returns:

the encrypted password

Throws:

Exception - if the encryption fails

isPasswordEncryptionEnabled

public static boolean isPasswordEncryptionEnabled(IConfiguration pConfig)

Checks if the password encryption is enabled. That means that the config parameter /application/securitymanager/passwordalgorithm contains an algorithm. PLAIN is not interpreted as algorithm.

Parameters:

pConfig - the application configuration

Returns:

true if the password should be encrypted

createSecurityManager

public static ISecurityManager createSecurityManager(ISession pSession)
                                              throws Exception

Creates a new ISecurityManager for the given session.

Parameters:

pSession - the session

Returns:

the security manager for the application

Throws:

Exception - if the security manager is not set, the class was not found or the application is invalid

createSecurityManager

public static ISecurityManager createSecurityManager(String pApplicationName)
                                              throws Exception

Creates a new ISecurityManager for the given application.

Parameters:

pApplicationName - the name of the application

Returns:

the security manager for the application

Throws:

Exception - if the security manager is not set, the class was not found or the application is invalid

prepareException

public static Throwable prepareException(Throwable pException)

Hides the StackTraceElements of "com.sibvisions.rad.*" when the given exception is a SecurityException. If ILogger.LogLevel.DEBUG is enabled, the stack won't be changed.

Parameters:

pException - the occured exception

Returns:

the changed exception

prepareException

public static Throwable prepareException(Throwable pException,
                                         boolean pForce)

Hides the StackTraceElements of "com.sibvisions.rad.*" when the given exception is a SecurityException. If ILogger.LogLevel.DEBUG is enabled, the stack won't be changed, but it's possible to force changing.

Parameters:

pException - the occured exception

pForce - force exception hiding

Returns:

the changed exception

addHiddenPackage

public static void addHiddenPackage(String pPackage)

Adds a package name to the hidden package list.

Parameters:

pPackage - the full qualified java package name e.g. com.sibvisions

removeHiddenPackage

public static void removeHiddenPackage(String pPackage)

Removes a package name from the hidden package list.

Parameters:

pPackage - the full qualified java package naem e.g. com.sibvisions

isHiddenPackage

public static boolean isHiddenPackage(String pJavaName)

Checks if a class or package name is excluded through the hidden package list.

Parameters:

pJavaName - the full qualified java class or package name e.g. com.sibvisions.rad.IPackageSetup

Returns:

true if the name contains a hidden package name