Class SecurityUtils
- java.lang.Object
-
- net.sourceforge.plantuml.security.SecurityUtils
-
public class SecurityUtils extends java.lang.Object
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
NO_CREDENTIALS
Indicates, that we have no authentication and credentials to access the URL.static java.lang.String
PATHS_ALLOWED
Whitelist of paths from where scripts can load data.static java.lang.String
PATHS_CLASSES
Java class paths to import files from.static java.lang.String
PATHS_INCLUDES
Paths to include files.static java.lang.String
PATHS_SECURITY
Paths to folders with security specific content (not allowed to read via SFile).static java.lang.String
SECURITY_ALLOW_NONSSL_AUTH
-
Constructor Summary
Constructors Constructor Description SecurityUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
allowSvgText()
static java.io.FileOutputStream
createFileOutputStream(java.lang.String path)
static java.io.FileReader
createFileReader(java.lang.String path)
static java.io.PrintStream
createPrintStream(java.io.OutputStream os)
static java.io.PrintStream
createPrintStream(java.io.OutputStream os, boolean autoFlush, java.lang.String charset)
static java.io.PrintStream
createPrintStream(java.io.OutputStream os, boolean autoFlush, java.nio.charset.Charset charset)
static java.io.PrintWriter
createPrintWriter(java.io.OutputStream os)
static java.io.PrintWriter
createPrintWriter(java.io.OutputStream os, boolean append)
static java.io.PrintWriter
createPrintWriter(java.lang.String path)
static boolean
existsSecurityCredentials(java.lang.String userToken)
Checks if user credentials existing.static SecurityAccessInterceptor
getAccessInterceptor(SecurityAuthentication authentication)
Returns the authentication interceptor for aSecurityAuthentication
.static SecurityAuthorizeManager
getAuthenticationManager(SecurityCredentials credentialConfiguration)
Returns the authorize-manager for a security credentials configuration.static java.lang.String
getenv(java.lang.String name)
static boolean
getJavascriptUnsecure()
static java.util.List<SFile>
getPath(java.lang.String prop)
static SFile
getSecurityPath()
Loads the path to the configured security folder, if existing.static SecurityProfile
getSecurityProfile()
static boolean
isNonSSLAuthenticationAllowed()
Configuration for Non-SSL authentication methods.static boolean
isSecurityEnv(java.lang.String name)
Checks the environment variable and returns true if the variable is used in security context.static SecurityCredentials
loadSecurityCredentials(java.lang.String userToken)
Loads the user credentials from the file system.static java.awt.image.BufferedImage
readRasterImage(javax.swing.ImageIcon imageIcon)
-
-
-
Field Detail
-
NO_CREDENTIALS
public static final java.lang.String NO_CREDENTIALS
Indicates, that we have no authentication and credentials to access the URL.- See Also:
- Constant Field Values
-
PATHS_CLASSES
public static final java.lang.String PATHS_CLASSES
Java class paths to import files from.- See Also:
- Constant Field Values
-
PATHS_INCLUDES
public static final java.lang.String PATHS_INCLUDES
Paths to include files.- See Also:
- Constant Field Values
-
PATHS_ALLOWED
public static final java.lang.String PATHS_ALLOWED
Whitelist of paths from where scripts can load data.- See Also:
- Constant Field Values
-
PATHS_SECURITY
public static final java.lang.String PATHS_SECURITY
Paths to folders with security specific content (not allowed to read via SFile).- See Also:
- Constant Field Values
-
SECURITY_ALLOW_NONSSL_AUTH
public static final java.lang.String SECURITY_ALLOW_NONSSL_AUTH
- See Also:
- Constant Field Values
-
-
Method Detail
-
getSecurityProfile
public static SecurityProfile getSecurityProfile()
-
getJavascriptUnsecure
public static boolean getJavascriptUnsecure()
-
getenv
public static java.lang.String getenv(java.lang.String name)
-
isSecurityEnv
public static boolean isSecurityEnv(java.lang.String name)
Checks the environment variable and returns true if the variable is used in security context. In this case, the value should not be displayed in scripts.- Parameters:
name
- Environment variable to check- Returns:
- true, if this is a secret variable
-
isNonSSLAuthenticationAllowed
public static boolean isNonSSLAuthenticationAllowed()
Configuration for Non-SSL authentication methods.- Returns:
- true, if plantUML should allow authentication in plain connections (without encryption).
- See Also:
SECURITY_ALLOW_NONSSL_AUTH
-
getPath
public static java.util.List<SFile> getPath(java.lang.String prop)
-
allowSvgText
public static boolean allowSvgText()
-
createPrintWriter
public static java.io.PrintWriter createPrintWriter(java.io.OutputStream os)
-
createPrintWriter
public static java.io.PrintWriter createPrintWriter(java.io.OutputStream os, boolean append)
-
createPrintStream
public static java.io.PrintStream createPrintStream(java.io.OutputStream os)
-
createPrintStream
public static java.io.PrintStream createPrintStream(java.io.OutputStream os, boolean autoFlush, java.lang.String charset) throws java.io.UnsupportedEncodingException
- Throws:
java.io.UnsupportedEncodingException
-
createPrintStream
public static java.io.PrintStream createPrintStream(java.io.OutputStream os, boolean autoFlush, java.nio.charset.Charset charset) throws java.io.UnsupportedEncodingException
- Throws:
java.io.UnsupportedEncodingException
-
readRasterImage
public static java.awt.image.BufferedImage readRasterImage(javax.swing.ImageIcon imageIcon)
-
createFileReader
public static java.io.FileReader createFileReader(java.lang.String path) throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
createPrintWriter
public static java.io.PrintWriter createPrintWriter(java.lang.String path) throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
createFileOutputStream
public static java.io.FileOutputStream createFileOutputStream(java.lang.String path) throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
getAuthenticationManager
public static SecurityAuthorizeManager getAuthenticationManager(SecurityCredentials credentialConfiguration)
Returns the authorize-manager for a security credentials configuration.- Parameters:
credentialConfiguration
- the credentials- Returns:
- the manager.
-
getAccessInterceptor
public static SecurityAccessInterceptor getAccessInterceptor(SecurityAuthentication authentication)
Returns the authentication interceptor for aSecurityAuthentication
.- Parameters:
authentication
- the authentication data- Returns:
- the interceptor.
-
existsSecurityCredentials
public static boolean existsSecurityCredentials(java.lang.String userToken)
Checks if user credentials existing.- Parameters:
userToken
- name of the credential file- Returns:
- boolean, if exists
-
loadSecurityCredentials
public static SecurityCredentials loadSecurityCredentials(java.lang.String userToken)
Loads the user credentials from the file system.- Parameters:
userToken
- name of the credential file- Returns:
- the credentials or NONE
-
getSecurityPath
public static SFile getSecurityPath()
Loads the path to the configured security folder, if existing.Please note: A SFile referenced to a security folder cannot access the files. The content of the files in the security path should never have passed to DSL scripts.
- Returns:
- SFile folder or null
-
-