Class SecurityUtils


  • public class SecurityUtils
    extends java.lang.Object
    • Field Detail

      • NO_CREDENTIALS

        public static final java.lang.String NO_CREDENTIALS
        Indicates, that we have no authentication and credentials to access the URL.
        See Also:
        Constant Field Values
      • PATHS_CLASSES

        public static final java.lang.String PATHS_CLASSES
        Java class paths to import files from.
        See Also:
        Constant Field Values
      • PATHS_INCLUDES

        public static final java.lang.String PATHS_INCLUDES
        Paths to include files.
        See Also:
        Constant Field Values
      • PATHS_ALLOWED

        public static final java.lang.String PATHS_ALLOWED
        Whitelist of paths from where scripts can load data.
        See Also:
        Constant Field Values
      • PATHS_SECURITY

        public static final java.lang.String PATHS_SECURITY
        Paths to folders with security specific content (not allowed to read via SFile).
        See Also:
        Constant Field Values
      • SECURITY_ALLOW_NONSSL_AUTH

        public static final java.lang.String SECURITY_ALLOW_NONSSL_AUTH
        See Also:
        Constant Field Values
    • Constructor Detail

      • SecurityUtils

        public SecurityUtils()
    • Method Detail

      • getJavascriptUnsecure

        public static boolean getJavascriptUnsecure()
      • getenv

        public static java.lang.String getenv​(java.lang.String name)
      • isSecurityEnv

        public static boolean isSecurityEnv​(java.lang.String name)
        Checks the environment variable and returns true if the variable is used in security context. In this case, the value should not be displayed in scripts.
        Parameters:
        name - Environment variable to check
        Returns:
        true, if this is a secret variable
      • isNonSSLAuthenticationAllowed

        public static boolean isNonSSLAuthenticationAllowed()
        Configuration for Non-SSL authentication methods.
        Returns:
        true, if plantUML should allow authentication in plain connections (without encryption).
        See Also:
        SECURITY_ALLOW_NONSSL_AUTH
      • getPath

        public static java.util.List<SFile> getPath​(java.lang.String prop)
      • allowSvgText

        public static boolean allowSvgText()
      • createPrintWriter

        public static java.io.PrintWriter createPrintWriter​(java.io.OutputStream os)
      • createPrintWriter

        public static java.io.PrintWriter createPrintWriter​(java.io.OutputStream os,
                                                            boolean append)
      • createPrintStream

        public static java.io.PrintStream createPrintStream​(java.io.OutputStream os)
      • createPrintStream

        public static java.io.PrintStream createPrintStream​(java.io.OutputStream os,
                                                            boolean autoFlush,
                                                            java.lang.String charset)
                                                     throws java.io.UnsupportedEncodingException
        Throws:
        java.io.UnsupportedEncodingException
      • createPrintStream

        public static java.io.PrintStream createPrintStream​(java.io.OutputStream os,
                                                            boolean autoFlush,
                                                            java.nio.charset.Charset charset)
                                                     throws java.io.UnsupportedEncodingException
        Throws:
        java.io.UnsupportedEncodingException
      • readRasterImage

        public static java.awt.image.BufferedImage readRasterImage​(javax.swing.ImageIcon imageIcon)
      • createFileReader

        public static java.io.FileReader createFileReader​(java.lang.String path)
                                                   throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException
      • createPrintWriter

        public static java.io.PrintWriter createPrintWriter​(java.lang.String path)
                                                     throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException
      • createFileOutputStream

        public static java.io.FileOutputStream createFileOutputStream​(java.lang.String path)
                                                               throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException
      • getAuthenticationManager

        public static SecurityAuthorizeManager getAuthenticationManager​(SecurityCredentials credentialConfiguration)
        Returns the authorize-manager for a security credentials configuration.
        Parameters:
        credentialConfiguration - the credentials
        Returns:
        the manager.
      • existsSecurityCredentials

        public static boolean existsSecurityCredentials​(java.lang.String userToken)
        Checks if user credentials existing.
        Parameters:
        userToken - name of the credential file
        Returns:
        boolean, if exists
      • loadSecurityCredentials

        public static SecurityCredentials loadSecurityCredentials​(java.lang.String userToken)
        Loads the user credentials from the file system.
        Parameters:
        userToken - name of the credential file
        Returns:
        the credentials or NONE
      • getSecurityPath

        public static SFile getSecurityPath()
        Loads the path to the configured security folder, if existing.

        Please note: A SFile referenced to a security folder cannot access the files. The content of the files in the security path should never have passed to DSL scripts.

        Returns:
        SFile folder or null