Class SecurityUtils
- java.lang.Object
-
- net.sourceforge.plantuml.security.SecurityUtils
-
public class SecurityUtils extends Object
-
-
Field Summary
Fields Modifier and Type Field Description static StringNO_CREDENTIALSIndicates, that we have no authentication and credentials to access the URL.static StringPATHS_ALLOWEDWhitelist of paths from where scripts can load data.static StringPATHS_CLASSESJava class paths to import files from.static StringPATHS_INCLUDESPaths to include files.static StringPATHS_SECURITYPaths to folders with security specific content (not allowed to read via SFile).static StringSECURITY_ALLOW_NONSSL_AUTH
-
Constructor Summary
Constructors Constructor Description SecurityUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static booleanallowSvgText()static FileOutputStreamcreateFileOutputStream(String path)static FileReadercreateFileReader(String path)static PrintStreamcreatePrintStream(OutputStream os)static PrintStreamcreatePrintStream(OutputStream os, boolean autoFlush, String charset)static PrintStreamcreatePrintStream(OutputStream os, boolean autoFlush, Charset charset)static PrintWritercreatePrintWriter(OutputStream os)static PrintWritercreatePrintWriter(OutputStream os, boolean append)static PrintWritercreatePrintWriter(String path)static booleanexistsSecurityCredentials(String userToken)Checks if user credentials existing.static SecurityAccessInterceptorgetAccessInterceptor(SecurityAuthentication authentication)Returns the authentication interceptor for aSecurityAuthentication.static SecurityAuthorizeManagergetAuthenticationManager(SecurityCredentials credentialConfiguration)Returns the authorize-manager for a security credentials configuration.static Stringgetenv(String name)static List<SFile>getPath(String prop)static SFilegetSecurityPath()Loads the path to the configured security folder, if existing.static SecurityProfilegetSecurityProfile()static booleanignoreThisLink(String url)static booleanisNonSSLAuthenticationAllowed()Configuration for Non-SSL authentication methods.static booleanisSecurityEnv(String name)Checks the environment variable and returns true if the variable is used in security context.static SecurityCredentialsloadSecurityCredentials(String userToken)Loads the user credentials from the file system.static BufferedImagereadRasterImage(ImageIcon imageIcon)
-
-
-
Field Detail
-
NO_CREDENTIALS
public static final String NO_CREDENTIALS
Indicates, that we have no authentication and credentials to access the URL.- See Also:
- Constant Field Values
-
PATHS_CLASSES
public static final String PATHS_CLASSES
Java class paths to import files from.- See Also:
- Constant Field Values
-
PATHS_INCLUDES
public static final String PATHS_INCLUDES
Paths to include files.- See Also:
- Constant Field Values
-
PATHS_ALLOWED
public static final String PATHS_ALLOWED
Whitelist of paths from where scripts can load data.- See Also:
- Constant Field Values
-
PATHS_SECURITY
public static final String PATHS_SECURITY
Paths to folders with security specific content (not allowed to read via SFile).- See Also:
- Constant Field Values
-
SECURITY_ALLOW_NONSSL_AUTH
public static final String SECURITY_ALLOW_NONSSL_AUTH
- See Also:
- Constant Field Values
-
-
Method Detail
-
getSecurityProfile
public static SecurityProfile getSecurityProfile()
-
ignoreThisLink
public static boolean ignoreThisLink(String url)
-
isSecurityEnv
public static boolean isSecurityEnv(String name)
Checks the environment variable and returns true if the variable is used in security context. In this case, the value should not be displayed in scripts.- Parameters:
name- Environment variable to check- Returns:
- true, if this is a secret variable
-
isNonSSLAuthenticationAllowed
public static boolean isNonSSLAuthenticationAllowed()
Configuration for Non-SSL authentication methods.- Returns:
- true, if plantUML should allow authentication in plain connections (without encryption).
- See Also:
SECURITY_ALLOW_NONSSL_AUTH
-
allowSvgText
public static boolean allowSvgText()
-
createPrintWriter
public static PrintWriter createPrintWriter(OutputStream os)
-
createPrintWriter
public static PrintWriter createPrintWriter(OutputStream os, boolean append)
-
createPrintStream
public static PrintStream createPrintStream(OutputStream os)
-
createPrintStream
public static PrintStream createPrintStream(OutputStream os, boolean autoFlush, String charset) throws UnsupportedEncodingException
- Throws:
UnsupportedEncodingException
-
createPrintStream
public static PrintStream createPrintStream(OutputStream os, boolean autoFlush, Charset charset) throws UnsupportedEncodingException
- Throws:
UnsupportedEncodingException
-
readRasterImage
public static BufferedImage readRasterImage(ImageIcon imageIcon)
-
createFileReader
public static FileReader createFileReader(String path) throws FileNotFoundException
- Throws:
FileNotFoundException
-
createPrintWriter
public static PrintWriter createPrintWriter(String path) throws FileNotFoundException
- Throws:
FileNotFoundException
-
createFileOutputStream
public static FileOutputStream createFileOutputStream(String path) throws FileNotFoundException
- Throws:
FileNotFoundException
-
getAuthenticationManager
public static SecurityAuthorizeManager getAuthenticationManager(SecurityCredentials credentialConfiguration)
Returns the authorize-manager for a security credentials configuration.- Parameters:
credentialConfiguration- the credentials- Returns:
- the manager.
-
getAccessInterceptor
public static SecurityAccessInterceptor getAccessInterceptor(SecurityAuthentication authentication)
Returns the authentication interceptor for aSecurityAuthentication.- Parameters:
authentication- the authentication data- Returns:
- the interceptor.
-
existsSecurityCredentials
public static boolean existsSecurityCredentials(String userToken)
Checks if user credentials existing.- Parameters:
userToken- name of the credential file- Returns:
- boolean, if exists
-
loadSecurityCredentials
public static SecurityCredentials loadSecurityCredentials(String userToken)
Loads the user credentials from the file system.- Parameters:
userToken- name of the credential file- Returns:
- the credentials or NONE
-
getSecurityPath
public static SFile getSecurityPath()
Loads the path to the configured security folder, if existing.Please note: A SFile referenced to a security folder cannot access the files. The content of the files in the security path should never have passed to DSL scripts.
- Returns:
- SFile folder or null
-
-