Package org.camunda.bpm.webapp.impl.security.auth

Class AuthenticationUtil

  • public class AuthenticationUtil
extends java.lang.Object

    • Field Detail

      • CAM_AUTH_SESSION_KEY

        protected static final java.lang.String CAM_AUTH_SESSION_KEY
        See Also:
        Constant Field Values

      • APPS

        public static final java.lang.String[] APPS

    • Constructor Detail

      • AuthenticationUtil

        public AuthenticationUtil()

    • Method Detail

      • createAuthentication

        public static UserAuthentication createAuthentication​(java.lang.String engineName,
                                                      java.lang.String username)

      • createAuthentication

        public static UserAuthentication createAuthentication​(java.lang.String engineName,
                                                      java.lang.String username,
                                                      java.util.List<java.lang.String> groupIds,
                                                      java.util.List<java.lang.String> tenantIds)

      • createAuthentication

        public static UserAuthentication createAuthentication​(ProcessEngine processEngine,
                                                      java.lang.String username,
                                                      java.util.List<java.lang.String> groupIds,
                                                      java.util.List<java.lang.String> tenantIds)

        Creates and returns a UserAuthentication with the following information:

        • userId
        • processEngineName
        • groupIds
        • tenantIds
        • authorizedApps

      • getTenantsOfUser

        public static java.util.List<java.lang.String> getTenantsOfUser​(ProcessEngine engine,
                                                                java.lang.String userId)

      • getGroupsOfUser

        public static java.util.List<java.lang.String> getGroupsOfUser​(ProcessEngine engine,
                                                               java.lang.String userId)

      • isAuthorizedForApp

        protected static boolean isAuthorizedForApp​(AuthorizationService authorizationService,
                                            java.lang.String username,
                                            java.util.List<java.lang.String> groupIds,
                                            java.lang.String application)

      • getAuthsFromSession

        public static Authentications getAuthsFromSession​(javax.servlet.http.HttpSession session)
        Allows obtaining an Authentications object from the HttpSession. If no such object exists in the session, a new instance is created and returned.
        Parameters:
        session - the HttpSession instance from which to retrieve the Authentications.

      • revalidateSession

        public static void revalidateSession​(javax.servlet.http.HttpServletRequest request,
                                     UserAuthentication authentication)
        Invalidates the old HttpSession of the current request and creates a new one. Additionally, transfers the existing authentications to the new session and adds a new one.
        Parameters:
        request - the HttpServletRequest instance from which the session is obtained and a new HttpSession created.
        authentication - the new Authentication instance that is created through user login. It is added to the existing authentications.

      • updateSession

        public static void updateSession​(javax.servlet.http.HttpSession session,
                                 Authentications authentications)
        Store authentications in current session.

      • updateCache

        public static void updateCache​(Authentications authentications,
                               javax.servlet.http.HttpSession session,
                               long cacheTimeToLive)

        Update/remove authentications when cache validation time (= x + TTL) is due.

        The following information is updated:

        • groupIds
        • tenantIds
        • authorizedApps

          An authorization is only removed if the user doesn't exist anymore (user was deleted).

      • getSessionMutex

        protected static java.lang.Object getSessionMutex​(javax.servlet.http.HttpSession session)

        Returns the session mutex to synchronize on.

        Avoids updating the auth cache by multiple HTTP requests in parallel.