Package sk.iway.iwcm.common
Class LogonTools
java.lang.Object
sk.iway.iwcm.common.LogonTools
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidafterLogon(Identity user, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) static voidauditLogon(List<String> errors, Identity user, String username, javax.servlet.http.HttpServletRequest request) static booleanSkontroluje ci sa moze pouzivatel prihlasit vzhladom na zadane datumy mozneho prihlaseniastatic intcheckForAlarm(Identity user) static voidinvalidateSessionOnFirstPost(javax.servlet.http.HttpServletRequest request) Ochrana Session Fixation (MFSR pentesty) ktora zabezpeci pri PRVOM odoslani (POST) logon formularu invalidnutie sessionstatic booleanisLoginBlocked(javax.servlet.http.HttpServletRequest request) Test if login is not time/IP blockedstatic booleanisPasswordCorrect(String password, String salt, String passwordInDb) Verify if given password is correct including support for old Rijndael encryptionstatic Stringlogon(String username, String password, Identity user, Map<String, String> errors, javax.servlet.http.HttpServletRequest request, Prop prop) Description of the MethodlogonUserWithAllChecks(javax.servlet.http.HttpServletRequest request, String username, String password) static voidsaveAfterLogonRedirect(javax.servlet.http.HttpServletRequest request) Ulozi URL pred zobrazenim logon formu na ktoru sa po prihlaseni presmerujestatic voidsetLoginBlocked(javax.servlet.http.HttpServletRequest request) Cache info about bad credentials/login to block for 10 secondsstatic voidsetUserPerms(Identity user) Nastavi userovi prava na adresare (editable groups a pages)static org.springframework.security.core.AuthenticationsetUserToSession(javax.servlet.http.HttpSession session, Identity user) Nastavi usera do session a nastavi spring prava
-
Constructor Details
-
LogonTools
protected LogonTools()
-
-
Method Details
-
checkAllowLoginDates
Skontroluje ci sa moze pouzivatel prihlasit vzhladom na zadane datumy mozneho prihlasenia- Parameters:
rs-- Returns:
-
logon
public static String logon(String username, String password, Identity user, Map<String, String> errors, javax.servlet.http.HttpServletRequest request, Prop prop) Description of the Method- Parameters:
username- Description of the Parameterpassword- Description of the Parameteruser- Description of the Parametererrors- Description of the Parameterrequest- Description of the Parameter- Returns:
- Description of the Return Value
-
setUserPerms
Nastavi userovi prava na adresare (editable groups a pages)- Parameters:
user-
-
auditLogon
-
logonUser
-
logonUserWithAllChecks
-
afterLogon
public static void afterLogon(Identity user, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) -
checkForAlarm
-
invalidateSessionOnFirstPost
public static void invalidateSessionOnFirstPost(javax.servlet.http.HttpServletRequest request) Ochrana Session Fixation (MFSR pentesty) ktora zabezpeci pri PRVOM odoslani (POST) logon formularu invalidnutie session- Parameters:
request-
-
saveAfterLogonRedirect
public static void saveAfterLogonRedirect(javax.servlet.http.HttpServletRequest request) Ulozi URL pred zobrazenim logon formu na ktoru sa po prihlaseni presmeruje- Parameters:
request-
-
setUserToSession
public static org.springframework.security.core.Authentication setUserToSession(javax.servlet.http.HttpSession session, Identity user) Nastavi usera do session a nastavi spring prava- Parameters:
session-user-
-
isLoginBlocked
public static boolean isLoginBlocked(javax.servlet.http.HttpServletRequest request) Test if login is not time/IP blocked- Parameters:
request-- Returns:
-
setLoginBlocked
public static void setLoginBlocked(javax.servlet.http.HttpServletRequest request) Cache info about bad credentials/login to block for 10 seconds- Parameters:
request-
-
isPasswordCorrect
Verify if given password is correct including support for old Rijndael encryption- Parameters:
password-salt-passwordInDb-- Returns:
-