SecurityUtil

• org.joget.commons.util.SecurityUtil
• Under wflow-commons module
• Utility methods used by security feature

 

Code Sample

import org.joget.commons.util.SecurityUtil;
 
 
String value = "this is a test string";
String encryptedValue = SecurityUtil.encrypt(value);

 

Fields

ENVELOPE

public final static String ENVELOPE = "%%%%";

A string is used to prepend and append to encrypted data for differential purposes.

 

Methods

computeHash

public static java.lang.String computeHash(java.lang.String rawContent, java.lang.String randomSalt)

Computes the hash of raw content if data encryption implementation exists.

 

decrypt

public static java.lang.String decrypt(java.lang.String protectedContent)

Decrypt protected content if data encryption implementation exists.

 

encrypt

public static java.lang.String encrypt(java.lang.String rawContent)

Encrypt raw content if data encryption implementation exists.

 

generateNonce

public static java.lang.String generateNonce(java.lang.String[] attributes, int lifepanHour)

Generate a nonce value based on attributes if Nonce Generator implementation exists.

 

generateRandomSalt

public static java.lang.String generateRandomSalt()

Generate a random salt value if data encryption implementation exists.

 

getApplicationContext

public static org.springframework.context.ApplicationContext getApplicationContext()

Utility method to retrieve the ApplicationContext of the system.

 

getCsrfTokenName

public static java.lang.String getCsrfTokenName()

Returns the name of the CRSF token.

 

getCsrfTokenValue

public static java.lang.String getCsrfTokenValue(javax.servlet.http.HttpServletRequest request)

Returns the value of the CRSF token in the request.

 

getDataEncryption

public static org.joget.commons.util.DataEncryption getDataEncryption()

Gets the data encryption implementation.

 

getDomainName

public static java.lang.String getDomainName(java.lang.String url)

Gets the domain name from a given URL.

 

getNonceGenerator

public static org.joget.commons.util.NonceGenerator getNonceGenerator()

Gets the nonce generator implementation.

 

hasSecurityEnvelope

public static boolean hasSecurityEnvelope(java.lang.String content)

Check that the content is wrapped in a security envelope to see if data encryption implementation exists.

 

isAllowedDomain

public static boolean isAllowedDomain(java.lang.String domain, java.util.List<java.lang.String> whitelist)

Verify the domain name against a whitelist.

 

setDataEncryption

public void setDataEncryption(org.joget.commons.util.DataEncryption deImpl)

Sets a data encryption implementation.

 

setNonceGenerator

public void setNonceGenerator(org.joget.commons.util.NonceGenerator ngImpl)

Sets a nonce generator implementation.

 

verifyHash

public static java.lang.Boolean verifyHash(java.lang.String hash, java.lang.String randomSalt, java.lang.String rawContent)

Verify the hash belongs to the raw content if data encryption implementation exists.

 

verifyNonce

public static boolean verifyNonce(java.lang.String nonce, java.lang.String[] attributes)

Verify the nonce is a valid nonce against the attributes if Nonce Generator implementation exists.