Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

blackboard.platform.security
Class SecurityUtil

java.lang.Object
  extended by blackboard.platform.security.SecurityUtil

public class SecurityUtil
extends java.lang.Object

This class provides utility methods for security logic, notably around checking for entitlements. There are additional methods for converting strings to hashes.

Since:
Blackboard 6.0
Version:
$Revision: #1 $ $Date: 2007/06/27 $

Field Summary
static java.lang.String HASH_ALGORITHM
           
 
Constructor Summary
SecurityUtil()
           
 
Method Summary
static void checkEntitlement(java.lang.String uid)
          Checks if the current user in context has the specified entitlement.
static void checkEntitlementInContext(java.lang.String uid, Id context)
          Checks if the current user in the specified context has the specified entitlement.
static void checkPermission(java.security.Permission perm)
          Performs a check for the specified permission against the installed SecurityManager.
static BbResourceBundle getBundle()
          Returns the security ResourceBundle, based on the current context locale.
static java.lang.String getHashValue(java.lang.String input)
          Utility method that generates a hex-formatted string representation of the message digest obtained from the specified string.
static java.lang.String getHashValue(java.lang.String input, java.lang.String charSet)
          Utility method that generates a hex-formatted string representation of the message digest obtained from the specified string.
static void requireEntitledUser(java.lang.String uid, javax.servlet.http.HttpServletRequest request)
          Throws a BbSecurityException, which will be caught by the Error receipt infrastructure and require the user to log in as a different user.
static boolean userHasAllEntitlements(java.lang.String[] entitlementNames)
          Checks to see if the user has all the entitlements specified, using Context derived from specified HttpServletRequest object.
static boolean userHasAnyEntitlements(java.lang.String[] entitlementNames)
          Wrapper method for AccessManagerService.userHasAnyEntitlements( String[] ).
static boolean userHasEntitlement(Entitlement entitlement)
          Checks if the current context user has the specified entitlement.
static boolean userHasEntitlement(Entitlement entitlement, Identifiable obj)
          Method to check an entitlement for a specific object, which is assumed to be related to the user via a Domain Admin association.
static boolean userHasEntitlement(java.lang.String entitlementUID)
          Checks if the current context user has the entitlement with the specified UID.
static boolean userHasEntitlement(User user, CourseMembership courseMembership, Entitlement entitlement)
          Explicit check for a single entitlement.
static boolean userHasEntitlementInContext(Entitlement entitlement, Id targetContextId)
          Wrapper method for AccessManagerService.userHasEntitlementInContext( Entitlement, Id ).
static boolean userHasEntitlementInContext(java.lang.String entitlementUid, Id targetContextId)
          Wrapper method for AccessManagerService.userHasEntitlementInContext( String, Id ).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HASH_ALGORITHM

public static final java.lang.String HASH_ALGORITHM
See Also:
Constant Field Values
Constructor Detail

SecurityUtil

public SecurityUtil()
Method Detail

checkPermission

public static void checkPermission(java.security.Permission perm)
Performs a check for the specified permission against the installed SecurityManager. If no SecurityManager is installed, this is a no-op.

Parameters:
perm - The permission to check. For convenience, this may be null. The result is a no-op.

getHashValue

public static java.lang.String getHashValue(java.lang.String input)
Utility method that generates a hex-formatted string representation of the message digest obtained from the specified string. Used in generating persistent password references and challenges in the challenge response protocol. Using UTF-16LE to coordinate encryption provided by javascript md5 hash routine.

Parameters:
input - String to hash, format and return
Returns:
Hexadecimal representation of the hashed message. All characters are lowercase.

getHashValue

public static java.lang.String getHashValue(java.lang.String input,
                                            java.lang.String charSet)
Utility method that generates a hex-formatted string representation of the message digest obtained from the specified string. Used in generating persistent password references and challenges in the challenge response protocol.

Parameters:
input - String to hash, format and return
charSet - set to be used ( UTF-8 or ISO-8859-1 )
Returns:
Hexadecimal representation of the hashed message. All characters are lowercase.

checkEntitlement

public static void checkEntitlement(java.lang.String uid)
                             throws AccessException
Checks if the current user in context has the specified entitlement. If they do, the method will simply return. If they don't an AccessException will be thrown.

Parameters:
uid - The uid of the entitlement to check. If this does not specify a valid entitlement, AccessException will always be thrown
Throws:
AccessException - if the current user in context does not have the specified entitlement
See Also:
userHasEntitlement(String)

checkEntitlementInContext

public static void checkEntitlementInContext(java.lang.String uid,
                                             Id context)
                                      throws AccessException
Checks if the current user in the specified context has the specified entitlement. If they do, the method will simply return. If they don't an AccessException will be thrown.

Parameters:
uid - The uid of the entitlement to check. If this does not specify a valid entitlement, AccessException will always be thrown
context - The context to check the entitlement against
Throws:
AccessException - if the current user in context does not have the specified entitlement
See Also:
userHasEntitlementInContext(String, Id)

requireEntitledUser

public static void requireEntitledUser(java.lang.String uid,
                                       javax.servlet.http.HttpServletRequest request)
                                throws BbSecurityException
Throws a BbSecurityException, which will be caught by the Error receipt infrastructure and require the user to log in as a different user.

Parameters:
uid -
request -
Throws:
BbSecurityException

userHasEntitlement

public static boolean userHasEntitlement(java.lang.String entitlementUID)
Checks if the current context user has the entitlement with the specified UID. Context is assumed to have been set by the caller.

Parameters:
entitlementUID - UID of the entitlement to check. If this does not specify a valid entitlement UID, the check will always return false.
Returns:
true if the current context user has the specified entitlement; false if the user does not have the entitlement, the current context has no user, or the entitlement is invalid

userHasEntitlement

public static boolean userHasEntitlement(Entitlement entitlement)
Checks if the current context user has the specified entitlement. Context is assumed to have been set by the caller. This is the primary method for granular entitlements checks; most cases should be for a caller in context.

Parameters:
entitlement - the entitlement to check. If null, the check will always return false.
Returns:
true if the current context user has the specified entitlement; false if the user does not have the entitlement, the current context has no user, or the entitlement is null

userHasEntitlement

public static boolean userHasEntitlement(User user,
                                         CourseMembership courseMembership,
                                         Entitlement entitlement)
Explicit check for a single entitlement. Please note that this method should be used for most single-entitlement checks, since it does not require loading the User from the database.

Parameters:
user - the current User, usually stored in the Context for this thread
courseMembership - Used to determine any entitlements conferrable from a course role. This argument may be null.
entitlement - the Entitlement to check. If this is null, false is returned.
Returns:
true if the user's system role or current course role have the specified entitlement

userHasEntitlement

public static boolean userHasEntitlement(Entitlement entitlement,
                                         Identifiable obj)
Method to check an entitlement for a specific object, which is assumed to be related to the user via a Domain Admin association.

Parameters:
entitlement - Entitlement to check
obj - IBbObject instance; must of type Course, User, Organization, Module or Tab to be effective. If the object is a course, an enrollment check is also performed
Returns:
true if the user has access; false otherwise.

userHasAllEntitlements

public static boolean userHasAllEntitlements(java.lang.String[] entitlementNames)
Checks to see if the user has all the entitlements specified, using Context derived from specified HttpServletRequest object. For example, a user may have be entitled access to a page, but not a given widget on the page. Note that there is no explicit user or course parameter; this method derives that information from Context.

Parameters:
entitlementNames - Array of entitlement UIDs to check
Returns:
true if and only if the user has all the specified entitlements in the context defined by request

userHasAnyEntitlements

public static boolean userHasAnyEntitlements(java.lang.String[] entitlementNames)
Wrapper method for AccessManagerService.userHasAnyEntitlements( String[] ).

Parameters:
entitlementNames - List of entitlements to check
Returns:
true if the user has at least one of the entitlements in the current context

userHasEntitlementInContext

public static boolean userHasEntitlementInContext(java.lang.String entitlementUid,
                                                  Id targetContextId)
Wrapper method for AccessManagerService.userHasEntitlementInContext( String, Id ).

Parameters:
entitlementUid - Entitlement id to check
targetContextId - Id object for the target context
Returns:
true if the user has the entitlement in the target context; false otherwise.

userHasEntitlementInContext

public static boolean userHasEntitlementInContext(Entitlement entitlement,
                                                  Id targetContextId)
Wrapper method for AccessManagerService.userHasEntitlementInContext( Entitlement, Id ).

Parameters:
entitlement - Entitlement to check
targetContextId - Id object for the target context
Returns:
true if the user has the entitlement in the target context; false otherwise.

getBundle

public static BbResourceBundle getBundle()
Returns the security ResourceBundle, based on the current context locale.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003 Blackboard, Inc. All Rights Reserved.