com.arsdigita.acs
Class Security

java.lang.Object
  |
  +--com.arsdigita.acs.Security

public class Security

extends java.lang.Object

Properties and utility methods for ACS the system security. The static class initializer populates the random secret-token cache.

Inner Class Summary

static class

Security.SweepSessions Scheduled procedure to remove stale sessions from the sec_session_properties table

Field Summary

static java.lang.String

cvsId

Constructor Summary

Security()

Method Summary

static void	changePassword(java.math.BigDecimal userId, java.lang.String newPassword) Changes specified user's password
static boolean	checkPassword(java.math.BigDecimal userId, java.lang.String pw)
static int	getPrivacyThreshold(java.lang.Object user_id) Pages that are considering whether to display a user's name or email address should test to make sure that a user's priv_ from the database is less than or equal to what ad_privacy_threshold returns.
static java.lang.String	getRandomToken() Returns a secure random token.
static java.lang.String	getRandomTokenId()
static java.lang.String	getSecretToken(java.lang.Object id)
static int	getSessionCookieReissue()
static int	getSessionLifetime()
static int	getSessionTimeout()
static void	populateSecretTokenCache()
static void	populateSecretTokensInDatabase()
static java.lang.String	shaEncode(java.lang.String s)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cvsId

public static final java.lang.String cvsId

Constructor Detail

Security

public Security()

Method Detail

getSessionTimeout

public static int getSessionTimeout()

Returns:

The length of time, in seconds, that sessions should remain valid between hits. (default, 20 minutes).

getSessionLifetime

public static int getSessionLifetime()

Returns:

The length of time, in seconds, that sessions should remain alive. default 2 days.

getSessionCookieReissue

public static int getSessionCookieReissue()

Returns:

The period, in seconds, after which we should reissue the session_id cookie and update last_hit in the sessions table. (default: 5 mins)

shaEncode

public static java.lang.String shaEncode(java.lang.String s)

Returns:

the SHA-1 encryption of a given string Uses a public-domain SHA-1 class I "found on the web."

getRandomToken

public static java.lang.String getRandomToken()

Returns a secure random token.

checkPassword

public static boolean checkPassword(java.math.BigDecimal userId,
                                    java.lang.String pw)
                             throws java.sql.SQLException

Returns:

Returns true if the password is correct for the given user ID.

changePassword

public static final void changePassword(java.math.BigDecimal userId,
                                        java.lang.String newPassword)
                                 throws java.sql.SQLException

Changes specified user's password

getPrivacyThreshold

public static final int getPrivacyThreshold(java.lang.Object user_id)

Pages that are considering whether to display a user's name or email address should test to make sure that a user's priv_ from the database is less than or equal to what ad_privacy_threshold returns.

populateSecretTokensInDatabase

public static final void populateSecretTokensInDatabase()
                                                 throws java.sql.SQLException

populateSecretTokenCache

public static final void populateSecretTokenCache()
                                           throws java.sql.SQLException

getRandomTokenId

public static final java.lang.String getRandomTokenId()

Returns:

a random token id from the token cache

getSecretToken

public static final java.lang.String getSecretToken(java.lang.Object id)

Parameters:

id - the token id to look up

Returns:

the secret token with specified id from the cache; does a database lookup in the worst case if not in cache