Package org.silverpeas.core.util.security

Class SecuritySettings

  • public class SecuritySettings
extends Object
    User: Yohann Chastagnier Date: 05/03/14

    • Method Detail

      • isWebSqlInjectionSecurityEnabled

        public static boolean isWebSqlInjectionSecurityEnabled()
        Is the SQL injection security mechanism enabled?
        Returns:
        true if the security mechanism is enabled for Silverpeas, false otherwise.

      • skippedParametersAboutWebSqlInjectionSecurity

        public static String skippedParametersAboutWebSqlInjectionSecurity()
        Indicates the parameters for which the SQL injection verification must be bypassed.
        Returns:
        a regexp represented by a string.

      • isWebXssInjectionSecurityEnabled

        public static boolean isWebXssInjectionSecurityEnabled()
        Is the XSS injection security mechanism enabled?
        Returns:
        true if the security mechanism is enabled for Silverpeas, false otherwise.

      • skippedParametersAboutWebXssInjectionSecurity

        public static String skippedParametersAboutWebXssInjectionSecurity()
        Indicates the parameters for which the XSS injection verification must be bypassed.
        Returns:
        a regexp represented by a string.

      • isWebSecurityByTokensEnabled

        public static boolean isWebSecurityByTokensEnabled()
        Is the security mechanism based on the synchronizer token pattern enabled?
        Returns:
        true if the security mechanism is enabled for Silverpeas, false otherwise.

      • isSessionTokenRenewEnabled

        public static boolean isSessionTokenRenewEnabled()
        Is the renew of the synchronizer tokens used to protect a user session enabled?
        Returns:
        true if the renew of session tokens is enabled in Silverpeas, false otherwise.

      • isStrictTransportSecurityEnabled

        public static boolean isStrictTransportSecurityEnabled()
        Is the Strict Transport Security enabled? Strict Transport Security can be used only with secured connections. It ensures only HTTPS connections are used and hence asks the client to switch any HTTP connection to an HTTPS connection.
        Returns:
        true of Strict Transport Security must be used, false otherwise.

      • getStrictTransportSecurityExpirationTime

        public static long getStrictTransportSecurityExpirationTime()
        How many seconds the client must memorize Silverpeas has to be accessed only by HTTPS. Strict Transport Security can be used only with secured connections. It ensures only HTTPS connections are used and hence asks the client to switch any HTTP connection to an HTTPS connection.
        Returns:
        a number of seconds or 0 if no expiration time.

      • getAllowedDomains

        public static List<String> getAllowedDomains()
        Gets the URL of all of the domains that are authorized to be accessed from Silverpeas. By default, if empty, only web resources coming from Silverpeas itself should be authorized. If of size one and the first value is "*", no CORS protection is enabled. Otherwise, only the specified domains are authorized by the CORS protection to be accessed from Silverpeas.
        Returns:
        a list of URI identifying the domains that are authorized to be accessed from Silverpeas.

      • isWebContentInjectionSecurityEnabled

        public static boolean isWebContentInjectionSecurityEnabled()
        Is the content injection security mechanism enabled? That is to say is the Content Security Policy enabled?
        Returns:
        true if the Content Security Policy is enabled for Silverpeas, false otherwise.

      • getAllowedDefaultSourcesInCSP

        public static String getAllowedDefaultSourcesInCSP()

      • getAllowedScriptSourcesInCSP

        public static String getAllowedScriptSourcesInCSP()

      • getAllowedStyleSourcesInCSP

        public static String getAllowedStyleSourcesInCSP()

      • getIFrameSandboxTagAttribute

        public static String getIFrameSandboxTagAttribute()
        Gets the formatted sandbox iframe attribute for external contents.
        Returns:
        the TAG attribute.