Class Security


  • public class Security
    extends Object

    Provides transaction security functions.

    Examples

    Please find the transaction security function examples below.

    XML Safe Check Example

    This Groovy example shows how to check if the XML document does not contain any XSS characters.

     import com.avoka.tm.util.Security
    
     boolean isSafe = Security.isXmlDocumentSafe(xmlDocument) 

    Text Safe Check Example

    This Groovy example shows how to check if the XML document does not contain any XSS characters.

     import com.avoka.tm.util.Security
    
     boolean isSafe = Security.isXmlTextSafe(xmlText) 

    Adding Transaction Security Tokens to Session Example

    This Groovy example shows how to add the transaction security tokens to the session.

     import com.avoka.tm.util.Security
    
     Security.addSessionTxnSecurityTokens(request, txnId) 
    Since:
    5.0
    • Method Detail

      • addSessionTxnSecurityTokens

        public static void addSessionTxnSecurityTokens​(HttpServletRequest request,
                                                       Txn txn)
        Add the transaction security access tokens to the session.
        Parameters:
        request - the HTTP request (required)
        txn - the transaction (required)
      • addSessionReceiptSecurityTokens

        public static void addSessionReceiptSecurityTokens​(HttpServletRequest request,
                                                           Txn txn)
        Add the transaction PDF receipt security access tokens to the session.
        Parameters:
        request - the HTTP request (required)
        txn - the transaction (required)
        Since:
        18.11.0
      • storeSessionEntryUrl

        public static String storeSessionEntryUrl​(HttpServletRequest request)
        Stores the Entry URL in the session for SSO integration support.
        Parameters:
        request - the servlet request (required)
        Returns:
        the stored URL stored in the session
        Since:
        18.11.0
      • getSessionEntryUrl

        public static String getSessionEntryUrl​(HttpServletRequest request)
        Return the session stored Entry URL for SSO integration support.
        Parameters:
        request - the servlet request (required)
        Returns:
        the Entry URL if available or null otherwise
        Since:
        18.11.0
      • isXssSafeXmlDoc

        public static boolean isXssSafeXmlDoc​(Document document)

        Return true if the XML document does not contain any XSS characters, or false otherwise. Please see dangerous characters:

        XSS Filter Evasion Cheat Sheet
        Parameters:
        document - the XML document to test (required)
        Returns:
        true, if is XSS safe or false otherwise
      • isXssSafeXmlText

        public static boolean isXssSafeXmlText​(String value)

        Return true if the XML text does not contain any XSS characters, or false otherwise. Please see dangerous characters:

        XSS Filter Evasion Cheat Sheet
        Parameters:
        value - the XML text to test (required)
        Returns:
        true, if is XSS safe or false otherwise
      • isXssSafeText

        public static boolean isXssSafeText​(String text)

        Return true if the XML text does not contain any XSS characters, or false otherwise. Please see dangerous characters:

        XSS Filter Evasion Cheat Sheet
        Parameters:
        text - the XML text to test (required)
        Returns:
        true, if is XSS safe or false otherwise
      • isXssSafeFilename

        public static boolean isXssSafeFilename​(String value)

        Return true if the filename value is XSS safe. This applies the standard XSS checks except 'document.' and 'window.' values. Please see dangerous characters:

        XSS Filter Evasion Cheat Sheet
        Parameters:
        value - the value to test (required)
        Returns:
        true, if is XSS safe