Class Security

java.lang.Object
com.avoka.tm.util.Security

public class Security extends Object

Provides transaction security functions.

Examples

Please find the transaction security function examples below.

XML Safe Check Example

This Groovy example shows how to check if the XML document does not contain any XSS characters.

 import com.avoka.tm.util.Security

 boolean isSafe = Security.isXmlDocumentSafe(xmlDocument) 

Text Safe Check Example

This Groovy example shows how to check if the XML document does not contain any XSS characters.

 import com.avoka.tm.util.Security

 boolean isSafe = Security.isXmlTextSafe(xmlText) 

Adding Transaction Security Tokens to Session Example

This Groovy example shows how to add the transaction security tokens to the session.

 import com.avoka.tm.util.Security

 Security.addSessionTxnSecurityTokens(request, txnId) 
Since:
5.0
  • Method Details

    • addSessionTxnSecurityTokens

      public static void addSessionTxnSecurityTokens(jakarta.servlet.http.HttpServletRequest request, Txn txn)
      Add the transaction security access tokens to the session.
      Parameters:
      request - the HTTP request (required)
      txn - the transaction (required)
    • addOpenSavedFormToken

      public static void addOpenSavedFormToken(jakarta.servlet.http.HttpServletRequest request, Txn txn)
      Add the open saved form tokens to the session.
      Parameters:
      request - the HTTP request (required)
      txn - the transaction (required)
      Since:
      22.10.6
    • addSessionReceiptSecurityTokens

      public static void addSessionReceiptSecurityTokens(jakarta.servlet.http.HttpServletRequest request, Txn txn)
      Add the transaction PDF receipt security access tokens to the session.
      Parameters:
      request - the HTTP request (required)
      txn - the transaction (required)
      Since:
      18.11.0
    • storeSessionEntryUrl

      public static String storeSessionEntryUrl(jakarta.servlet.http.HttpServletRequest request)
      Stores the Entry URL in the session for SSO integration support.
      Parameters:
      request - the servlet request (required)
      Returns:
      the stored URL stored in the session
      Since:
      18.11.0
    • getSessionEntryUrl

      public static String getSessionEntryUrl(jakarta.servlet.http.HttpServletRequest request)
      Return the session stored Entry URL for SSO integration support.
      Parameters:
      request - the servlet request (required)
      Returns:
      the Entry URL if available or null otherwise
      Since:
      18.11.0
    • isXssSafeXmlDoc

      public static boolean isXssSafeXmlDoc(Document document)

      Return true if the XML document does not contain any XSS characters, or false otherwise. Please see dangerous characters:

      XSS Filter Evasion Cheat Sheet
      Parameters:
      document - the XML document to test (required)
      Returns:
      true, if is XSS safe or false otherwise
    • isXssSafeXmlText

      public static boolean isXssSafeXmlText(String value)

      Return true if the XML text does not contain any XSS characters, or false otherwise. Please see dangerous characters:

      XSS Filter Evasion Cheat Sheet
      Parameters:
      value - the XML text to test (required)
      Returns:
      true, if is XSS safe or false otherwise
    • isXssSafeText

      public static boolean isXssSafeText(String text)

      Return true if the XML text does not contain any XSS characters, or false otherwise. Please see dangerous characters:

      XSS Filter Evasion Cheat Sheet
      Parameters:
      text - the XML text to test (required)
      Returns:
      true, if is XSS safe or false otherwise
    • isXssSafeFilename

      public static boolean isXssSafeFilename(String value)

      Return true if the filename value is XSS safe. This applies the standard XSS checks except 'document.' and 'window.' values. Please see dangerous characters:

      XSS Filter Evasion Cheat Sheet
      Parameters:
      value - the value to test (required)
      Returns:
      true, if is XSS safe