Class Security
Provides transaction security functions.
Examples
Please find the transaction security function examples below.
XML Safe Check Example
This Groovy example shows how to check if the XML document does not contain any XSS characters.
import com.avoka.tm.util.Security boolean isSafe = Security.isXmlDocumentSafe(xmlDocument)
Text Safe Check Example
This Groovy example shows how to check if the XML document does not contain any XSS characters.
import com.avoka.tm.util.Security boolean isSafe = Security.isXmlTextSafe(xmlText)
Adding Transaction Security Tokens to Session Example
This Groovy example shows how to add the transaction security tokens to the session.
import com.avoka.tm.util.Security Security.addSessionTxnSecurityTokens(request, txnId)
- Since:
- 5.0
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
addOpenSavedFormToken
(jakarta.servlet.http.HttpServletRequest request, Txn txn) Add the open saved form tokens to the session.static void
addSessionReceiptSecurityTokens
(jakarta.servlet.http.HttpServletRequest request, Txn txn) Add the transaction PDF receipt security access tokens to the session.static void
addSessionTxnSecurityTokens
(jakarta.servlet.http.HttpServletRequest request, Txn txn) Add the transaction security access tokens to the session.static String
getSessionEntryUrl
(jakarta.servlet.http.HttpServletRequest request) Return the session stored Entry URL for SSO integration support.static boolean
isXssSafeFilename
(String value) Return true if the filename value is XSS safe.static boolean
isXssSafeText
(String text) Return true if the XML text does not contain any XSS characters, or false otherwise.static boolean
isXssSafeXmlDoc
(Document document) Return true if the XML document does not contain any XSS characters, or false otherwise.static boolean
isXssSafeXmlText
(String value) Return true if the XML text does not contain any XSS characters, or false otherwise.static String
storeSessionEntryUrl
(jakarta.servlet.http.HttpServletRequest request) Stores the Entry URL in the session for SSO integration support.
-
Method Details
-
addSessionTxnSecurityTokens
public static void addSessionTxnSecurityTokens(jakarta.servlet.http.HttpServletRequest request, Txn txn) Add the transaction security access tokens to the session.- Parameters:
request
- the HTTP request (required)txn
- the transaction (required)
-
addOpenSavedFormToken
Add the open saved form tokens to the session.- Parameters:
request
- the HTTP request (required)txn
- the transaction (required)- Since:
- 22.10.6
-
addSessionReceiptSecurityTokens
public static void addSessionReceiptSecurityTokens(jakarta.servlet.http.HttpServletRequest request, Txn txn) Add the transaction PDF receipt security access tokens to the session.- Parameters:
request
- the HTTP request (required)txn
- the transaction (required)- Since:
- 18.11.0
-
storeSessionEntryUrl
Stores the Entry URL in the session for SSO integration support.- Parameters:
request
- the servlet request (required)- Returns:
- the stored URL stored in the session
- Since:
- 18.11.0
-
getSessionEntryUrl
Return the session stored Entry URL for SSO integration support.- Parameters:
request
- the servlet request (required)- Returns:
- the Entry URL if available or null otherwise
- Since:
- 18.11.0
-
isXssSafeXmlDoc
Return true if the XML document does not contain any XSS characters, or false otherwise. Please see dangerous characters:
XSS Filter Evasion Cheat Sheet- Parameters:
document
- the XML document to test (required)- Returns:
- true, if is XSS safe or false otherwise
-
isXssSafeXmlText
Return true if the XML text does not contain any XSS characters, or false otherwise. Please see dangerous characters:
XSS Filter Evasion Cheat Sheet- Parameters:
value
- the XML text to test (required)- Returns:
- true, if is XSS safe or false otherwise
-
isXssSafeText
Return true if the XML text does not contain any XSS characters, or false otherwise. Please see dangerous characters:
XSS Filter Evasion Cheat Sheet- Parameters:
text
- the XML text to test (required)- Returns:
- true, if is XSS safe or false otherwise
-
isXssSafeFilename
Return true if the filename value is XSS safe. This applies the standard XSS checks except 'document.' and 'window.' values. Please see dangerous characters:
XSS Filter Evasion Cheat Sheet- Parameters:
value
- the value to test (required)- Returns:
- true, if is XSS safe
-