Package es.kukenan.smartfi.common.security.web.otp

Class OtpRuleHandler

java.lang.Object
es.kukenan.smartfi.common.security.web.otp.OtpRuleHandler
public class OtpRuleHandler extends Object
This class handles the OtpProperties.OtpRule defined for a given request. That is:
  • Check if the rule is fired for a given HTTP request. Under some circumstances (delegated) there is no way to know if the rule is fired because it depends on operation business logic.
  • Create and exception that is translated into a response with all the required information to manage the OTP rule. This is done at the security-gateway and requires information about how to handle the OTP request.

  • Field Details

    • rule

      private final OtpProperties.OtpRule rule
      The OtpProperties.OtpRule.

    • objectMapper

      private final com.fasterxml.jackson.databind.ObjectMapper objectMapper
      Object mapper.

    • otpProperties

      private final OtpProperties otpProperties
      OTP configuration.

    • httpRequest

      private final OtpRuleHandler.HttpRequest httpRequest
      Required HTTP request data.

    • otpRequiredByDelegatedLogicCheck

      private Boolean otpRequiredByDelegatedLogicCheck
      Delegated logic check result. This flag is used in delegated logic check to inform that the used is not authorized to perform the operation and that an OTP is required.

  • Constructor Details

  • Method Details

    • getRuleId

      public String getRuleId()
      Retrieve the inner OtpProperties.OtpRule identifier.
      Returns:
      the inner OtpProperties.OtpRule identifier.

    • doesNotApply

      public boolean doesNotApply()
      Test if an OTP is required for the given request.
      Returns:
      true if the rule does not apply to the given request.

    • ruleLogicCheck

      public boolean ruleLogicCheck()
      Check if the rule logic is determines if the given request can not be executed because an OTP is required. This occurs in two cases:
      • There is no logic check: OTP is always required.
      • Although the logic is delegated but a generateOtp has been received with value true.
      Returns:
      true if the given request can not be executed because an OTP is required.

    • throwOtpRequiredException

      public void throwOtpRequiredException()
      Throws an OtpRequiredException that includes the OTP configuration for the given request and OtpProperties.OtpRule.

    • throwOtpRequiredException

      public void throwOtpRequiredException(Object operationalInfo)
      Test if an OTP is required for the given request.
      Parameters:
      operationalInfo - operationalInfo
      Throws:
      OtpRequiredException - OtpRequiredException that includes the OTP configuration for the given request and OtpProperties.OtpRule.

    • unrestrictedRole

      protected boolean unrestrictedRole()
      Check if the inner OtpProperties.OtpRule applies given the current authentication conServletOtpRuleHandlerFactorytext authorities (roles).
      Returns:
      true if the OtpProperties.OtpRule roles contain any of the current authentication context authorities (roles).

    • handleUserIdOverride

      protected String handleUserIdOverride()
      Retrieves the user destination of the OTP if it is not the default one.
      Returns:
      the user destination of the OTP if it is overridden by configuration.

    • extractUserIdFromUrl

      private String extractUserIdFromUrl(String regEx)

    • getOtpRequiredConfiguration

      private OtpRequiredConfiguration getOtpRequiredConfiguration()

    • extractUserIdBodyProp

      private String extractUserIdBodyProp(String property)