contentbox.model.security

Class SecurityService

railo-context.Component
        extended by contentbox.model.security.SecurityService
Class Attributes:
  • singleton
  •  
  • synchronized : false
  •  
  • accessors : false
  •  
  • persistent : false
  •  
    All Implemented Interfaces:
    ISecurityService

    ContentBox - A Modular Content Platform Copyright 2012 by Luis Majano and Ortus Solutions, Corp www.ortussolutions.com Apache License, Version 2.0 Copyright Since [2012] [Luis Majano and Ortus Solutions,Corp] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Our contentbox security service

    Property Summary
    type property default serializable required
    any authorService


    • inject = id:authorService@cb
    true false
    any cache


    • inject = cachebox:default
    true false
    any CBHelper


    • inject = id:CBHelper@cb
    true false
    any cookieStorage


    • inject = coldbox:plugin:CookieStorage
    true false
    any log


    • inject = logbox:logger:{this}
    true false
    any mailService


    • inject = coldbox:plugin:MailService
    true false
    any renderer


    • inject = provider:ColdBoxRenderer
    true false
    any sessionStorage


    • inject = coldbox:plugin:SessionStorage
    true false
    any settingService


    • inject = id:settingService@cb
    true false
    Constructor Summary
    init()
          Constructor.
    Method Summary
    boolean authenticate(any username, any password)
         Verify if an author is valid.
    boolean authorizeContent(any content, any password)
         Check to authorize a user to view a content entry or page.
    private any decryptIt(any decValue)
    private any encryptIt(any encValue)
    Author getAuthorSession()
         Get an author from session, or returns a new empty author entity.
    private any getContentProtectedHash([any content])
         Get password content protected salt.
    private any getEncryptionKey()
    any getKeepMeLoggedIn()
         Get remember me cookie.
    any getRememberMe()
         Get remember me cookie.
    boolean isContentViewable(any content)
         Checks Whether a content entry or page is protected and user has credentials for it.
    ISecurityService logout()
         Delete author session.
    struct resetUserPassword(any token)
         Resets a user's password if the passed in token is valid.
    ISecurityService sendPasswordReminder(Author author)
         Send password reminder email.
    ISecurityService setAuthorSession(Author author)
         Set a new author in session.
    ISecurityService setRememberMe(any username, numeric days='0')
         Set remember me cookie.
    ISecurityService updateAuthorLoginTimestamp([any author])
         Update an author's last login timestamp.
    boolean userValidator(struct rule, [any messagebox], [any controller])
         User validator via security interceptor.
     
    Methods inherited from class railo-context.Component
    None

    Constructor Detail

    init

    public init()

    Constructor


    Property Detail

    authorService

    property any authorService

    Attributes:
    required - false
    inject - id:authorService@cb
    serializable - true

    cache

    property any cache

    Attributes:
    required - false
    inject - cachebox:default
    serializable - true

    CBHelper

    property any CBHelper

    Attributes:
    required - false
    inject - id:CBHelper@cb
    serializable - true

    cookieStorage

    property any cookieStorage

    Attributes:
    required - false
    inject - coldbox:plugin:CookieStorage
    serializable - true

    log

    property any log

    Attributes:
    required - false
    inject - logbox:logger:{this}
    serializable - true

    mailService

    property any mailService

    Attributes:
    required - false
    inject - coldbox:plugin:MailService
    serializable - true

    renderer

    property any renderer

    Attributes:
    required - false
    inject - provider:ColdBoxRenderer
    serializable - true

    sessionStorage

    property any sessionStorage

    Attributes:
    required - false
    inject - coldbox:plugin:SessionStorage
    serializable - true

    settingService

    property any settingService

    Attributes:
    required - false
    inject - id:settingService@cb
    serializable - true

    Method Detail

    authenticate

    public boolean authenticate(any username, any password)

    Verify if an author is valid

    Specified by:
    authenticate in interface ISecurityService
    Parameters:
    username
    password

    authorizeContent

    public boolean authorizeContent(any content, any password)

    Check to authorize a user to view a content entry or page

    Specified by:
    authorizeContent in interface ISecurityService
    Parameters:
    content
    password

    decryptIt

    private any decryptIt(any decValue)

    Parameters:
    decValue

    encryptIt

    private any encryptIt(any encValue)

    Parameters:
    encValue

    getAuthorSession

    public Author getAuthorSession()

    Get an author from session, or returns a new empty author entity

    Specified by:
    getAuthorSession in interface ISecurityService

    getContentProtectedHash

    private any getContentProtectedHash([any content])

    Get password content protected salt

    Parameters:
    content

    getEncryptionKey

    private any getEncryptionKey()


    getKeepMeLoggedIn

    public any getKeepMeLoggedIn()

    Get remember me cookie


    getRememberMe

    public any getRememberMe()

    Get remember me cookie


    isContentViewable

    public boolean isContentViewable(any content)

    Checks Whether a content entry or page is protected and user has credentials for it

    Specified by:
    isContentViewable in interface ISecurityService
    Parameters:
    content

    logout

    public ISecurityService logout()

    Delete author session

    Specified by:
    logout in interface ISecurityService

    resetUserPassword

    public struct resetUserPassword(any token)

    Resets a user's password if the passed in token is valid Returns [error, author]

    Parameters:
    token

    sendPasswordReminder

    public ISecurityService sendPasswordReminder(Author author)

    Send password reminder email

    Specified by:
    sendPasswordReminder in interface ISecurityService
    Parameters:
    author

    setAuthorSession

    public ISecurityService setAuthorSession(Author author)

    Set a new author in session

    Specified by:
    setAuthorSession in interface ISecurityService
    Parameters:
    author

    setRememberMe

    public ISecurityService setRememberMe(any username, numeric days='0')

    Set remember me cookie

    Parameters:
    username
    days

    updateAuthorLoginTimestamp

    public ISecurityService updateAuthorLoginTimestamp([any author])

    Update an author's last login timestamp

    Parameters:
    author

    userValidator

    public boolean userValidator(struct rule, [any messagebox], [any controller])

    User validator via security interceptor

    Specified by:
    userValidator in interface ISecurityService
    Parameters:
    rule
    messagebox
    controller