A B C D E F G H I J L M N P R S T U V W _

A

AbstractClearPassword - Class in ml.alternet.security.impl

Base implementation of a clear password.

AbstractClearPassword() - Constructor for class ml.alternet.security.impl.AbstractClearPassword

AbstractPassword - Class in ml.alternet.security.impl

Base implementation of a password.

AbstractPassword() - Constructor for class ml.alternet.security.impl.AbstractPassword

AbstractPasswordManager - Class in ml.alternet.security.impl

Base implementation of a password manager.

AbstractPasswordManager() - Constructor for class ml.alternet.security.impl.AbstractPasswordManager

add(String, Password) - Method in class ml.alternet.security.web.server.CaptureContext

Append a password that have been captured to this context.

addLoginFormValue(ServletContext) - Method in class ml.alternet.security.web.server.FormFieldConfiguration

Add the login form value if the authentication method is "Form" (that is to say, bound the form field "j_password" to the path "/j_security_check" in that context).

addValues(String, String...) - Method in class ml.alternet.security.web.server.FormFieldConfiguration

Called by the extractor for each single parameter found in the configuration.

allowUnsecureTrace() - Method in class ml.alternet.security.web.server.DebugLevel

Allow writing in the log the raw data in clear ; it is unsecure because passwords may appear in clear ; USE FOR DEBUG ONLY NOT ON PRODUCTION ENVIRONMENT.

append(byte) - Method in class ml.alternet.security.web.server.Utf8Appendable

append(ByteBuffer) - Method in class ml.alternet.security.web.server.Utf8Appendable

append(byte[], int, int) - Method in class ml.alternet.security.web.server.Utf8Appendable

append(byte[], int, int, int) - Method in class ml.alternet.security.web.server.Utf8Appendable

append(char[]) - Method in class ml.alternet.security.web.server.Utf8StringBuilder

Append some chars

append(char) - Method in class ml.alternet.security.web.server.Utf8StringBuilder

Append a single char

appendByte(byte) - Method in class ml.alternet.security.web.server.Utf8Appendable

asPasswords() - Method in class ml.alternet.security.web.server.CaptureContext

Return all the passwords that have been captured ; the passwords can be retrieved by their name and may be multi-valued.

ATTRIBUTE_KEY - Static variable in class ml.alternet.security.web.Passwords

The attribute key for HttpServletRequest

AUTH_METHOD_INIT_PARAM - Static variable in interface ml.alternet.security.web.Config

"ml.alternet.security.web.config.authenticationMethod" Indicates whether HTTP Basic or Form Authentication has to be processed.

AuthenticationMethod - Enum in ml.alternet.security.web.server

Authentication methods.

B

BASIC_AUTH_ATTRIBUTE_KEY - Static variable in class ml.alternet.security.web.Passwords

The BASIC authentication attribute key for HttpServletRequest, used to store the credentials (login, password).

BasicAuthorizationBuffer - Class in ml.alternet.security.web.server

Extract a password of an HTTP Basic Authorization header, and replace it with '*'.

BasicAuthorizationBuffer(BasicAuthorizationBuffer.Scope, int, int) - Constructor for class ml.alternet.security.web.server.BasicAuthorizationBuffer

Create a buffer.

BasicAuthorizationBuffer.Scope - Enum in ml.alternet.security.web.server

The scope of the lookup.

C

CaptureContext<T> - Class in ml.alternet.security.web.server

If the incoming request URI matches the path configured, this capture context will be set while handling the request for capturing the passwords.

CaptureContext(List<String>) - Constructor for class ml.alternet.security.web.server.CaptureContext

Create a capture context.

check(Credentials, String) - Method in interface ml.alternet.security.auth.Credentials.Checker

Check some credentials with a given crypt.

checkState() - Method in class ml.alternet.security.web.server.Utf8Appendable

clear() - Method in class ml.alternet.security.web.server.Utf8StringBuilder

Clear all the char in this content.

close() - Method in class ml.alternet.security.impl.AbstractClearPassword

close() - Method in interface ml.alternet.security.Password.Clear

Unset the clear password after usage.

Config - Interface in ml.alternet.security.web

Define configuration properties for Web applications.

convertHexDigit(int) - Static method in class ml.alternet.security.web.server.FormReader

Convert an HEX digit to a byte.

Credentials - Class in ml.alternet.security.auth

User credentials are the more often just a password, but this class can also build credentials with common fields such as a user name, a realm (or domain), or any custom field.

Credentials() - Constructor for class ml.alternet.security.auth.Credentials

Credentials.Checker - Interface in ml.alternet.security.auth

Check some credentials with a given crypt.

ctxtPath - Variable in class ml.alternet.security.web.server.FormFieldConfiguration

The path to the Webapp.

D

debug(String) - Method in class ml.alternet.security.web.server.BasicAuthorizationBuffer

Log informations for debugging.

DebugLevel - Class in ml.alternet.security.web.server

Indicates the debug level to the server.

DebugLevel() - Constructor for class ml.alternet.security.web.server.DebugLevel

DebugLevel.Debuggable - Interface in ml.alternet.security.web.server

A component can be debuggable.

destroy() - Method in class ml.alternet.security.auth.Credentials

Invalidate these credentials ; act only on the password field.

destroy() - Method in class ml.alternet.security.EmptyPassword

The empty password can't be invalidated : this method does nothing.

destroy() - Method in class ml.alternet.security.impl.AbstractPassword

destroy() - Method in interface ml.alternet.security.Password

Invalidate this password.

destroy() - Method in class ml.alternet.security.web.PasswordParam

destroy() - Method in class ml.alternet.security.web.server.CaptureContext

disallowUnsecureTrace() - Method in class ml.alternet.security.web.server.DebugLevel

Disallow writing in the log the raw data in clear.

E

EmptyPassword - Class in ml.alternet.security

The empty password (use it as a placeholder for a password when no password is supplied.

extract(ServletContext) - Static method in enum ml.alternet.security.web.server.AuthenticationMethod

Extract the authentication method from the init parameter of the Web application.

extract(ServletContext) - Method in class ml.alternet.security.web.server.FormFieldConfiguration

Extract the parameters from the Webapp configuration.

F

fields - Variable in class ml.alternet.security.web.server.FormFieldConfiguration

A map of {path, fields}.

findCredentialsBoundaries() - Method in class ml.alternet.security.web.server.BasicAuthorizationBuffer

Find the boundaries of the base64 credentials in the buffer.

FORM_FIELDS_INIT_PARAM - Static variable in interface ml.alternet.security.web.Config

"ml.alternet.security.web.config.formFields" indicates which form fields to process as a password.

FormFieldConfiguration - Class in ml.alternet.security.web.server

Base class for handling form fields.

FormFieldConfiguration() - Constructor for class ml.alternet.security.web.server.FormFieldConfiguration

FormLimit - Interface in ml.alternet.security.web.server

Embed size limits (content size and number of keys) when handling forms.

FormReader - Class in ml.alternet.security.web.server

Extract the passwords of an HTML form, and replace their characters with '*'.

FormReader(FormLimit, PasswordManager) - Constructor for class ml.alternet.security.web.server.FormReader

Create an HTML form reader, encoded in UTF-8.

fromPassword(Password) - Static method in class ml.alternet.security.auth.Credentials

Create the credentials from a password.

fromPassword(char[]) - Static method in class ml.alternet.security.auth.Credentials

Create the credentials from a password.

fromUserPassword(String, Password) - Static method in class ml.alternet.security.auth.Credentials

Create the credentials from a user and a password.

fromUserPassword(String, char[]) - Static method in class ml.alternet.security.auth.Credentials

Create the credentials from a user and a password.

G

get(String) - Method in class ml.alternet.security.auth.Credentials

Return a field value.

get() - Method in class ml.alternet.security.impl.AbstractClearPassword

get() - Method in interface ml.alternet.security.Password.Clear

Get a clear copy of the password ; the password remains obfuscated until this method is invoked.

get(int) - Method in class ml.alternet.security.web.server.BasicAuthorizationBuffer

Get the byte at the index specified.

get(String) - Method in class ml.alternet.security.web.server.FormFieldConfiguration

Get the fields bound to a path.

get(int, byte[], int, int) - Method in class ml.alternet.security.web.server.FormReader

This method is called when the ByteBuffer has to be read for further parsing ; it is used to fill the "buf" byte array.

getAuthenticationMethod(ServletRequest) - Method in interface ml.alternet.security.web.server.PasswordFieldMatcher

Indicates whether HTTP Basic | Form authentication has to be processed for a given request.

getClearCopy() - Method in class ml.alternet.security.EmptyPassword

getClearCopy() - Method in class ml.alternet.security.impl.AbstractClearPassword

Deobfuscate the underlying password.

getClearCopy() - Method in class ml.alternet.security.impl.AbstractPassword

getClearCopy() - Method in interface ml.alternet.security.Password

Wrap this password in a clear copy.

getClearCopy() - Method in class ml.alternet.security.web.PasswordParam

getClearValidPassword() - Method in class ml.alternet.security.impl.AbstractPassword

Return a new clear copy of this valid password.

getConverter(Class<T>, Type, Annotation[]) - Method in class ml.alternet.security.web.PasswordConverterProvider

getCredentials(ServletRequest) - Method in enum ml.alternet.security.web.server.AuthenticationMethod

Get the user credentials after authentication.

getCurrentCaptureContext() - Method in class ml.alternet.security.web.server.FormReader

Hold the passwords that are extracted ; the capture context also indicates which fields in the form has to be captured, and hold a reference to the incoming data source.

getDebugLevel() - Method in interface ml.alternet.security.web.server.DebugLevel.Debuggable

Return the debug level of this component.

getDefaultPasswordManager() - Static method in class ml.alternet.security.PasswordManagerFactory

Get the default password manager, according to the configuration, which can be any of the supplied password manager (see other methods) or also a custom configuration.

getMaxFormContentSize() - Method in interface ml.alternet.security.web.server.FormLimit

Get the maximum content size of a form post, to protect against DOS attacks from large forms.

getMaxFormKeys() - Method in interface ml.alternet.security.web.server.FormLimit

Get the maximum size of a form post, to protect against DOS attacks from large forms.

getPassword() - Method in class ml.alternet.security.auth.Credentials

Return the password.

getPasswords(String) - Method in class ml.alternet.security.web.Passwords

Return a non empty sequence of passwords.

getPasswords(ServletRequest, String) - Static method in class ml.alternet.security.web.Passwords

Extract the passwords sent by the HTTP request.

getPrivatePassword() - Method in class ml.alternet.security.impl.AbstractPassword

Get the private bytes of this password, used internally to unset the bytes when the password is invalidated.

getRealm() - Method in class ml.alternet.security.auth.Credentials

Return the realm.

getStandardPasswordManager() - Static method in class ml.alternet.security.PasswordManagerFactory

Return the standard password manager where passwords are Base64 encoded.

getStrongPasswordManager() - Static method in class ml.alternet.security.PasswordManagerFactory

Return the strong password manager where passwords are encrypted, therefore not easy to find in the memory.

getUserName() - Method in class ml.alternet.security.auth.Credentials

Return the user name.

getWeakPasswordManager() - Static method in class ml.alternet.security.PasswordManagerFactory

Return the weak password manager where passwords are kept clear ; a weak password manager is suitable for example when a password is already clear in the system, such as a database password which has been read from a configuration file aside the system, which therefore already appears clear.

H

hasNext() - Method in class ml.alternet.security.web.PasswordParam

Indicates whether there is a next password in this sequence.

I

isAllowingUnsercureTrace() - Method in class ml.alternet.security.web.server.DebugLevel

Indicates the current debug level.

isDestroyed() - Method in class ml.alternet.security.auth.Credentials

isDestroyed() - Method in class ml.alternet.security.EmptyPassword

Return false.

isDestroyed() - Method in class ml.alternet.security.impl.AbstractClearPassword

Indicates whether the underlying password has been invalidated.

isDestroyed() - Method in interface ml.alternet.security.Password

isDestroyed() - Method in class ml.alternet.security.web.server.CaptureContext

isUtf8SequenceComplete() - Method in class ml.alternet.security.web.server.Utf8Appendable

iterator() - Method in class ml.alternet.security.web.PasswordParam

J

J_PASSWORD - Static variable in class ml.alternet.security.web.server.FormFieldConfiguration

Form field name for the password.

J_SECURITY_CHECK - Static variable in class ml.alternet.security.web.server.FormFieldConfiguration

Target path for Form Authentication.

J_USERNAME - Static variable in class ml.alternet.security.web.server.FormFieldConfiguration

Form field name for the username.

L

length() - Method in class ml.alternet.security.web.server.Utf8Appendable

length() - Method in class ml.alternet.security.web.server.Utf8StringBuilder

log(Exception) - Method in class ml.alternet.security.web.server.FormReader

Log an exception.

M

matches(ServletContext, HttpServletRequest) - Static method in class ml.alternet.security.web.server.FormFieldConfiguration

Check whether the path of an HTTP request matches one of those found in the configuration, and return the list of passwords fields that have to be captured in a request.

matches(ServletContext, HttpServletRequest, Supplier<FormFieldConfiguration>) - Static method in class ml.alternet.security.web.server.FormFieldConfiguration

Check whether the path of an HTTP request matches one of those found in the configuration, and return the list of passwords fields that have to be captured in a request.

matches(HttpServletRequest) - Method in interface ml.alternet.security.web.server.PasswordFieldMatcher

Check whether an HTTP request matches this matcher, and return the list of passwords fields that have to be captured in a request.

ml.alternet.security - package ml.alternet.security

This package aims to enhance security on passwords handled in the JVM.

ml.alternet.security.auth - package ml.alternet.security.auth

Support for password based authentication.

ml.alternet.security.impl - package ml.alternet.security.impl

Base and full implementations of passwords.

ml.alternet.security.web - package ml.alternet.security.web

Handle safe passwords on a Web environment, meaning that in the Web processing chain, a password NEVER appear as a String (unsafe) inside the Web container.

ml.alternet.security.web.server - package ml.alternet.security.web.server

Helper classes for Web containers such as Jetty, Tomcat...

N

newPassword(char[]) - Method in class ml.alternet.security.impl.AbstractPasswordManager

newPassword(char[]) - Static method in interface ml.alternet.security.Password

Obfuscate the given password in a new Password instance.

newPassword(char[]) - Method in interface ml.alternet.security.PasswordManager

Obfuscate the given password in a new Password instance.

newValidPassword(char[]) - Method in class ml.alternet.security.impl.AbstractPasswordManager

Obfuscate the given password in a new Password instance.

newValidPassword(char[]) - Method in class ml.alternet.security.impl.StandardPasswordManager

newValidPassword(char[]) - Method in class ml.alternet.security.impl.StrongPasswordManager

newValidPassword(char[]) - Method in class ml.alternet.security.impl.WeakPasswordManager

next() - Method in class ml.alternet.security.web.PasswordParam

Return the next password in this sequence.

NotUtf8Exception(String) - Constructor for exception ml.alternet.security.web.server.Utf8Appendable.NotUtf8Exception

P

Password - Interface in ml.alternet.security

A safe password, stored obfuscate.

Password.Clear - Interface in ml.alternet.security

This class helps keeping low the period where a password appear in clear in the memory, in order to make it difficult to find when a memory dump is performed.

PasswordConverterProvider - Class in ml.alternet.security.web

JAX-RS provider that converts a form parameter or a header parameter to a secure password (query parameter are not handled by this converter since it would be a security flaw to send a password in the URI).

PasswordConverterProvider() - Constructor for class ml.alternet.security.web.PasswordConverterProvider

PasswordFieldMatcher - Interface in ml.alternet.security.web.server

According to the Web application configuration, determine whether an incoming HTTP request contains passwords to capture.

PasswordManager - Interface in ml.alternet.security

A concrete implementation should supply obfuscate Passwords according to the level of security expected.

PasswordManagerFactory - Class in ml.alternet.security

A factory that can supply different flavors of PasswordManager.

PasswordManagerFactory() - Constructor for class ml.alternet.security.PasswordManagerFactory

PasswordParam - Class in ml.alternet.security.web

Represent a non empty sequence of passwords.

PasswordParam(Iterator<Password>) - Constructor for class ml.alternet.security.web.PasswordParam

Create a sequence of passwords.

PasswordParam(Password) - Constructor for class ml.alternet.security.web.PasswordParam

Convenient constructor for a sequence of a single password.

PasswordParam() - Constructor for class ml.alternet.security.web.PasswordParam

Convenient constructor for a sequence representing the empty password.

Passwords - Class in ml.alternet.security.web

Handle safe passwords on a Web environment, meaning that in the Web processing chain, a password NEVER appear as a String inside the system.

Passwords() - Constructor for class ml.alternet.security.web.Passwords

PasswordState - Enum in ml.alternet.security

Indicates whether a password is empty, valid, or invalid.

processQueryParam(QueryParam) - Method in class ml.alternet.security.web.PasswordConverterProvider

This method is called during annotation processing when a password field is annotated with @QueryParam, and throws a security exception.

R

readItem(byte[], int) - Method in class ml.alternet.security.web.server.FormReader

Read the next byte ; if the replace flag is set, the input source AND the buffer have to be set to '*', but the byte read has to kept unchanged.

replace(PasswordManager) - Method in class ml.alternet.security.web.server.BasicAuthorizationBuffer

Replace the raw password in the buffer with '*' and reencode the credentials in Base64.

replace - Variable in class ml.alternet.security.web.server.FormReader

Indicates that the raw data in the input buffer has to be replaced with '*'

REPLACEMENT - Static variable in class ml.alternet.security.web.server.Utf8Appendable

REPLACEMENT_UTF8 - Static variable in class ml.alternet.security.web.server.Utf8Appendable

reportError(String, String, Exception) - Method in interface ml.alternet.security.auth.Credentials.Checker

Report an error, typically when a bad parameter was set to the hasher, or when no suitable hasher were found for a given crypt.

reset(ServletContext) - Static method in enum ml.alternet.security.web.server.AuthenticationMethod

Remove this attribute from the Web application.

reset(ServletContext) - Static method in class ml.alternet.security.web.server.FormFieldConfiguration

Remove this attribute from the Web application.

reset() - Method in class ml.alternet.security.web.server.FormReader

Reset this form reader.

reset() - Method in class ml.alternet.security.web.server.Utf8Appendable

reset() - Method in class ml.alternet.security.web.server.Utf8StringBuilder

S

SensitiveData - Annotation Type in ml.alternet.security

Mark a data as sensitive data, that is to say should be destroyed after use and not remain too much time in memory.

set(int, byte) - Method in class ml.alternet.security.web.server.BasicAuthorizationBuffer

Set a byte at the index specified.

SINGLETON - Static variable in class ml.alternet.security.EmptyPassword

The singleton empty password

StandardPasswordManager - Class in ml.alternet.security.impl

A simple password manager that obfuscate passwords with a Base64 encoding.

StandardPasswordManager() - Constructor for class ml.alternet.security.impl.StandardPasswordManager

state() - Method in class ml.alternet.security.EmptyPassword

Return Empty

state() - Method in class ml.alternet.security.impl.AbstractPassword

state() - Method in interface ml.alternet.security.Password

Return the state of this password.

state() - Method in class ml.alternet.security.web.PasswordParam

StrongPasswordManager - Class in ml.alternet.security.impl

A password manager that encrypt passwords.

StrongPasswordManager() - Constructor for class ml.alternet.security.impl.StrongPasswordManager

Create a strong password manager that encrypt passwords.

T

toChars() - Method in class ml.alternet.security.web.server.Utf8StringBuilder

Return the content as chars

toReplacedString() - Method in class ml.alternet.security.web.server.Utf8Appendable

toString() - Method in class ml.alternet.security.EmptyPassword

toString() - Method in class ml.alternet.security.impl.AbstractPassword

toString() - Method in class ml.alternet.security.web.PasswordParam

toString() - Method in class ml.alternet.security.web.server.Utf8StringBuilder

U

unwrap() - Method in class ml.alternet.security.web.PasswordParam

Utf8Appendable - Class in ml.alternet.security.web.server

Utf8 Appendable abstract base class, copied from Jetty source code.

Utf8Appendable(Appendable) - Constructor for class ml.alternet.security.web.server.Utf8Appendable

Utf8Appendable.NotUtf8Exception - Exception in ml.alternet.security.web.server

Utf8StringBuilder - Class in ml.alternet.security.web.server

UTF-8 StringBuilder that allow char extraction and cleaning.

Utf8StringBuilder() - Constructor for class ml.alternet.security.web.server.Utf8StringBuilder

Create an Utf8StringBuilder

Utf8StringBuilder(int) - Constructor for class ml.alternet.security.web.server.Utf8StringBuilder

Create an Utf8StringBuilder

V

valueOf(String) - Static method in enum ml.alternet.security.PasswordState

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum ml.alternet.security.web.server.AuthenticationMethod

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum ml.alternet.security.web.server.BasicAuthorizationBuffer.Scope

Returns the enum constant of this type with the specified name.

values() - Static method in enum ml.alternet.security.PasswordState

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum ml.alternet.security.web.server.AuthenticationMethod

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum ml.alternet.security.web.server.BasicAuthorizationBuffer.Scope

Returns an array containing the constants of this enum type, in the order they are declared.

W

WeakPasswordManager - Class in ml.alternet.security.impl

A weak password manager that doesn't obfuscate passwords.

WeakPasswordManager() - Constructor for class ml.alternet.security.impl.WeakPasswordManager

withField(String, Object) - Method in class ml.alternet.security.auth.Credentials

Append a custom field to this credentials.

withPassword(Password) - Method in class ml.alternet.security.auth.Credentials

Append a password field to this credentials.

withPassword(char[]) - Method in class ml.alternet.security.auth.Credentials

Append a password field to this credentials.

withRealm(String) - Method in class ml.alternet.security.auth.Credentials

Append a realm field to this credentials.

withUser(String) - Method in class ml.alternet.security.auth.Credentials

Append a user name field to this credentials.

writableInputBuffer - Variable in class ml.alternet.security.web.server.CaptureContext

Contains the input source ; it has to be writable in order to replace the read bytes with '*' when necessary.

_

_appendable - Variable in class ml.alternet.security.web.server.Utf8Appendable

_state - Variable in class ml.alternet.security.web.server.Utf8Appendable

A B C D E F G H I J L M N P R S T U V W _