Package org.xwiki.url

Interface URLSecurityManager

  • @Role
@Unstable
public interface URLSecurityManager
    Dedicated component to perform security checks on URLs.
    Since:
    13.3RC1, 12.10.7
    Version:
    $Id: 28d96d141d47e4114fcdc83e80e4699273519adf $

    • Field Detail

      • BYPASS_DOMAIN_SECURITY_CHECK_CONTEXT_PROPERTY

        static final String BYPASS_DOMAIN_SECURITY_CHECK_CONTEXT_PROPERTY
        Constant to be used in ExecutionContext with the value "true" to bypass a check of isDomainTrusted(URL).
        See Also:
        Constant Field Values

    • Method Detail

      • isDomainTrusted

        boolean isDomainTrusted​(URL urlToCheck)
        Check if the given URL can be trusted based on the trusted domains of the wiki. This method check on both the list of trusted domains given by the configuration (see URLConfiguration.getTrustedDomains()) and the list of aliases used by the wiki descriptors. Note that this method always returns true if URLConfiguration.isTrustedDomainsEnabled() returns true. Also the method will return true whenever the ExecutionContext contains a property named BYPASS_DOMAIN_SECURITY_CHECK_CONTEXT_PROPERTY with the value "true".
        Parameters:
        urlToCheck - the URL for which we want to know if the domain is trusted or not.
        Returns:
        true if the URL domain can be trusted or if the check is skipped, false otherwise

      • isURITrusted

        @Unstable
default boolean isURITrusted​(URI uri)
        Check if the given URI can be trusted. A URI can be trusted if:
        • it's not opaque (see URI documentation for definition of opaque URI. TL;DR: a URI without // is opaque): note that following this, any URI such as mailto:acme@foo.org won't be trusted
        • it refers to a specific domain and this domain is trusted (see isDomainTrusted(URL))
        • it's completely relative: it doesn't refer to an external domain
        Parameters:
        uri - the URI to check if it can be trusted or not
        Returns:
        true only if the URI can be trusted per the criteria given in the above documentation
        Since:
        14.10.4, 15.0

      • parseToSafeURI

        @Unstable
default URI parseToSafeURI​(String serializedURI)
                    throws URISyntaxException,
                           SecurityException
        Parse the given string to create a URI that is safe to use. This method throws a SecurityException if the parsed URI is not safe to use according to isURITrusted(URI). It might also throw a URISyntaxException if the parameter cannot be properly parsed. Note that this method might try to "repair" URI that are not parsed correctly by URI(String) (e.g. serialized uri containing spaces).
        Parameters:
        serializedURI - a string representing a URI that needs to be parsed.
        Returns:
        a URI safe to use
        Throws:
        URISyntaxException - if the given parameter cannot be properly parsed
        SecurityException - if the parsed URI is not safe according to isURITrusted(URI)
        Since:
        14.10.4, 15.0