Class BrowserWhitelist
-
- All Implemented Interfaces:
-
java.io.Serializable
public class BrowserWhitelist implements Serializable
A whitelist of browsers. This class is meant to be used with OAuth2BrowserProcessor. This class can be used to restrict which browsers are allowed to be used for authentication. It should be kept in mind when setting the whitelist that if no installed browsers match the whitelist then authentication will fail.
-
-
Constructor Summary
Constructors Constructor Description BrowserWhitelist(List<BrowserDetails> whitelistedBrowsers)
Constructs a new BrowserWhitelist object that allows the browsers in the given list.
-
Method Summary
Modifier and Type Method Description static BrowserWhitelist
getDefault()
Returns the default browser whitelist. boolean
isAllowed(@NonNull() BrowserDetails browserDetails)
This function checks the given BrowserDetails against the list of allowed browsers. String
toString()
Returns a String representation of this BrowserWhitelist. -
-
Constructor Detail
-
BrowserWhitelist
BrowserWhitelist(List<BrowserDetails> whitelistedBrowsers)
Constructs a new BrowserWhitelist object that allows the browsers in the given list.- Parameters:
whitelistedBrowsers
- The browsers that will be allowed to be used for authentication.
-
-
Method Detail
-
getDefault
@NonNull() static BrowserWhitelist getDefault()
Returns the default browser whitelist. The browsers included in the default whitelist are: Chrome, Firefox, Samsung Browser, and Edge.
-
isAllowed
boolean isAllowed(@NonNull() BrowserDetails browserDetails)
This function checks the given BrowserDetails against the list of allowed browsers. If any match then true is returned, otherwise false is returned. For a given {@BrowserDetails} to match a whitelisted {@BrowserDetails}, the package name and the signatures must exactly match. The version of the given {@BrowserDetails} must be greater than or equal to the whitelisted version.
Versions are compared according to the following rules: The versions are assumed to be in the form of integer version numbers with non-numeric delimiters, specifically: [^0-9]*([0-9]+[^0-9]+)*[0-9]* Decimals will be interpreted as delimiters, not decimal places. So "1.10" is a higher version than "1.2". Only the version numbers will be compared, delimiter characters will be ignored. Version numbers are compared left to right until they are not equal, at that point actual version is allowed if it is greater than the whitelisted version, or disallowed if less than the whitelisted version. Eg: whitelisted="1-2", actual="1.10" => allowed Eg: whitelisted="3.11", actual="3.5" => forbidden If the whitelisted version and actual version have an equal number of version numbers and they are all equal, it is allowed. Eg: whitelisted="2.5.1", actual="2dot5dot1" => allowed If there are more version numbers in the required version than the actual version but they are otherwise equal, it is forbidden. Eg: whitelisted="3.6.1" actual="3.6" => forbidden However, trailing zeros are ignored. Eg: whitelisted="3.6.0" actual="3.6" => allowed If there are more version numbers in the actual version than the required version but they are otherwise equal, it is allowed. Eg: whitelisted="5.1" actual="5.1.1" => allowed If the whitelisted version is null, then any actual version is allowed (even null). If the whitelisted version is non-null and the actual version is null, then false is returned. Eg: whitelisted=null actual=null => allowed Eg: whitelisted=null actual="1.1" => allowed Eg: whitelisted="1.1" actual=null => forbidden- Parameters:
browserDetails
- The BrowserDetails that will be checked against the whitelist.
-
toString
@NonNull() String toString()
Returns a String representation of this BrowserWhitelist.
-
-
-
-