@ThreadSafe public class DefaultLoginManager extends Object implements LoginManager
For known users the number of failed login attempts is stored in a user bound PropertySet.
For unknown users the DefaultLoginManager tracks the number of login attempts in a cache. It is important to track the number of login attempts for unknown users otherwise the observable behaviour of the application might be different for known and unknown users (See JRA-21016).
Every successful login clears the number of failed login attempts for a known user.
Constructor and Description |
---|
DefaultLoginManager(SettingsManager settingsManager,
UserAccessor userAccessor,
com.atlassian.vcache.VCacheFactory cacheFactory,
com.atlassian.core.util.Clock clock,
UserLoginInfoDao loginInfoDao) |
Modifier and Type | Method and Description |
---|---|
LoginResult |
authenticate(String userName,
String password)
Try to authenticate a user given the
userName and password . |
@Nullable LoginInfo |
getLoginInfo(String userName)
Return information about a user's login history.
|
@Nullable LoginInfo |
getLoginInfo(com.atlassian.user.User user)
Return information about a user's login history.
|
boolean |
isElevatedSecurityCheckEnabled()
Check if elevated security checks are available/enabled.
|
void |
onFailedLoginAttempt(String userName,
javax.servlet.http.HttpServletRequest servletRequest)
This is called after an unsuccessful login attempt has been made.
|
void |
onSuccessfulLoginAttempt(String userName,
javax.servlet.http.HttpServletRequest servletRequest)
This is called after a successful login attempt has been made.
|
boolean |
requiresElevatedSecurityCheck(String userName)
This is called to see whether the user requires an extended security check (such as CAPTCHA)
|
void |
resetFailedLoginCount(com.atlassian.user.User user)
This can be called to reset the failed login count of a user
|
public DefaultLoginManager(SettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.vcache.VCacheFactory cacheFactory, com.atlassian.core.util.Clock clock, UserLoginInfoDao loginInfoDao)
public void onFailedLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest)
LoginManager
onFailedLoginAttempt
in interface LoginManager
userName
- the name of the user in play. This MUST not be null.servletRequest
- the request pertaining to a login attempt.public void onSuccessfulLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest)
LoginManager
onSuccessfulLoginAttempt
in interface LoginManager
userName
- the name of the user in play. This MUST not be null.servletRequest
- the request pertaining to a login attempt.public boolean isElevatedSecurityCheckEnabled()
LoginManager
isElevatedSecurityCheckEnabled
in interface LoginManager
public LoginResult authenticate(String userName, String password)
LoginManager
userName
and password
.
Returns a LoginResult
that contains information about this particular authentication attempt.
Calling this method has side effects as the login manager tracks the number of failed and successful login attempts.
authenticate
in interface LoginManager
public boolean requiresElevatedSecurityCheck(String userName)
LoginManager
requiresElevatedSecurityCheck
in interface LoginManager
userName
- the name of the user in play. This MUST not be null.userName
requires an extended security checkpublic void resetFailedLoginCount(com.atlassian.user.User user)
LoginManager
resetFailedLoginCount
in interface LoginManager
user
- the user for which to reset the failed login count. This MUST not be null.public @Nullable LoginInfo getLoginInfo(String userName)
LoginManager
getLoginInfo
in interface LoginManager
public @Nullable LoginInfo getLoginInfo(com.atlassian.user.User user)
LoginManager
getLoginInfo
in interface LoginManager
Copyright © 2003–2021 Atlassian. All rights reserved.