com.atlassian.confluence.user

Class ConfluenceAuthenticator

java.lang.Object

com.atlassian.seraph.auth.AbstractAuthenticator

com.atlassian.seraph.auth.DefaultAuthenticator

com.atlassian.confluence.user.ConfluenceAuthenticator

All Implemented Interfaces:

com.atlassian.seraph.auth.Authenticator, com.atlassian.seraph.Initable, Serializable

Direct Known Subclasses:

ConfluenceGroupJoiningAuthenticator

public class ConfluenceAuthenticator
extends com.atlassian.seraph.auth.DefaultAuthenticator

Authenticator which uses Confluence's user management code to authenticate a user against the directory which they come from (e.g. internal, LDAP, Crowd).

See Also:

UserAccessor.authenticate(String, String), Serialized Form

Field Summary

Fields inherited from class com.atlassian.seraph.auth.DefaultAuthenticator

LOGGED_IN_KEY, LOGGED_OUT_KEY

Constructor Summary

Constructors

Constructor and Description
ConfluenceAuthenticator()

Method Summary

Modifier and Type	Method and Description
protected boolean	authenticate(Principal user, String password)
protected boolean	authoriseUserAndEstablishSession(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, Principal principal)
protected com.atlassian.event.api.EventPublisher	getEventPublisher()
protected ConfluenceUser	getUser(String uid)
protected UserAccessor	getUserAccessor()
protected boolean	isPrincipalAlreadyInSessionContext(javax.servlet.http.HttpServletRequest httpServletRequest, Principal principal)
boolean	login(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, String username, String password, boolean setRememberMeCookie)
boolean	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected void	putPrincipalInSessionContext(javax.servlet.http.HttpServletRequest httpServletRequest, Principal principal)
protected Principal	refreshPrincipalObtainedFromSession(javax.servlet.http.HttpServletRequest httpServletRequest, Principal principal) For error request processing, we skip refreshing the principal, since that requires a database connection, and we may be getting errors because of database connection pool exhaustion.
void	setUserAccessor(UserAccessor userAccessor)

Methods inherited from class com.atlassian.seraph.auth.DefaultAuthenticator

getAuthType, getElevatedSecurityGuard, getLogoutInterceptors, getRememberMeService, getRoleMapper, getUser, getUserFromBasicAuthentication, getUserFromCookie, getUserFromSession, init, isAuthorised, removePrincipalFromSessionContext

Methods inherited from class com.atlassian.seraph.auth.AbstractAuthenticator

destroy, getConfig, getRemoteUser, getUser, login

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ConfluenceAuthenticator

public ConfluenceAuthenticator()

Method Detail

logout

public boolean logout(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
               throws com.atlassian.seraph.auth.AuthenticatorException

Specified by:

logout in interface com.atlassian.seraph.auth.Authenticator

Overrides:

logout in class com.atlassian.seraph.auth.DefaultAuthenticator

Throws:

com.atlassian.seraph.auth.AuthenticatorException

login

public boolean login(javax.servlet.http.HttpServletRequest httpServletRequest,
                     javax.servlet.http.HttpServletResponse httpServletResponse,
                     String username,
                     String password,
                     boolean setRememberMeCookie)
              throws com.atlassian.seraph.auth.AuthenticatorException

Specified by:

login in interface com.atlassian.seraph.auth.Authenticator

Overrides:

login in class com.atlassian.seraph.auth.DefaultAuthenticator

Throws:

com.atlassian.seraph.auth.AuthenticatorException

authenticate

protected boolean authenticate(Principal user,
                               String password)
                        throws com.atlassian.seraph.auth.AuthenticatorException

Specified by:

authenticate in class com.atlassian.seraph.auth.DefaultAuthenticator

Throws:

com.atlassian.seraph.auth.AuthenticatorException

isPrincipalAlreadyInSessionContext

protected boolean isPrincipalAlreadyInSessionContext(javax.servlet.http.HttpServletRequest httpServletRequest,
                                                     Principal principal)

Overrides:

isPrincipalAlreadyInSessionContext in class com.atlassian.seraph.auth.DefaultAuthenticator

putPrincipalInSessionContext

protected void putPrincipalInSessionContext(javax.servlet.http.HttpServletRequest httpServletRequest,
                                            Principal principal)

Overrides:

putPrincipalInSessionContext in class com.atlassian.seraph.auth.DefaultAuthenticator

refreshPrincipalObtainedFromSession

protected Principal refreshPrincipalObtainedFromSession(javax.servlet.http.HttpServletRequest httpServletRequest,
                                                        Principal principal)

For error request processing, we skip refreshing the principal, since that requires a database connection, and we may be getting errors because of database connection pool exhaustion. For the purposes of error page rendering, we don't need to be too picky about refreshing the user from the database - as long as we have one in the session we just use that.

Overrides:

refreshPrincipalObtainedFromSession in class com.atlassian.seraph.auth.DefaultAuthenticator

getEventPublisher

protected com.atlassian.event.api.EventPublisher getEventPublisher()

setUserAccessor

public void setUserAccessor(UserAccessor userAccessor)

getUserAccessor

protected UserAccessor getUserAccessor()

getUser

protected ConfluenceUser getUser(String uid)

Specified by:

getUser in class com.atlassian.seraph.auth.DefaultAuthenticator

authoriseUserAndEstablishSession

protected boolean authoriseUserAndEstablishSession(javax.servlet.http.HttpServletRequest httpServletRequest,
                                                   javax.servlet.http.HttpServletResponse httpServletResponse,
                                                   Principal principal)

Overrides:

authoriseUserAndEstablishSession in class com.atlassian.seraph.auth.DefaultAuthenticator