TokenAuthenticationInvocationHandler (Atlassian Confluence 8.0.0 API)

java.lang.Object
- com.atlassian.confluence.rpc.auth.TokenAuthenticationInvocationHandler

All Implemented Interfaces:

InvocationHandler
```
public class TokenAuthenticationInvocationHandler
extends Object
implements InvocationHandler
```
An interceptor to handle token based authentication and login/logout.
For login and logout method calls on the target object, invokes TokenAuthenticationManager.login(String, String) or TokenAuthenticationManager.logout(String) instead.
For all other methods, uses the first argument as a token to look up an authenticated user in the TokenAuthenticationManager and set the AuthenticatedUserThreadLocal before executing the method.

Constructor Summary

Constructors
Constructor Description

TokenAuthenticationInvocationHandler()

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected ConfluenceUser`	`getAuthenticatedUser(String token)`	Determines which user is performing the request.
`Object`	`invoke(Object proxy, Method method, Object[] args)`
`protected Object`	`invokeAuthenticatedMethod(ConfluenceUser user, Method method, Object[] args)`	Sets the authenticated user to the provided user before calling the method and restores the original user afterwards.
`static Object`	`makeAuthenticatingProxy(Object rpcService, Class publishedInterface)`
`void`	`setEventPublisher(com.atlassian.event.api.EventPublisher eventPublisher)`
`void`	`setTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager)`
`void`	`setWrappedObject(Object wrappedObject)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- TokenAuthenticationInvocationHandler
```
public TokenAuthenticationInvocationHandler()
```

Method Detail

makeAuthenticatingProxy

public static Object makeAuthenticatingProxy(Object rpcService,
                                             Class publishedInterface)

invoke

public Object invoke(Object proxy,
                     Method method,
                     Object[] args)
              throws Throwable

Specified by:: invoke in interface InvocationHandler
Throws:: Throwable

invokeAuthenticatedMethod
```
protected Object invokeAuthenticatedMethod(ConfluenceUser user,
                                           Method method,
                                           Object[] args)
                                    throws Throwable
```
Sets the authenticated user to the provided user before calling the method and restores the original user afterwards.

Parameters:

user - the user who is executing the method

method - the method to execute

args - any arguments to the method

Returns:

the result of executing the method

Throws:

Throwable - rethrows any exception thrown by the invoked method

See Also:

AuthenticatedUserThreadLocal

getAuthenticatedUser
```
protected ConfluenceUser getAuthenticatedUser(String token)
                                       throws InvalidSessionException,
                                              NotPermittedException
```
Determines which user is performing the request. It attempts, in order:
1. a non-anonymous user registered against provided token, if it is not blank
2. a non-anonymous user authenticated by the normal security filters
3. finally, the default is the anonymous user.
Returns the authenticated user.
Parameters:

token - the authentication token

Returns:

an authenticated user

Throws:

InvalidSessionException - if the provided token is invalid

NotPermittedException - if we need to fall back to the anonymous user, but anonymous access to the remote API is disabled

setWrappedObject

public void setWrappedObject(Object wrappedObject)

setTokenAuthenticationManager

public void setTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager)

setEventPublisher

public void setEventPublisher(com.atlassian.event.api.EventPublisher eventPublisher)