Class DefaultLoginManager
- java.lang.Object
-
- com.atlassian.confluence.impl.security.login.DefaultLoginManager
-
- All Implemented Interfaces:
LoginManager
@ThreadSafe @Transactional public class DefaultLoginManager extends Object implements LoginManager
Default LoginManager that keeps track of login activity.For known users the number of failed login attempts is stored in a user bound PropertySet.
For unknown users the DefaultLoginManager tracks the number of login attempts in a cache. It is important to track the number of login attempts for unknown users otherwise the observable behaviour of the application might be different for known and unknown users (See JRA-21016).
Every successful login clears the number of failed login attempts for a known user.
- Since:
- 8.0
-
-
Constructor Summary
Constructors Constructor Description DefaultLoginManager(GlobalSettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.cache.CacheFactory cacheFactory, com.atlassian.core.util.Clock clock, UserLoginInfoDao loginInfoDao)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description LoginResultauthenticate(String userName, String password)Try to authenticate a user given theuserNameandpassword.@Nullable LoginInfogetLoginInfo(com.atlassian.user.User user)Return information about a user's login history.@Nullable LoginInfogetLoginInfo(String userName)Return information about a user's login history.booleanisElevatedSecurityCheckEnabled()Check if elevated security checks are available/enabled.voidonFailedLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest)This method uses a new transaction propagation because the failed login attempt should be persisted regardless of whether the transaction that it is a part of is committed or rolled back.voidonSuccessfulLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest)This is called after a successful login attempt has been made.booleanrequiresElevatedSecurityCheck(String userName)This is called to see whether the user requires an extended security check (such as CAPTCHA)voidresetFailedLoginCount(com.atlassian.user.User user)This can be called to reset the failed login count of a user
-
-
-
Constructor Detail
-
DefaultLoginManager
public DefaultLoginManager(GlobalSettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.cache.CacheFactory cacheFactory, com.atlassian.core.util.Clock clock, UserLoginInfoDao loginInfoDao)
-
-
Method Detail
-
onFailedLoginAttempt
@Transactional(propagation=REQUIRES_NEW) public void onFailedLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest)
This method uses a new transaction propagation because the failed login attempt should be persisted regardless of whether the transaction that it is a part of is committed or rolled back.- Specified by:
onFailedLoginAttemptin interfaceLoginManager- Parameters:
userName- the name of the user in play. This MUST not be null.servletRequest- the request pertaining to a login attempt.
-
onSuccessfulLoginAttempt
public void onSuccessfulLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest)
Description copied from interface:LoginManagerThis is called after a successful login attempt has been made. It allows the LoginManager to update information about a users login history.- Specified by:
onSuccessfulLoginAttemptin interfaceLoginManager- Parameters:
userName- the name of the user in play. This MUST not be null.servletRequest- the request pertaining to a login attempt.
-
isElevatedSecurityCheckEnabled
@Transactional(readOnly=true) public boolean isElevatedSecurityCheckEnabled()
Description copied from interface:LoginManagerCheck if elevated security checks are available/enabled.- Specified by:
isElevatedSecurityCheckEnabledin interfaceLoginManager- Returns:
- true if elevated security checks are enabled, false otherwise
-
authenticate
public LoginResult authenticate(String userName, String password)
Description copied from interface:LoginManagerTry to authenticate a user given theuserNameandpassword.Returns a
LoginResultthat contains information about this particular authentication attempt.Calling this method has side effects as the login manager tracks the number of failed and successful login attempts.
- Specified by:
authenticatein interfaceLoginManager- Returns:
- The result of the authentication attempt, this will never be null.
-
requiresElevatedSecurityCheck
public boolean requiresElevatedSecurityCheck(String userName)
Description copied from interface:LoginManagerThis is called to see whether the user requires an extended security check (such as CAPTCHA)- Specified by:
requiresElevatedSecurityCheckin interfaceLoginManager- Parameters:
userName- the name of the user in play. This MUST not be null.- Returns:
- true if the user with the user name
userNamerequires an extended security check
-
resetFailedLoginCount
public void resetFailedLoginCount(com.atlassian.user.User user)
Description copied from interface:LoginManagerThis can be called to reset the failed login count of a user- Specified by:
resetFailedLoginCountin interfaceLoginManager- Parameters:
user- the user for which to reset the failed login count. This MUST not be null.
-
getLoginInfo
@Transactional(readOnly=true) public @Nullable LoginInfo getLoginInfo(String userName)
Description copied from interface:LoginManagerReturn information about a user's login history.- Specified by:
getLoginInfoin interfaceLoginManager- Returns:
- LoginInfo
-
getLoginInfo
@Transactional(readOnly=true) public @Nullable LoginInfo getLoginInfo(com.atlassian.user.User user)
Description copied from interface:LoginManagerReturn information about a user's login history.- Specified by:
getLoginInfoin interfaceLoginManager- Returns:
- LoginInfo
-
-