Package com.atlassian.confluence.rpc.auth

Class TokenAuthenticationManager

java.lang.Object

com.atlassian.confluence.rpc.auth.TokenAuthenticationManager

public class TokenAuthenticationManager
extends Object

Manages tokens used to authenticate users for Confluence's remote API. This implementation is also responsible for checking permission to access the application and the remote API before returning tokens.

Uses a cache with an appropriate expiry delay to store the tokens.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CACHE_KEY

Constructor Summary

Constructors

Constructor	Description
TokenAuthenticationManager(LoginManager loginManager, ConfluenceUserResolver userResolver, PermissionManager permissionManager, SettingsManager settingsManager, com.atlassian.event.api.EventPublisher eventPublisher, SharedDataManager clusterSharedDataManager)

Method Summary

Modifier and Type	Method	Description
boolean	hasUseConfluencePermission(com.atlassian.user.User user)	Determines whether user has access to Confluence
String	login(String username, String password)	Logs the user with username and password into the Remote API system
boolean	logout(String token)	Logs the user out of the RPC system
ConfluenceUser	makeAnonymousConfluenceUser()	Returns the anonymous user
ConfluenceUser	makeNonAnonymousConfluenceUserFromToken(String token)	Retrieves the user for a particular token

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CACHE_KEY

public static final String CACHE_KEY

Constructor Details

TokenAuthenticationManager

public TokenAuthenticationManager(LoginManager loginManager,
 ConfluenceUserResolver userResolver,
 PermissionManager permissionManager,
 SettingsManager settingsManager,
 com.atlassian.event.api.EventPublisher eventPublisher,
 SharedDataManager clusterSharedDataManager)

Since:

7.17

Method Details

login

public String login(String username,
 String password)
             throws RemoteException

Logs the user with username and password into the Remote API system

The token is stored for a period of time, and invalidated after an idle period.

Parameters:

username - The user's login name

password - The password

Returns:

The authentication token for use with other RPC calls

Throws:

AuthenticationFailedException - if a user called username could not be found or the password was incorrect

RemoteException

logout

public boolean logout(String token)
               throws RemoteException

Logs the user out of the RPC system

Parameters:

token - The authenticated user token

Returns:

true if the logout was successful, otherwise false

Throws:

RemoteException - if the user could not be logged out

makeNonAnonymousConfluenceUserFromToken

public ConfluenceUser makeNonAnonymousConfluenceUserFromToken(String token)
                                                       throws InvalidSessionException

Retrieves the user for a particular token

Parameters:

token - The authenticated user token

Returns:

The User for the token

Throws:

InvalidSessionException - if a user could not be retrieved for token

Since:

5.2

makeAnonymousConfluenceUser

public ConfluenceUser makeAnonymousConfluenceUser()
                                           throws NotPermittedException

Returns the anonymous user

Returns:

The anonymous user (null)

Throws:

NotPermittedException - if anonymous access to the Remote API is disabled

Since:

5.2

hasUseConfluencePermission

public boolean hasUseConfluencePermission(com.atlassian.user.User user)

Determines whether user has access to Confluence

Parameters:

user - The User to be checked

Returns:

true if the user has access, false otherwise