@ThreadSafe public class

DefaultLoginManager

extends Object
implements LoginManager
java.lang.Object
   ↳ com.atlassian.confluence.security.login.DefaultLoginManager

Class Overview

Default LoginManager that keeps track of login activity.

For known users the number of failed login attempts is stored in a user bound PropertySet.

For unknown users the DefaultLoginManager tracks the number of login attempts in a cache. It is important to track the number of login attempts for unknown users otherwise the observable behaviour of the application might be different for known and unknown users (See JRA-21016).

Every successful login clears the number of failed login attempts for a known user.

Summary

Public Constructors
DefaultLoginManager(SettingsManager settingsManager, UserAccessor userAccessor, CacheManager cacheManager, Clock clock, UserLoginInfoDao loginInfoDao)
Public Methods
LoginResult authenticate(String userName, String password)
Try to authenticate a user given the userName and password.
@Nullable LoginInfo getLoginInfo(User user)
Return information about a user's login history.
@Nullable LoginInfo getLoginInfo(String userName)
Return information about a user's login history.
boolean isElevatedSecurityCheckEnabled()
Check if elevated security checks are available/enabled.
void onFailedLoginAttempt(String userName, HttpServletRequest servletRequest)
This is called after an unsuccessful login attempt has been made.
@Deprecated void onFailedLoginAttempt(String userName)
@Deprecated void onSuccessfulLoginAttempt(String userName)
void onSuccessfulLoginAttempt(String userName, HttpServletRequest servletRequest)
This is called after a successful login attempt has been made.
boolean requiresElevatedSecurityCheck(String userName)
This is called to see whether the user requires an extended security check (such as CAPTCHA)
void resetFailedLoginCount(User user)
This can be called to reset the failed login count of a user
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.atlassian.confluence.security.login.LoginManager

Public Constructors

public DefaultLoginManager (SettingsManager settingsManager, UserAccessor userAccessor, CacheManager cacheManager, Clock clock, UserLoginInfoDao loginInfoDao)

Public Methods

public LoginResult authenticate (String userName, String password)

Try to authenticate a user given the userName and password.

Returns a LoginResult that contains information about this particular authentication attempt.

Calling this method has side effects as the login manager tracks the number of failed and successful login attempts.
Returns
  • The result of the authentication attempt, this will never be null.

@Nullable public LoginInfo getLoginInfo (User user)

Return information about a user's login history.

Returns
  • LoginInfo

@Nullable public LoginInfo getLoginInfo (String userName)

Return information about a user's login history.

Returns
  • LoginInfo

public boolean isElevatedSecurityCheckEnabled ()

Check if elevated security checks are available/enabled.

Returns
  • true if elevated security checks are enabled, false otherwise

public void onFailedLoginAttempt (String userName, HttpServletRequest servletRequest)

This is called after an unsuccessful login attempt has been made. It allows the LoginManager to update information about a users login history.

Parameters
userName the name of the user in play. This MUST not be null.
servletRequest the request pertaining to a login attempt.

@Deprecated public void onFailedLoginAttempt (String userName)

@Deprecated public void onSuccessfulLoginAttempt (String userName)

public void onSuccessfulLoginAttempt (String userName, HttpServletRequest servletRequest)

This is called after a successful login attempt has been made. It allows the LoginManager to update information about a users login history.

Parameters
userName the name of the user in play. This MUST not be null.
servletRequest the request pertaining to a login attempt.

public boolean requiresElevatedSecurityCheck (String userName)

This is called to see whether the user requires an extended security check (such as CAPTCHA)

Parameters
userName the name of the user in play. This MUST not be null.
Returns
  • true if the user with the user name userName requires an extended security check

public void resetFailedLoginCount (User user)

This can be called to reset the failed login count of a user

Parameters
user the user for which to reset the failed login count. This MUST not be null.