@PublicApi public interface

LoginService

com.atlassian.jira.bc.security.login.LoginService
Known Indirect Subclasses

@PublicApi

This interface is designed for plugins to consume (call its methods).

Clients of @PublicApi can expect that programs compiled against a given version will remain binary compatible with later versions of the @PublicApi as per each product's API policy as long as the client does not implement/extend @PublicApi interfaces or classes (refer to each product's API policy for the exact guarantee---usually binary compatibility is guaranteed at least across minor versions).

Note: since @PublicApi interfaces and classes are not designed to be implemented or extended by clients, we may perform certain types of binary-incompatible changes to these classes and interfaces, but these will not affect well-behaved clients that do not extend/implement these types (in general, only classes and interfaces annotated with @PublicSpi are safe to extend/implement).

Class Overview

The LoginService keeps track of users login activities.

Summary

Constants
String LOGIN_RESULT This is set into the the request for the last login result
Public Methods
LoginResult authenticate(User user, String password)
This can be called to see if an user knows the given password.
LoginInfo getLoginInfo(String userName)
This is called to get LoginInfo about a given user.
LoginProperties getLoginProperties(User remoteUser, HttpServletRequest request)
Returns loginProperties needed to render the login gadget or login form.
boolean isElevatedSecurityCheckAlwaysShown()
void logout(HttpServletRequest request, HttpServletResponse response)
Log out of JIRA
void resetFailedLoginCount(User user)
This can be called to reset the failed login count of a user

Constants

public static final String LOGIN_RESULT

This is set into the the request for the last login result

Constant Value: "com.atlassian.jira.security.login.LoginManager.LoginResult"

Public Methods

public LoginResult authenticate (User user, String password)

This can be called to see if an user knows the given password. Services such as SOAP and XML-RPC may use this to validate a request.

If the user requests elevatedSecurity then this will always fail with LoginReason.AUTHENTICATION_DENIED

Parameters
user the user to authenticate. This MUST not be null.
password the password to authenticate against
Returns
  • true if the user can be authenticated

public LoginInfo getLoginInfo (String userName)

This is called to get LoginInfo about a given user.

Parameters
userName the name of the user in play. This MUST not be null.
Returns

public LoginProperties getLoginProperties (User remoteUser, HttpServletRequest request)

Returns loginProperties needed to render the login gadget or login form.

Parameters
remoteUser the currently logged in user
request the incoming http request which may contain user credentials
Returns
  • LoginProperties with information to render the login gadget/form

public boolean isElevatedSecurityCheckAlwaysShown ()

Returns
  • true if the elevated security check (such as CAPTCHA) is always shown

public void logout (HttpServletRequest request, HttpServletResponse response)

Log out of JIRA

Parameters
request the current servlet request
response the current servlet response

public void resetFailedLoginCount (User user)

This can be called to reset the failed login count of a user

Parameters
user the user to authorise. This MUST not be null.