public interface

HttpAuthenticationHandler

com.atlassian.stash.auth.HttpAuthenticationHandler

Class Overview

Implementations may also implement HttpLogoutHandler, in which case they'll get a callback when the user logs out.

Implementations should be stateless and thread-safe, as a single instance will be used to service all authentication requests.

Summary

Public Methods
@Nullable StashUser authenticate(HttpAuthenticationContext authenticationContext)
Invoked by the system when authentication is attempted over HTTP.
void validateAuthentication(HttpAuthenticationContext authenticationContext)
Invoked by the system on requests that have an authenticated user.

Public Methods

@Nullable public StashUser authenticate (HttpAuthenticationContext authenticationContext)

Invoked by the system when authentication is attempted over HTTP. Implementations must

  • return the StashUser instance of the authenticated user if the user is authenticated successfully
  • return null if the handler does not know how to authenticate the user from the request (for instance when an expected SSO cookie is not present). By returning null, other handlers will be attempted.
  • throw an AuthenticationException if the provided authentication details are invalid (e.g. invalid username / password, cookie, etc.). In this case, no other handlers will be attempted.
All registered handlers will be invoked in weight order until a handler successfully authenticates the user, or throws an AuthenticationException.

Parameters
authenticationContext the authentication context that provides username, password, request details, etc.
Returns
  • the authenticated user on success, null when the handler opts out of authentication.
Throws
AuthenticationException when authentication fails.

public void validateAuthentication (HttpAuthenticationContext authenticationContext)

Invoked by the system on requests that have an authenticated user. Implementations that need to check whether an external (SSO) session is still valid should implement that logic here.

This method is called for every incoming request after the user initially authenticated. Implementors should make the implementation of this method as lightweight as possible.

Parameters
authenticationContext the authentication context that provides the authenticated user, request details, etc.
Throws
AuthenticationException if the current authentication is no longer valid and the user must re-authenticate.