com.atlassian.confluence.security.login
Class DefaultLoginManager

java.lang.Object
  com.atlassian.confluence.security.login.DefaultLoginManager

All Implemented Interfaces:

LoginManager

@ThreadSafe
public class DefaultLoginManager
extends java.lang.Object
implements LoginManager

Default LoginManager that keeps track of login activity.

For known users the number of failed login attempts is stored in a user bound PropertySet.

For unknown users the DefaultLoginManager tracks the number of login attempts in a cache. It is important to track the number of login attempts for unknown users otherwise the observable behaviour of the application might be different for known and unknown users (See JRA-21016).

Every successful login clears the number of failed login attempts for a known user.

Constructor Summary

DefaultLoginManager(SettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.cache.CacheManager cacheManager, com.atlassian.core.util.Clock clock)

Method Summary

LoginResult	authenticate(java.lang.String userName, java.lang.String password) Try to authenticate a user given the userName and password.
LoginInfo	getLoginInfo(java.lang.String userName) Return information about a user's login history.
boolean	isElevatedSecurityCheckEnabled() Check if elevated security checks are available/enabled.
void	onFailedLoginAttempt(java.lang.String userName) Deprecated.
void	onFailedLoginAttempt(java.lang.String userName, javax.servlet.http.HttpServletRequest servletRequest) This is called after an unsuccessful login attempt has been made.
void	onSuccessfulLoginAttempt(java.lang.String userName) Deprecated.
void	onSuccessfulLoginAttempt(java.lang.String userName, javax.servlet.http.HttpServletRequest servletRequest) This is called after a successful login attempt has been made.
boolean	requiresElevatedSecurityCheck(java.lang.String userName) This is called to see whether the user requires an extended security check (such as CAPTCHA)
void	resetFailedLoginCount(com.atlassian.user.User user) This can be called to reset the failed login count of a user

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultLoginManager

public DefaultLoginManager(SettingsManager settingsManager,
                           UserAccessor userAccessor,
                           com.atlassian.cache.CacheManager cacheManager,
                           com.atlassian.core.util.Clock clock)

Method Detail

onFailedLoginAttempt

@Deprecated
public void onFailedLoginAttempt(java.lang.String userName)

Deprecated.

Specified by:

onFailedLoginAttempt in interface LoginManager

onFailedLoginAttempt

public void onFailedLoginAttempt(java.lang.String userName,
                                 javax.servlet.http.HttpServletRequest servletRequest)

This is called after an unsuccessful login attempt has been made. It allows the LoginManager to update information about a users login history.

Specified by:

onFailedLoginAttempt in interface LoginManager

Parameters:

userName - the name of the user in play. This MUST not be null.

servletRequest - the request pertaining to a login attempt.

onSuccessfulLoginAttempt

@Deprecated
public void onSuccessfulLoginAttempt(java.lang.String userName)

Deprecated.

Specified by:

onSuccessfulLoginAttempt in interface LoginManager

onSuccessfulLoginAttempt

public void onSuccessfulLoginAttempt(java.lang.String userName,
                                     javax.servlet.http.HttpServletRequest servletRequest)

This is called after a successful login attempt has been made. It allows the LoginManager to update information about a users login history.

Specified by:

onSuccessfulLoginAttempt in interface LoginManager

Parameters:

userName - the name of the user in play. This MUST not be null.

servletRequest - the request pertaining to a login attempt.

isElevatedSecurityCheckEnabled

public boolean isElevatedSecurityCheckEnabled()

Check if elevated security checks are available/enabled.

Specified by:

isElevatedSecurityCheckEnabled in interface LoginManager

Returns:

true if elevated security checks are enabled, false otherwise

authenticate

public LoginResult authenticate(java.lang.String userName,
                                java.lang.String password)

Try to authenticate a user given the userName and password.

Returns a LoginResult that contains information about this particular authentication attempt.

Calling this method has side effects as the login manager tracks the number of failed and successful login attempts.

Specified by:

authenticate in interface LoginManager

Returns:

The result of the authentication attempt, this will never be null.

requiresElevatedSecurityCheck

public boolean requiresElevatedSecurityCheck(java.lang.String userName)

This is called to see whether the user requires an extended security check (such as CAPTCHA)

Specified by:

requiresElevatedSecurityCheck in interface LoginManager

Parameters:

userName - the name of the user in play. This MUST not be null.

Returns:

true if the user with the user name userName requires an extended security check

resetFailedLoginCount

public void resetFailedLoginCount(com.atlassian.user.User user)

This can be called to reset the failed login count of a user

Specified by:

resetFailedLoginCount in interface LoginManager

Parameters:

user - the user for which to reset the failed login count. This MUST not be null.

getLoginInfo

public LoginInfo getLoginInfo(java.lang.String userName)

Description copied from interface: LoginManager

Return information about a user's login history.

Specified by:

getLoginInfo in interface LoginManager

Returns:

LoginInfo