com.atlassian.confluence.rpc.auth
Class TokenAuthenticationInvocationHandler

java.lang.Object
  extended by com.atlassian.confluence.rpc.auth.TokenAuthenticationInvocationHandler
All Implemented Interfaces:
InvocationHandler

public class TokenAuthenticationInvocationHandler
extends Object
implements InvocationHandler

An interceptor to handle token based authentication and login/logout.

For login and logout method calls on the target object, invokes TokenAuthenticationManager.login(String, String) or TokenAuthenticationManager.logout(String) instead.

For all other methods, uses the first argument as a token to look up an authenticated user in the TokenAuthenticationManager and set the AuthenticatedUserThreadLocal before executing the method.


Constructor Summary
TokenAuthenticationInvocationHandler()
           
 
Method Summary
protected  com.atlassian.user.User getAuthenticatedUser(String token)
          Determines which user is performing the request.
 Object invoke(Object proxy, Method method, Object[] args)
           
protected  Object invokeAuthenticatedMethod(com.atlassian.user.User user, Method method, Object[] args)
          Sets the authenticated user to the provided user before calling the method and restores the original user afterwards.
static Object makeAuthenticatingProxy(Object rpcService, Class publishedInterface)
           
 void setTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager)
           
 void setWrappedObject(Object wrappedObject)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TokenAuthenticationInvocationHandler

public TokenAuthenticationInvocationHandler()
Method Detail

makeAuthenticatingProxy

public static Object makeAuthenticatingProxy(Object rpcService,
                                             Class publishedInterface)

invoke

public Object invoke(Object proxy,
                     Method method,
                     Object[] args)
              throws Throwable
Specified by:
invoke in interface InvocationHandler
Throws:
Throwable

invokeAuthenticatedMethod

protected Object invokeAuthenticatedMethod(com.atlassian.user.User user,
                                           Method method,
                                           Object[] args)
                                    throws Throwable
Sets the authenticated user to the provided user before calling the method and restores the original user afterwards.

Parameters:
user - the user who is executing the method
method - the method to execute
args - any arguments to the method
Returns:
the result of executing the method
Throws:
Throwable - rethrows any exception thrown by the invoked method
See Also:
AuthenticatedUserThreadLocal

getAuthenticatedUser

protected com.atlassian.user.User getAuthenticatedUser(String token)
                                                throws InvalidSessionException,
                                                       NotPermittedException

Determines which user is performing the request. It attempts, in order:

  1. a non-anonymous user registered against provided token, if it is not blank
  2. a non-anonymous user authenticated by the normal security filters
  3. finally, the default is the anonymous user.

Returns the authenticated user.

Parameters:
token - the authentication token
Returns:
an authenticated user
Throws:
InvalidSessionException - if the provided token is invalid
NotPermittedException - if we need to fall back to the anonymous user, but anonymous access to the remote API is disabled

setWrappedObject

public void setWrappedObject(Object wrappedObject)

setTokenAuthenticationManager

public void setTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager)


Copyright © 2003-2013 Atlassian. All Rights Reserved.