com.atlassian.confluence.security.login
Class DefaultLoginManager

java.lang.Object
  extended by com.atlassian.confluence.security.login.DefaultLoginManager
All Implemented Interfaces:
LoginManager

@ThreadSafe
public class DefaultLoginManager
extends java.lang.Object
implements LoginManager

Default LoginManager that keeps track of login activity.

For known users the number of failed login attempts is stored in a user bound PropertySet.

For unknown users the DefaultLoginManager tracks the number of login attempts in a cache. It is important to track the number of login attempts for unknown users otherwise the observable behaviour of the application might be different for known and unknown users (See JRA-21016).

Every successful login clears the number of failed login attempts for a known user.


Constructor Summary
DefaultLoginManager(SettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.cache.CacheManager cacheManager, com.atlassian.core.util.Clock clock, UserLoginInfoDao loginInfoDao)
           
 
Method Summary
 LoginResult authenticate(java.lang.String userName, java.lang.String password)
          Try to authenticate a user given the userName and password.
 LoginInfo getLoginInfo(java.lang.String userName)
          Return information about a user's login history.
 LoginInfo getLoginInfo(com.atlassian.user.User user)
          Return information about a user's login history.
 boolean isElevatedSecurityCheckEnabled()
          Check if elevated security checks are available/enabled.
 void onFailedLoginAttempt(java.lang.String userName)
          Deprecated. 
 void onFailedLoginAttempt(java.lang.String userName, javax.servlet.http.HttpServletRequest servletRequest)
          This is called after an unsuccessful login attempt has been made.
 void onSuccessfulLoginAttempt(java.lang.String userName)
          Deprecated. 
 void onSuccessfulLoginAttempt(java.lang.String userName, javax.servlet.http.HttpServletRequest servletRequest)
          This is called after a successful login attempt has been made.
 boolean requiresElevatedSecurityCheck(java.lang.String userName)
          This is called to see whether the user requires an extended security check (such as CAPTCHA)
 void resetFailedLoginCount(com.atlassian.user.User user)
          This can be called to reset the failed login count of a user
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultLoginManager

public DefaultLoginManager(SettingsManager settingsManager,
                           UserAccessor userAccessor,
                           com.atlassian.cache.CacheManager cacheManager,
                           com.atlassian.core.util.Clock clock,
                           UserLoginInfoDao loginInfoDao)
Method Detail

onFailedLoginAttempt

@Deprecated
public void onFailedLoginAttempt(java.lang.String userName)
Deprecated. 

Specified by:
onFailedLoginAttempt in interface LoginManager

onFailedLoginAttempt

public void onFailedLoginAttempt(java.lang.String userName,
                                 javax.servlet.http.HttpServletRequest servletRequest)
This is called after an unsuccessful login attempt has been made. It allows the LoginManager to update information about a users login history.

Specified by:
onFailedLoginAttempt in interface LoginManager
Parameters:
userName - the name of the user in play. This MUST not be null.
servletRequest - the request pertaining to a login attempt.

onSuccessfulLoginAttempt

@Deprecated
public void onSuccessfulLoginAttempt(java.lang.String userName)
Deprecated. 

Specified by:
onSuccessfulLoginAttempt in interface LoginManager

onSuccessfulLoginAttempt

public void onSuccessfulLoginAttempt(java.lang.String userName,
                                     javax.servlet.http.HttpServletRequest servletRequest)
This is called after a successful login attempt has been made. It allows the LoginManager to update information about a users login history.

Specified by:
onSuccessfulLoginAttempt in interface LoginManager
Parameters:
userName - the name of the user in play. This MUST not be null.
servletRequest - the request pertaining to a login attempt.

isElevatedSecurityCheckEnabled

public boolean isElevatedSecurityCheckEnabled()
Check if elevated security checks are available/enabled.

Specified by:
isElevatedSecurityCheckEnabled in interface LoginManager
Returns:
true if elevated security checks are enabled, false otherwise

authenticate

public LoginResult authenticate(java.lang.String userName,
                                java.lang.String password)
Try to authenticate a user given the userName and password.

Returns a LoginResult that contains information about this particular authentication attempt.

Calling this method has side effects as the login manager tracks the number of failed and successful login attempts.

Specified by:
authenticate in interface LoginManager
Returns:
The result of the authentication attempt, this will never be null.

requiresElevatedSecurityCheck

public boolean requiresElevatedSecurityCheck(java.lang.String userName)
This is called to see whether the user requires an extended security check (such as CAPTCHA)

Specified by:
requiresElevatedSecurityCheck in interface LoginManager
Parameters:
userName - the name of the user in play. This MUST not be null.
Returns:
true if the user with the user name userName requires an extended security check

resetFailedLoginCount

public void resetFailedLoginCount(com.atlassian.user.User user)
This can be called to reset the failed login count of a user

Specified by:
resetFailedLoginCount in interface LoginManager
Parameters:
user - the user for which to reset the failed login count. This MUST not be null.

getLoginInfo

@Nullable
public LoginInfo getLoginInfo(java.lang.String userName)
Return information about a user's login history.

Specified by:
getLoginInfo in interface LoginManager
Returns:
LoginInfo

getLoginInfo

@Nullable
public LoginInfo getLoginInfo(com.atlassian.user.User user)
Return information about a user's login history.

Specified by:
getLoginInfo in interface LoginManager
Returns:
LoginInfo


Copyright © 2003-2013 Atlassian. All Rights Reserved.