com.atlassian.confluence.security.seraph
Class ConfluenceElevatedSecurityGuard

java.lang.Object
  extended by com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard
All Implemented Interfaces:
com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard, com.atlassian.seraph.Initable

public class ConfluenceElevatedSecurityGuard
extends Object
implements com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

Confluence specific implementation of the Seraph ElevatedSecurityGuard.

NOTE : This class is instantiated by Seraph at servlet context initialisation time hence it cannot have its dependencies injected.


Field Summary
static String ELEVATED_SECURITY_FAILURE
           
 
Constructor Summary
ConfluenceElevatedSecurityGuard()
          Seraph needs the default constructor
 
Method Summary
 void init(Map<String,String> params, com.atlassian.seraph.config.SecurityConfig config)
           
 void onFailedLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
           
 void onSuccessfulLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
           
 boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
          This will be called to perform an elevated security check for a given user name.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ELEVATED_SECURITY_FAILURE

public static final String ELEVATED_SECURITY_FAILURE
See Also:
Constant Field Values
Constructor Detail

ConfluenceElevatedSecurityGuard

public ConfluenceElevatedSecurityGuard()
Seraph needs the default constructor

Method Detail

performElevatedSecurityCheck

public boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
                                            String userName)
This will be called to perform an elevated security check for a given user name. Its up to the implementor to decide what if any tests needs to be done. It should return true if the authentication can proceed.

Specified by:
performElevatedSecurityCheck in interface com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard
Parameters:
httpServletRequest - the HTTP request in play
userName - the name of the user to get login information about
Returns:
true if the user passed the elevated security check or false if not. If you dont want any elevated security checks done then always return true.

onFailedLoginAttempt

public void onFailedLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                                 String userName)
Specified by:
onFailedLoginAttempt in interface com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

onSuccessfulLoginAttempt

public void onSuccessfulLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                                     String userName)
Specified by:
onSuccessfulLoginAttempt in interface com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

init

public void init(Map<String,String> params,
                 com.atlassian.seraph.config.SecurityConfig config)
Specified by:
init in interface com.atlassian.seraph.Initable


Copyright © 2003–2015 Atlassian. All rights reserved.