public class TokenAuthenticationInvocationHandler extends Object implements InvocationHandler
For login and logout method calls on the target object, invokes
TokenAuthenticationManager.login(String, String)
or
TokenAuthenticationManager.logout(String)
instead.
For all other methods, uses the first argument as a token to look up an authenticated user in the
TokenAuthenticationManager
and set the AuthenticatedUserThreadLocal
before
executing the method.
Constructor and Description |
---|
TokenAuthenticationInvocationHandler() |
Modifier and Type | Method and Description |
---|---|
protected ConfluenceUser |
getAuthenticatedUser(String token)
Determines which user is performing the request.
|
Object |
invoke(Object proxy,
Method method,
Object[] args) |
protected Object |
invokeAuthenticatedMethod(ConfluenceUser user,
Method method,
Object[] args)
Sets the authenticated user to the provided user before calling the method and restores
the original user afterwards.
|
static Object |
makeAuthenticatingProxy(Object rpcService,
Class publishedInterface) |
void |
setTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager) |
void |
setWrappedObject(Object wrappedObject) |
public TokenAuthenticationInvocationHandler()
public static Object makeAuthenticatingProxy(Object rpcService, Class publishedInterface)
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable
invoke
in interface InvocationHandler
Throwable
protected Object invokeAuthenticatedMethod(ConfluenceUser user, Method method, Object[] args) throws Throwable
user
- the user who is executing the methodmethod
- the method to executeargs
- any arguments to the methodThrowable
- rethrows any exception thrown by the invoked methodAuthenticatedUserThreadLocal
protected ConfluenceUser getAuthenticatedUser(String token) throws InvalidSessionException, NotPermittedException
Determines which user is performing the request. It attempts, in order:
Returns the authenticated user.
token
- the authentication tokenInvalidSessionException
- if the provided token is invalidNotPermittedException
- if we need to fall back to the anonymous user, but anonymous
access to the remote API is disabledpublic void setWrappedObject(Object wrappedObject)
public void setTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager)
Copyright © 2003–2016 Atlassian. All rights reserved.