com.atlassian.confluence.security.seraph

Class ConfluenceElevatedSecurityGuard

java.lang.Object

com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard

All Implemented Interfaces:

com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard, com.atlassian.seraph.Initable

public class ConfluenceElevatedSecurityGuard
extends Object
implements com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

Confluence specific implementation of the Seraph ElevatedSecurityGuard.

NOTE : This class is instantiated by Seraph at servlet context initialisation time hence it cannot have its dependencies injected.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ELEVATED_SECURITY_FAILURE

Constructor Summary

Constructors

Constructor and Description
ConfluenceElevatedSecurityGuard() Seraph needs the default constructor

Method Summary

Modifier and Type	Method and Description
void	init(Map<String,String> params, com.atlassian.seraph.config.SecurityConfig config)
void	onFailedLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
void	onSuccessfulLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
boolean	performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName) This will be called to perform an elevated security check for a given user name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ELEVATED_SECURITY_FAILURE

public static final String ELEVATED_SECURITY_FAILURE

See Also:

Constant Field Values

Constructor Detail

ConfluenceElevatedSecurityGuard

public ConfluenceElevatedSecurityGuard()

Seraph needs the default constructor

Method Detail

performElevatedSecurityCheck

public boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
                                            String userName)

This will be called to perform an elevated security check for a given user name. Its up to the implementor to decide what if any tests needs to be done. It should return true if the authentication can proceed.

Specified by:

performElevatedSecurityCheck in interface com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

Parameters:

httpServletRequest - the HTTP request in play

userName - the name of the user to get login information about

Returns:

true if the user passed the elevated security check or false if not. If you dont want any elevated security checks done then always return true.

onFailedLoginAttempt

public void onFailedLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                                 String userName)

Specified by:

onFailedLoginAttempt in interface com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

onSuccessfulLoginAttempt

public void onSuccessfulLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                                     String userName)

Specified by:

onSuccessfulLoginAttempt in interface com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard

init

public void init(Map<String,String> params,
                 com.atlassian.seraph.config.SecurityConfig config)

Specified by:

init in interface com.atlassian.seraph.Initable