Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.integration.http
Class HttpAuthenticatorImpl

java.lang.Object
  extended by com.atlassian.crowd.integration.http.HttpAuthenticatorImpl
All Implemented Interfaces:
HttpAuthenticator
public class HttpAuthenticatorImpl
extends java.lang.Object
implements HttpAuthenticator

This bean is used to manage HTTP authentication.

It is the fundamental class for web/SSO authentication integration.

This class contains many convenience methods for authentication integration with existing applications. For most applications, using the following methods will be sufficient to achieve SSO:

  1. authenticate: authenticate a user.
  2. isAuthenticated: determine if a request is authenticated.
  3. getPrincipal: retrieve the principal for an authenticated request.
  4. logoff: sign the user out.

Use the HttpAuthenticatorFactory to get an instance of this class, or use an IoC container (like Spring) to manage this class as a singleton.

See Also:
SecurityServerClient

Field Summary
 
Fields inherited from interface com.atlassian.crowd.integration.http.HttpAuthenticator
REQUEST_SSO_COOKIE_COMMITTED
 
Constructor Summary
HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
           
 
Method Summary
 void authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password)
          Authenticate a remote user using SSO.
 ClientProperties getClientProperties()
          Retrieve the underlying client properties used to communicate with the Crowd Security Server.
protected  java.lang.String getCookieTokenKey()
           
 SOAPPrincipal getPrincipal(javax.servlet.http.HttpServletRequest request)
          Attempts to retrive the principal from the request.
 PrincipalAuthenticationContext getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password)
          Generate a PrincipalAuthenticationContext object containing the provided username and password, and validation factors from the the request.
 SecurityServerClient getSecurityServerClient()
          Retrieve the underlying SecurityServerClient used to communicate with the Crowd Security Server.
 java.lang.String getToken(javax.servlet.http.HttpServletRequest request)
          Retrieve the Crowd authentication token from the request either via:

a request attribute (not request parameter), OR a cookie on the request

 ValidationFactor[] getValidationFactors(javax.servlet.http.HttpServletRequest request)
          Retrieves validation factors from the request:

User Agent: the User-Agent HTTP header. Remote Address: the source IP address of the HTTP request. Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address).

 boolean isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Tests whether a request is authenticated via SSO.
 void logoff(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Log off the SSO authenticated user.
 void setPrincipalToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String token)
          Sets the underlying principal token on: the request: as an attribute, so the user is authenticated for the span of the request. the response: as a cookie, so the user is authenticated for subsequent requests.
 void verifyAuthentication(java.lang.String username, java.lang.String password)
          Authenticate a remote principal without using SSO.
 java.lang.String verifyAuthentication(java.lang.String username, java.lang.String password, ValidationFactor[] validationFactors)
          Verifies the authentication of a principal's username/password, given a set of validation factors.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HttpAuthenticatorImpl

public HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
Parameters:
authenticationManager - the client to use to talk to the Crowd Server.
Method Detail

setPrincipalToken

public void setPrincipalToken(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response,
                              java.lang.String token)
                       throws InvalidAuthorizationTokenException,
                              java.rmi.RemoteException
Sets the underlying principal token on:
  1. the request: as an attribute, so the user is authenticated for the span of the request.
  2. the response: as a cookie, so the user is authenticated for subsequent requests.

Specified by:
setPrincipalToken in interface HttpAuthenticator
Parameters:
request - HttpServletRequest
response - HttpServletResponse
token - token value to use.
Throws:
InvalidAuthorizationTokenException - application client is invalid.
java.rmi.RemoteException - there was an underlying error communicating with the server.

getPrincipal

public SOAPPrincipal getPrincipal(javax.servlet.http.HttpServletRequest request)
                           throws InvalidAuthorizationTokenException,
                                  java.rmi.RemoteException,
                                  ObjectNotFoundException,
                                  InvalidTokenException
Attempts to retrive the principal from the request.

Specified by:
getPrincipal in interface HttpAuthenticator
Parameters:
request - servlet request
Returns:
SOAPPrincipal of the authenticated user
Throws:
InvalidAuthorizationTokenException - if the Crowd cookie token is invalid
java.rmi.RemoteException - if there are communication issues between the client and Crowd server
ObjectNotFoundException - if principal does not exist.
InvalidTokenException - if the Crowd cookie token is invalid

getToken

public java.lang.String getToken(javax.servlet.http.HttpServletRequest request)
                          throws InvalidTokenException
Retrieve the Crowd authentication token from the request either via:

  1. a request attribute (not request parameter), OR
  2. a cookie on the request

Specified by:
getToken in interface HttpAuthenticator
Parameters:
request - HttpServletRequest.
Returns:
value of the token.
Throws:
InvalidTokenException - unable to find token in either a request attribute or cookie.
See Also:
HttpAuthenticator.setPrincipalToken(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)

isAuthenticated

public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response)
                        throws InvalidAuthorizationTokenException,
                               java.rmi.RemoteException,
                               ApplicationAccessDeniedException
Description copied from interface: HttpAuthenticator
Tests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie.

Specified by:
isAuthenticated in interface HttpAuthenticator
Parameters:
request - HttpServletRequest
response - HttpServletResponse
Returns:
true if and only if the request has been authenticated.
Throws:
InvalidAuthorizationTokenException - application client is invalid.
java.rmi.RemoteException - there was an underlying error communicating with the server.
ApplicationAccessDeniedException - user does not have access to the application.
See Also:
HttpAuthenticator.isAuthenticated(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

authenticate

public void authenticate(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         java.lang.String username,
                         java.lang.String password)
                  throws InvalidAuthorizationTokenException,
                         java.rmi.RemoteException,
                         InvalidAuthenticationException,
                         InactiveAccountException,
                         ApplicationAccessDeniedException
Authenticate a remote user using SSO.

Specified by:
authenticate in interface HttpAuthenticator
Parameters:
request - HttpServletRequest to obtain validation factors.
response - HttpServletResponse to write SSO cookie.
username - username of principal.
password - password of principal.
Throws:
InvalidAuthorizationTokenException - invalid application client.
java.rmi.RemoteException - there was an underlying error communicating with the server.
InvalidAuthenticationException - the username/password combination is invalid.
InactiveAccountException - the principal's account has been deactivated.
ApplicationAccessDeniedException - user does not have access to the application.
See Also:
for details regarding the validation factors used for authentication.

verifyAuthentication

public java.lang.String verifyAuthentication(java.lang.String username,
                                             java.lang.String password,
                                             ValidationFactor[] validationFactors)
                                      throws InvalidAuthorizationTokenException,
                                             InvalidAuthenticationException,
                                             java.rmi.RemoteException,
                                             InactiveAccountException,
                                             ApplicationAccessDeniedException
Verifies the authentication of a principal's username/password, given a set of validation factors.

This will authenticate the principal using the username and password provided, and will use the validation factors to generate an SSO token. This token can then be used by 3rd party systems to implement SSO or can be ignored to only provide centralised authentication.

NOTE: This method will not provide SSO functionality directly - use the authenticate method instead.

Specified by:
verifyAuthentication in interface HttpAuthenticator
Parameters:
username - username of principal.
password - password of principal.
validationFactors - validation factors used to generate a token.
Returns:
Crowd authentication token.
Throws:
InvalidAuthorizationTokenException - invalid application client.
java.rmi.RemoteException - there was an underlying error communicating with the server.
InvalidAuthenticationException - the username/password combination is invalid.
InactiveAccountException - the principal's account has been deactivated.
ApplicationAccessDeniedException - user does not have access to the application.

verifyAuthentication

public void verifyAuthentication(java.lang.String username,
                                 java.lang.String password)
                          throws InvalidAuthorizationTokenException,
                                 InvalidAuthenticationException,
                                 java.rmi.RemoteException,
                                 InactiveAccountException,
                                 ApplicationAccessDeniedException
Authenticate a remote principal without using SSO.

This performs an instant verification of username/password with the centralised user repository (Crowd Server).

Specified by:
verifyAuthentication in interface HttpAuthenticator
Parameters:
username - username of the principal.
password - password of the principal.
Throws:
InvalidAuthorizationTokenException - invalid application client.
InvalidAuthenticationException - invalid username/password combination.
java.rmi.RemoteException - error while connecting to the remote server.
InactiveAccountException - user's account is invalid.
ApplicationAccessDeniedException - user does not have access to the application.
See Also:
SecurityServerClient.authenticatePrincipalSimple(String, String)

getValidationFactors

public ValidationFactor[] getValidationFactors(javax.servlet.http.HttpServletRequest request)
Retrieves validation factors from the request:

  1. User Agent: the User-Agent HTTP header.
  2. Remote Address: the source IP address of the HTTP request.
  3. Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address).

Specified by:
getValidationFactors in interface HttpAuthenticator
Parameters:
request - HttpServletRequest.
Returns:
array of validation factors.

logoff

public void logoff(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws InvalidAuthorizationTokenException,
                   java.rmi.RemoteException
Log off the SSO authenticated user. This will also effectively log them off from all SSO applications.

This will sign out an authenticated user by invalidating their SSO token and removing it from their cookies.

If the request is not authenticated, this method will have no effect and will not throw an exception.

Specified by:
logoff in interface HttpAuthenticator
Parameters:
request - HttpServletRequest.
response - HttpServletResponse.
Throws:
InvalidAuthorizationTokenException - invalid application client.
java.rmi.RemoteException - error while connecting to the remote server.

getPrincipalAuthenticationContext

public PrincipalAuthenticationContext getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request,
                                                                        javax.servlet.http.HttpServletResponse response,
                                                                        java.lang.String username,
                                                                        java.lang.String password)
Generate a PrincipalAuthenticationContext object containing the provided username and password, and validation factors from the the request.

Specified by:
getPrincipalAuthenticationContext in interface HttpAuthenticator
Parameters:
request - HttpServletRequest.
response - unused.
username - username of principal.
password - password of principal.
Returns:
populated PrincipalAuthenticationContext.

getClientProperties

public ClientProperties getClientProperties()
Retrieve the underlying client properties used to communicate with the Crowd Security Server.

Specified by:
getClientProperties in interface HttpAuthenticator
Returns:
client properties.
See Also:
SecurityServerClient.getClientProperties()

getCookieTokenKey

protected java.lang.String getCookieTokenKey()

getSecurityServerClient

public SecurityServerClient getSecurityServerClient()
Retrieve the underlying SecurityServerClient used to communicate with the Crowd Security Server.

Specified by:
getSecurityServerClient in interface HttpAuthenticator
Returns:
SecurityServerClient.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009 Atlassian Pty Ltd. All Rights Reserved.