|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.crowd.integration.http.HttpAuthenticatorImpl
public class HttpAuthenticatorImpl
This bean is used to manage HTTP authentication.
It is the fundamental class for web/SSO authentication integration. This class contains many convenience methods for authentication integration with existing applications. For most applications, using the following methods will be sufficient to achieve SSO:authenticate:
authenticate a user.isAuthenticated:
determine if a request is authenticated.getPrincipal:
retrieve the principal for an authenticated request.logoff:
sign the user out.HttpAuthenticatorFactory
to get an instance
of this class, or use an IoC container (like Spring) to manage this
class as a singleton.
SecurityServerClient
Constructor Summary | |
---|---|
HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
|
Method Summary | |
---|---|
void |
authenticate(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String username,
java.lang.String password)
Authenticate a remote user using SSO. |
void |
authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String username)
Authenticate a remote user using SSO, without validating their password. |
protected java.lang.String |
getCookieTokenKey()
|
SOAPPrincipal |
getPrincipal(javax.servlet.http.HttpServletRequest request)
Attempts to retrieve the principal from the request. |
UserAuthenticationContext |
getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String username,
java.lang.String password)
Generate a PrincipalAuthenticationContext object containing the provided username and password, and validation factors from the the request. |
SecurityServerClient |
getSecurityServerClient()
Retrieve the underlying SoapSecurityServerClient used to communicate with the Crowd Security Server. |
SoapClientProperties |
getSoapClientProperties()
Retrieve the underlying client properties used to communicate with the Crowd Security Server. |
java.lang.String |
getToken(javax.servlet.http.HttpServletRequest request)
Retrieve the Crowd authentication token from the request either via: a request attribute (not request parameter), OR a cookie on the request |
ValidationFactor[] |
getValidationFactors(javax.servlet.http.HttpServletRequest request)
Retrieves validation factors from the request: Remote Address: the source IP address of the HTTP request. Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address). |
boolean |
isAuthenticated(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Tests whether a request is authenticated via SSO. |
void |
logoff(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Log off the SSO authenticated user. |
void |
setPrincipalToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String token)
Sets the underlying principal token on: the request: as an attribute, so the user is authenticated for the span of the request. the response: as a cookie, so the user is authenticated for subsequent requests. |
void |
verifyAuthentication(java.lang.String username,
java.lang.String password)
Authenticate a remote principal without using SSO. |
java.lang.String |
verifyAuthentication(java.lang.String username,
java.lang.String password,
ValidationFactor[] validationFactors)
Verifies the authentication of a principal's username/password, given a set of validation factors. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
authenticationManager
- the client to use to talk to the Crowd Server.Method Detail |
---|
public void setPrincipalToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String token) throws InvalidAuthorizationTokenException, java.rmi.RemoteException
setPrincipalToken
in interface HttpAuthenticator
request
- HttpServletRequestresponse
- HttpServletResponsetoken
- token value to use.
InvalidAuthorizationTokenException
- application client is invalid.
java.rmi.RemoteException
- there was an underlying error communicating with the server.public SOAPPrincipal getPrincipal(javax.servlet.http.HttpServletRequest request) throws InvalidAuthorizationTokenException, java.rmi.RemoteException, InvalidTokenException
getPrincipal
in interface HttpAuthenticator
request
- servlet request
InvalidAuthorizationTokenException
- if the Crowd cookie token is invalid
java.rmi.RemoteException
- if there are communication issues between the client and Crowd server
UserNotFoundException
- if principal does not exist.
InvalidTokenException
- if the Crowd cookie token is invalidpublic java.lang.String getToken(javax.servlet.http.HttpServletRequest request) throws InvalidTokenException
getToken
in interface HttpAuthenticator
request
- HttpServletRequest.
InvalidTokenException
- unable to find token in either a request attribute or cookie.HttpAuthenticator.setPrincipalToken(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)
public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws InvalidAuthorizationTokenException, java.rmi.RemoteException, ApplicationAccessDeniedException
HttpAuthenticator
isAuthenticated
in interface HttpAuthenticator
request
- HttpServletRequestresponse
- HttpServletResponse
true
if and only if the request has been authenticated.
InvalidAuthorizationTokenException
- application client is invalid.
java.rmi.RemoteException
- there was an underlying error communicating with the server.
ApplicationAccessDeniedException
- user does not have access to the application.HttpAuthenticator.isAuthenticated(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
public void authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password) throws InvalidAuthorizationTokenException, java.rmi.RemoteException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
authenticate
in interface HttpAuthenticator
request
- HttpServletRequest to obtain validation factors.response
- HttpServletResponse to write SSO cookie.username
- username of principal.password
- password of principal.
InvalidAuthorizationTokenException
- invalid application client.
java.rmi.RemoteException
- there was an underlying error communicating with the server.
InvalidAuthenticationException
- the username/password combination is invalid.
InactiveAccountException
- the principal's account has been deactivated.
ExpiredCredentialException
- The user's credentials have expired. The user must change their credentials in order to successfully authenticate.
ApplicationAccessDeniedException
- user does not have access to the application.for details regarding the validation factors used for authentication.
public void authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username) throws ApplicationAccessDeniedException, InvalidAuthenticationException, InvalidAuthorizationTokenException, InactiveAccountException, java.rmi.RemoteException
HttpAuthenticator
HttpAuthenticator.authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String, String)
instead.
authenticateWithoutValidatingPassword
in interface HttpAuthenticator
request
- HttpServletRequest to obtain validation factors.response
- HttpServletResponse to write SSO cookie.username
- username of the principal that you have already authenticated via some external means.
ApplicationAccessDeniedException
- user does not have access to the application.
InvalidAuthenticationException
- the username/password combination is invalid.
InvalidAuthorizationTokenException
- invalid application client.
InactiveAccountException
- the principal's account has been deactivated.
java.rmi.RemoteException
- there was an underlying error communicating with the server.public java.lang.String verifyAuthentication(java.lang.String username, java.lang.String password, ValidationFactor[] validationFactors) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, java.rmi.RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
authenticate
method instead.
verifyAuthentication
in interface HttpAuthenticator
username
- username of principal.password
- password of principal.validationFactors
- validation factors used to generate a token.
InvalidAuthorizationTokenException
- invalid application client.
java.rmi.RemoteException
- there was an underlying error communicating with the server.
InvalidAuthenticationException
- the username/password combination is invalid.
InactiveAccountException
- the principal's account has been deactivated.
ExpiredCredentialException
- The user's credentials have expired. The user must change their credentials in order to successfully authenticate.
ApplicationAccessDeniedException
- user does not have access to the application.public void verifyAuthentication(java.lang.String username, java.lang.String password) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, java.rmi.RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
verifyAuthentication
in interface HttpAuthenticator
username
- username of the principal.password
- password of the principal.
InvalidAuthorizationTokenException
- invalid application client.
InvalidAuthenticationException
- invalid username/password combination.
java.rmi.RemoteException
- error while connecting to the remote server.
InactiveAccountException
- user's account is invalid.
ExpiredCredentialException
- The user's credentials have expired. The user must change their credentials in order to successfully authenticate.
ApplicationAccessDeniedException
- user does not have access to the application.SecurityServerClient.authenticatePrincipalSimple(String, String)
public ValidationFactor[] getValidationFactors(javax.servlet.http.HttpServletRequest request)
getValidationFactors
in interface HttpAuthenticator
request
- HttpServletRequest.
public void logoff(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws InvalidAuthorizationTokenException, java.rmi.RemoteException
logoff
in interface HttpAuthenticator
request
- HttpServletRequest.response
- HttpServletResponse.
InvalidAuthorizationTokenException
- invalid application client.
java.rmi.RemoteException
- error while connecting to the remote server.public UserAuthenticationContext getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password)
getPrincipalAuthenticationContext
in interface HttpAuthenticator
request
- HttpServletRequest.response
- unused.username
- username of principal.password
- password of principal.
public SoapClientProperties getSoapClientProperties()
getSoapClientProperties
in interface HttpAuthenticator
SecurityServerClient.getSoapClientProperties()
protected java.lang.String getCookieTokenKey()
public SecurityServerClient getSecurityServerClient()
getSecurityServerClient
in interface HttpAuthenticator
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |