com.atlassian.crowd.integration.seraph
Class CrowdAuthenticator

java.lang.Object
  com.atlassian.seraph.auth.AbstractAuthenticator
      com.atlassian.seraph.auth.DefaultAuthenticator
          com.atlassian.crowd.integration.seraph.CrowdAuthenticator

All Implemented Interfaces:

com.atlassian.seraph.auth.Authenticator, com.atlassian.seraph.Initable, java.io.Serializable

Direct Known Subclasses:

BambooAuthenticator, ConfluenceAuthenticator, JIRAAuthenticator

public abstract class CrowdAuthenticator
extends com.atlassian.seraph.auth.DefaultAuthenticator

See Also:

Serialized Form

Field Summary

protected static org.apache.log4j.Logger

logger

Fields inherited from class com.atlassian.seraph.auth.DefaultAuthenticator

LOGGED_IN_KEY, LOGGED_OUT_KEY

Fields inherited from interface com.atlassian.seraph.auth.Authenticator

DEFAULT_AUTHENTICATOR

Constructor Summary

CrowdAuthenticator(CrowdHttpAuthenticator crowdHttpAuthenticator)

Method Summary

protected boolean	authenticate(java.security.Principal user, java.lang.String password) Override the super method, always return true so that authentication is not called twice when a user logs in.
protected boolean	autoLoginToCrowd(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Attempts to authenticate the request based on the auto-login cookie (if set).
protected void	fetchUserInCache(java.lang.String username) Fetches a user with the given username in the cache, in case the user exists, but cannot be found from the cache yet.
java.security.Principal	getUser(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected boolean	isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Checks to see if the request can be authenticated.
boolean	login(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, java.lang.String username, java.lang.String password)
boolean	login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password, boolean cookie)
boolean	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

Methods inherited from class com.atlassian.seraph.auth.DefaultAuthenticator

authoriseUserAndEstablishSession, getAuthType, getElevatedSecurityGuard, getLogoutInterceptors, getRememberMeService, getRoleMapper, getUser, getUserFromBasicAuthentication, getUserFromCookie, getUserFromSession, init, isAuthorised, isUserInRole, putPrincipalInSessionContext, removePrincipalFromSessionContext

Methods inherited from class com.atlassian.seraph.auth.AbstractAuthenticator

destroy, getConfig, getRemoteUser, getUser

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.apache.log4j.Logger logger

Constructor Detail

CrowdAuthenticator

public CrowdAuthenticator(CrowdHttpAuthenticator crowdHttpAuthenticator)

Method Detail

fetchUserInCache

protected void fetchUserInCache(java.lang.String username)

Fetches a user with the given username in the cache, in case the user exists, but cannot be found from the cache yet. By default this method will call DefaultAuthenticator.getUser(String), but JIRA needs to override it, because DefaultAuthenticator.getUser(String) only checks the local cache when retrieving users.

Parameters:

username - username of the user to be fetched

Throws:

InvalidAuthenticationException - if the application or user authentication was not successful.

OperationFailedException - if the operation has failed for an unknown reason

authenticate

protected boolean authenticate(java.security.Principal user,
                               java.lang.String password)

Override the super method, always return true so that authentication is not called twice when a user logs in.

Overrides:

authenticate in class com.atlassian.seraph.auth.DefaultAuthenticator

login

public boolean login(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     java.lang.String username,
                     java.lang.String password,
                     boolean cookie)
              throws com.atlassian.seraph.auth.AuthenticatorException

Specified by:

login in interface com.atlassian.seraph.auth.Authenticator

Overrides:

login in class com.atlassian.seraph.auth.DefaultAuthenticator

Throws:

com.atlassian.seraph.auth.AuthenticatorException

login

public boolean login(javax.servlet.http.HttpServletRequest httpServletRequest,
                     javax.servlet.http.HttpServletResponse httpServletResponse,
                     java.lang.String username,
                     java.lang.String password)
              throws com.atlassian.seraph.auth.AuthenticatorException

Specified by:

login in interface com.atlassian.seraph.auth.Authenticator

Overrides:

login in class com.atlassian.seraph.auth.AbstractAuthenticator

Throws:

com.atlassian.seraph.auth.AuthenticatorException

logout

public boolean logout(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
               throws com.atlassian.seraph.auth.AuthenticatorException

Specified by:

logout in interface com.atlassian.seraph.auth.Authenticator

Overrides:

logout in class com.atlassian.seraph.auth.DefaultAuthenticator

Throws:

com.atlassian.seraph.auth.AuthenticatorException

isAuthenticated

protected boolean isAuthenticated(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)

Checks to see if the request can be authenticated. This method checks (in order):

1. Trusted Apps: it is possible that an earlier filter authenticated the request, so check to see if this is the case.
2. Seraph-Remember Me: sees if the username and password are in the seraph remember-me cookie
3. Crowd Authenticator: if a valid Crowd session-cookie (token) exists, the HttpAuthenticator will authenticate the request as "valid".
4. AutoLogin Cookie: if a valid "remember me" persistent-cookie exists, the username/password will be decoded from the cookie and the user will be authenticated via the HttpAuthenticator. This will automatically create a Crowd session-cookie (token) for the session.

If all checks fail authentication, the isAuthenticated method returns false, and the user is logged out.

Parameters:

request - servlet request.

response - servlet response.

Returns:

true if request can be authenticated.

autoLoginToCrowd

protected boolean autoLoginToCrowd(javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response)

Attempts to authenticate the request based on the auto-login cookie (if set). This will only authenticate to Crowd via HttpAuthenticator. This will not set any session variables and the like.

Parameters:

request - servlet request.

response - servlet response.

Returns:

true if authentication via HttpAuthenticator using auto-login credentials successful.

getUser

public java.security.Principal getUser(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response)

Specified by:

getUser in interface com.atlassian.seraph.auth.Authenticator

Overrides:

getUser in class com.atlassian.seraph.auth.DefaultAuthenticator