|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.crowd.integration.http.HttpAuthenticatorImpl
public class HttpAuthenticatorImpl
This bean is used to manage HTTP authentication.
It is the fundamental class for web/SSO authentication integration. This class contains many convenience methods for authentication integration with existing applications. For most applications, using the following methods will be sufficient to achieve SSO:authenticate:
authenticate a user.isAuthenticated:
determine if a request is authenticated.getPrincipal:
retrieve the principal for an authenticated request.logoff:
sign the user out.HttpAuthenticatorFactory
to get an instance
of this class, or use an IoC container (like Spring) to manage this
class as a singleton.
SecurityServerClient
Constructor Summary | |
---|---|
HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
|
Method Summary | |
---|---|
void |
authenticate(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
Authenticate a remote user using SSO. |
void |
authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username)
Authenticate a remote user using SSO, without validating their password. |
protected String |
getCookieTokenKey()
|
SOAPPrincipal |
getPrincipal(javax.servlet.http.HttpServletRequest request)
Attempts to retrieve the principal from the request. |
UserAuthenticationContext |
getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
Generate a PrincipalAuthenticationContext object containing the provided username and password, and validation factors from the the request. |
SecurityServerClient |
getSecurityServerClient()
Retrieve the underlying SecurityServerClient used to communicate with the Crowd Security Server. |
SoapClientProperties |
getSoapClientProperties()
Retrieve the underlying client properties used to communicate with the Crowd Security Server. |
String |
getToken(javax.servlet.http.HttpServletRequest request)
Retrieve the Crowd authentication token from the request either via: a request attribute (not request parameter), OR a cookie on the request |
ValidationFactor[] |
getValidationFactors(javax.servlet.http.HttpServletRequest request)
Retrieves validation factors from the request: Remote Address: the source IP address of the HTTP request. Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address). |
boolean |
isAuthenticated(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Tests whether a request is authenticated via SSO. |
void |
logoff(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Log off the SSO authenticated user. |
void |
setPrincipalToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String token)
Sets the underlying principal token on: the request: as an attribute, so the user is authenticated for the span of the request. the response: as a cookie, so the user is authenticated for subsequent requests. |
void |
verifyAuthentication(String username,
String password)
Authenticate a remote principal without using SSO. |
String |
verifyAuthentication(String username,
String password,
ValidationFactor[] validationFactors)
Verifies the authentication of a principal's username/password, given a set of validation factors. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
authenticationManager
- the client to use to talk to the Crowd Server.Method Detail |
---|
public void setPrincipalToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String token) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException
HttpAuthenticator
setPrincipalToken
in interface HttpAuthenticator
request
- HttpServletRequestresponse
- HttpServletResponsetoken
- token value to use.
InvalidAuthorizationTokenException
- the application client's token is invalid.
RemoteException
- there was an underlying error communicating with the server.
InvalidAuthenticationException
- the username/password combination is invalid.public SOAPPrincipal getPrincipal(javax.servlet.http.HttpServletRequest request) throws InvalidAuthorizationTokenException, RemoteException, InvalidTokenException, InvalidAuthenticationException
HttpAuthenticator
getPrincipal
in interface HttpAuthenticator
request
- servlet request
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there are communication issues between the client and Crowd server
InvalidTokenException
- unable to find the token
InvalidAuthenticationException
- he username/password combination is invalidpublic String getToken(javax.servlet.http.HttpServletRequest request) throws InvalidTokenException
HttpAuthenticator
getToken
in interface HttpAuthenticator
request
- HttpServletRequest.
InvalidTokenException
- unable to find token in either a request attribute or cookie.HttpAuthenticator.setPrincipalToken(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)
public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws InvalidAuthorizationTokenException, RemoteException, ApplicationAccessDeniedException, InvalidAuthenticationException
HttpAuthenticator
isAuthenticated
in interface HttpAuthenticator
request
- HttpServletRequestresponse
- HttpServletResponse
true
if and only if the request has been authenticated
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an underlying error communicating with the server
ApplicationAccessDeniedException
- user does not have access to the application
InvalidAuthenticationException
- the username/password combination is invalidpublic void authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
HttpAuthenticator
See HttpAuthenticator.getValidationFactors(javax.servlet.http.HttpServletRequest)
for details regarding the validation factors used for authentication
authenticate
in interface HttpAuthenticator
request
- HttpServletRequest to obtain validation factorsresponse
- HttpServletResponse to write SSO cookieusername
- username of principalpassword
- password of principal
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an underlying error communicating with the server
InvalidAuthenticationException
- the username/password combination is invalid
InactiveAccountException
- the principal's account has been deactivated
ApplicationAccessDeniedException
- user does not have access to the application
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.HttpAuthenticator.getValidationFactors(javax.servlet.http.HttpServletRequest)
public void authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username) throws ApplicationAccessDeniedException, InvalidAuthenticationException, InvalidAuthorizationTokenException, InactiveAccountException, RemoteException
HttpAuthenticator
HttpAuthenticator.authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String, String)
instead.
authenticateWithoutValidatingPassword
in interface HttpAuthenticator
request
- HttpServletRequest to obtain validation factorsresponse
- HttpServletResponse to write SSO cookieusername
- username of the principal that you have already authenticated via some external means
ApplicationAccessDeniedException
- user does not have access to the application
InvalidAuthenticationException
- the username/password combination is invalid
InvalidAuthorizationTokenException
- the application client's token is invalid
InactiveAccountException
- the principal's account has been deactivated
RemoteException
- there was an underlying error communicating with the serverpublic String verifyAuthentication(String username, String password, ValidationFactor[] validationFactors) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
HttpAuthenticator
authenticate
method instead.
verifyAuthentication
in interface HttpAuthenticator
username
- username of principalpassword
- password of principalvalidationFactors
- validation factors used to generate a token
InvalidAuthorizationTokenException
- the application client's token is invalid.
InvalidAuthenticationException
- the username/password combination is invalid.
RemoteException
- there was an underlying error communicating with the server.
InactiveAccountException
- the principal's account has been deactivate.
ApplicationAccessDeniedException
- user does not have access to the application.
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate/public void verifyAuthentication(String username, String password) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
HttpAuthenticator
verifyAuthentication
in interface HttpAuthenticator
username
- username of the principal.password
- password of the principal.
InvalidAuthorizationTokenException
- the application client's token is invalid
InvalidAuthenticationException
- the username/password combination is invalid
RemoteException
- there was an underlying error while connecting to the remote server.
InactiveAccountException
- the user's account is invalid.
ApplicationAccessDeniedException
- the user does not have access to the application.
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.SecurityServerClient.authenticatePrincipalSimple(String, String)
public ValidationFactor[] getValidationFactors(javax.servlet.http.HttpServletRequest request)
HttpAuthenticator
getValidationFactors
in interface HttpAuthenticator
request
- HttpServletRequest.
public void logoff(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException
HttpAuthenticator
logoff
in interface HttpAuthenticator
request
- HttpServletRequest.response
- HttpServletResponse.
InvalidAuthorizationTokenException
- the application client's token is invalid
RemoteException
- there was an error while connecting to the remote server.
InvalidAuthenticationException
- the username/password combination is invalid.public UserAuthenticationContext getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password)
HttpAuthenticator
getPrincipalAuthenticationContext
in interface HttpAuthenticator
request
- HttpServletRequest.response
- unused.username
- username of principal.password
- password of principal.
public SoapClientProperties getSoapClientProperties()
HttpAuthenticator
getSoapClientProperties
in interface HttpAuthenticator
SecurityServerClient.getSoapClientProperties()
protected String getCookieTokenKey()
public SecurityServerClient getSecurityServerClient()
HttpAuthenticator
getSecurityServerClient
in interface HttpAuthenticator
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |