|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.crowd.manager.authentication.TokenAuthenticationManagerImpl
public class TokenAuthenticationManagerImpl
Constructor Summary | |
---|---|
TokenAuthenticationManagerImpl()
|
Method Summary | |
---|---|
protected List<ValidationFactor> |
activeValidationFactors(ValidationFactor[] factors)
|
Token |
authenticateApplication(ApplicationAuthenticationContext authenticationContext)
Authenticates an application and generates an authentication token. |
Token |
authenticateUser(UserAuthenticationContext authenticateContext)
Deprecated. |
Token |
authenticateUser(UserAuthenticationContext authenticationContext,
boolean validatePassword,
boolean ignoreCache,
TokenLifetime tokenLifetime)
|
Token |
authenticateUser(UserAuthenticationContext authenticateContext,
TokenLifetime tokenLifetime)
Authenticates a user and and generates an authentication token. |
Token |
authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext)
Feigns the authentication process for a user and creates a token for the authentication without validating the password. |
List<Application> |
findAuthorisedApplications(User user,
String applicationName)
Returns a list of applications a user is authorised to authenticate with. |
User |
findUserByToken(String tokenKey,
String applicationName)
Will find a user via the passed in token key. |
Token |
findUserTokenByKey(String tokenKey,
String applicationName)
Returns the token matching a given key |
protected Token |
generateApplicationToken(ApplicationAuthenticationContext authenticationContext)
|
protected Token |
generateUserToken(long directoryID,
AuthenticationContext authenticationContext,
TokenLifetime tokenLifetime)
This method will return a Token based on the passed in parameters. |
protected Token |
genericValidateToken(String token,
ValidationFactor[] validationFactors)
Will validate a token key with the given ValidationFactor 's
against one (if it exists) in the datastore. |
Date |
getTokenExpiryTime(Token token)
Returns the expiry time of a token. |
void |
invalidateToken(String tokenKey)
Attempts to invalidate a Token based on the passed in Token key (random hash). |
void |
invalidateTokensForUser(String username,
String exclusionToken,
String applicationName)
Invalidates all sessions for a user, possibly excluding a specific one. |
boolean |
isAllowedToAuthenticate(String username,
long directoryId,
Application application)
Determines if a user is authorised to authenticate with a given application. |
boolean |
isAllowedToAuthenticate(Token token,
Application application)
|
boolean |
isAllowedToAuthenticate(Token token,
Application application,
boolean ignoreCache)
|
protected boolean |
isExpired(Token token)
|
void |
removeExpiredTokens()
Removes all tokens that have exceeded their expiry time. |
List<Token> |
searchTokens(EntityQuery<Token> query)
Returns a list of tokens matching the given query. |
void |
setApplicationDao(ApplicationDAO applicationDao)
|
void |
setApplicationManager(ApplicationManager applicationManager)
|
void |
setApplicationService(ApplicationService applicationService)
|
void |
setCacheManager(CacheManager cacheManager)
|
void |
setDirectoryManager(DirectoryManager directoryManager)
|
void |
setEventPublisher(com.atlassian.event.api.EventPublisher eventPublisher)
|
void |
setPropertyManager(PropertyManager propertyManager)
|
void |
setTokenFactory(TokenFactory tokenFactory)
|
void |
setTokenManager(TokenManager tokenManager)
|
Token |
validateApplicationToken(String tokenKey,
ValidationFactor[] clientValidationFactors)
Validates an application token key given validation factors. |
Token |
validateUserToken(String userTokenKey,
ValidationFactor[] validationFactors,
String applicationName)
Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public TokenAuthenticationManagerImpl()
Method Detail |
---|
public void invalidateToken(String tokenKey)
TokenAuthenticationManager
invalidateToken
in interface TokenAuthenticationManager
tokenKey
- the token key (random hash) to invalidate.public List<Token> searchTokens(EntityQuery<Token> query)
TokenAuthenticationManager
searchTokens
in interface TokenAuthenticationManager
query
- entity query for Entity.TOKEN
.
Token
matching the search criteria.public void removeExpiredTokens()
TokenAuthenticationManager
removeExpiredTokens
in interface TokenAuthenticationManager
public User findUserByToken(String tokenKey, String applicationName) throws InvalidTokenException, OperationFailedException, ApplicationAccessDeniedException
TokenAuthenticationManager
findUserByToken
in interface TokenAuthenticationManager
tokenKey
- the token keyapplicationName
- name of the current application
InvalidTokenException
- if the User or Directory cannot be found that relates to the given token,
or the token is associated to an Application and not a User
OperationFailedException
- if there was an issue accessing the user from the underlying directory
ApplicationAccessDeniedException
- the user is not allowed to authenticate with the application.public Token findUserTokenByKey(String tokenKey, String applicationName) throws InvalidTokenException, ApplicationAccessDeniedException, OperationFailedException, ApplicationNotFoundException
TokenAuthenticationManager
findUserTokenByKey
in interface TokenAuthenticationManager
tokenKey
- the token keyapplicationName
- name of the current application
InvalidTokenException
- if the token cannot be found by the give key,
or the token is associated to an Application and not a User
ApplicationAccessDeniedException
- the user is not allowed to authenticate with the application.
OperationFailedException
- if there was an issue accessing the user from the underlying directory
ApplicationNotFoundException
- if the application could not be foundpublic List<Application> findAuthorisedApplications(User user, String applicationName) throws OperationFailedException, DirectoryNotFoundException
TokenAuthenticationManager
findAuthorisedApplications
in interface TokenAuthenticationManager
user
- user to search for.applicationName
- name of the current application
OperationFailedException
- if there was an error querying directory.
DirectoryNotFoundException
- if the directory could not be found.public Token authenticateApplication(ApplicationAuthenticationContext authenticationContext) throws InvalidAuthenticationException
TokenAuthenticationManager
authenticateApplication
in interface TokenAuthenticationManager
authenticationContext
- application authentication credentials.
InvalidAuthenticationException
- authentication was not successful because either the application does not exist, the password is incorrect, the application is inactive or there was a problem generating the authentication token.public Token authenticateUser(UserAuthenticationContext authenticationContext, boolean validatePassword, boolean ignoreCache, TokenLifetime tokenLifetime) throws InvalidAuthenticationException, OperationFailedException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
InvalidAuthenticationException
OperationFailedException
InactiveAccountException
ApplicationAccessDeniedException
ExpiredCredentialException
@Deprecated public Token authenticateUser(UserAuthenticationContext authenticateContext) throws InvalidAuthenticationException, OperationFailedException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
authenticateUser
in interface TokenAuthenticationManager
InvalidAuthenticationException
OperationFailedException
InactiveAccountException
ApplicationAccessDeniedException
ExpiredCredentialException
TokenAuthenticationManager.authenticateUser(com.atlassian.crowd.model.authentication.UserAuthenticationContext, TokenLifetime)
public Token authenticateUser(UserAuthenticationContext authenticateContext, TokenLifetime tokenLifetime) throws InvalidAuthenticationException, OperationFailedException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
TokenAuthenticationManager
RemoteDirectory.authenticate(String, com.atlassian.crowd.embedded.api.PasswordCredential)
method is
iteratively called for each assigned directory. If the user does not exist in one directory, the directory is skipped and the next one is examined. If the user does
not exist in any of the assigned directories then an InvalidAuthenticationException
is thrown.
authenticateUser
in interface TokenAuthenticationManager
authenticateContext
- The authentication details for the user.tokenLifetime
- Requested lifetime of the token
InvalidAuthenticationException
- The authentication was not successful.
OperationFailedException
- error thrown by directory implementation when attempting to find or authenticate the user.
InactiveAccountException
- user account is inactive.
ApplicationAccessDeniedException
- user does not have access to authenticate with application.
ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.public Token authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext) throws InvalidAuthenticationException, OperationFailedException, InactiveAccountException, ApplicationAccessDeniedException
TokenAuthenticationManager
TokenAuthenticationManager.authenticateUser(com.atlassian.crowd.model.authentication.UserAuthenticationContext, TokenLifetime)
method.
authenticateUserWithoutValidatingPassword
in interface TokenAuthenticationManager
authenticateContext
- The authentication details for the user.
InvalidAuthenticationException
- if the authentication was not successful.
OperationFailedException
- if the error thrown by directory implementation when attempting to find or authenticate the user.
InactiveAccountException
- if the user account is inactive.
ApplicationAccessDeniedException
- if the user does not have access to authenticate with application.public Token validateApplicationToken(String tokenKey, ValidationFactor[] clientValidationFactors) throws InvalidTokenException
TokenAuthenticationManager
validateApplicationToken
in interface TokenAuthenticationManager
tokenKey
- returns a valid token corresponding to the tokenKey.clientValidationFactors
- validation factors for generating the token hash.
InvalidTokenException
- if the tokenKey or corresponding client validation factors do not represent a valid application token.public Token validateUserToken(String userTokenKey, ValidationFactor[] validationFactors, String applicationName) throws InvalidTokenException, ApplicationAccessDeniedException, OperationFailedException
TokenAuthenticationManager
validateUserToken
in interface TokenAuthenticationManager
userTokenKey
- returns a valid token corresponding to the tokenKey.validationFactors
- validation factors for generating the token hash.applicationName
- name of application to authenticate with.
InvalidTokenException
- if the userTokenKey or corresponding validationFactors do not represent a valid SSO token.
ApplicationAccessDeniedException
- the user is not allowed to authenticate with the application.
OperationFailedException
- there was an error communicating with an underlying directory when determining if a user is allowed to authenticate with the application (eg. if a user has the appropriate group memberships).protected List<ValidationFactor> activeValidationFactors(ValidationFactor[] factors)
protected Token generateUserToken(long directoryID, AuthenticationContext authenticationContext, TokenLifetime tokenLifetime) throws InvalidTokenException
Token
based on the passed in parameters.
If a token already exists in the datastore, this token will be returned with an updated lastAccessed time.
If a token is not found based on the passed in parameters a new Token
will be generated an stored in the datastore.
directoryID
- the directoryID you wish to generate a Token forauthenticationContext
- holder for the required attributes to authenticate against the Crowd servertokenLifetime
- requested lifetime of the token
Token
InvalidTokenException
- if there was an issue generating the key for a token.protected Token generateApplicationToken(ApplicationAuthenticationContext authenticationContext) throws InvalidTokenException
InvalidTokenException
protected Token genericValidateToken(String token, ValidationFactor[] validationFactors) throws InvalidTokenException
ValidationFactor
's
against one (if it exists) in the datastore.
token
- the key of a Token
validationFactors
- the ValidationFactor
's that are being used for authentication
InvalidTokenException
- thrown if the token keys are not equal, or the token has expired, or the token does not existprotected boolean isExpired(Token token)
public boolean isAllowedToAuthenticate(String username, long directoryId, Application application) throws OperationFailedException, DirectoryNotFoundException
application
- application the user wants to authenticate with.username
- the username of the user that wants to authenticate with the application.directoryId
- the directoryId of the user that wants to authenticate with the application.
true
iff the user is authorised to authenticate with the application.
OperationFailedException
- if the directory implementation could not be loaded when performing a membership check.
DirectoryNotFoundException
public boolean isAllowedToAuthenticate(Token token, Application application, boolean ignoreCache) throws OperationFailedException, DirectoryNotFoundException
OperationFailedException
DirectoryNotFoundException
public boolean isAllowedToAuthenticate(Token token, Application application) throws OperationFailedException, DirectoryNotFoundException
OperationFailedException
DirectoryNotFoundException
public void invalidateTokensForUser(String username, String exclusionToken, String applicationName) throws UserNotFoundException, ApplicationNotFoundException
TokenAuthenticationManager
invalidateTokensForUser
in interface TokenAuthenticationManager
exclusionToken
- the random hash of a token to leave validapplicationName
- name of the current application
UserNotFoundException
ApplicationNotFoundException
public Date getTokenExpiryTime(Token token)
TokenAuthenticationManager
getTokenExpiryTime
in interface TokenAuthenticationManager
token
- a token
public void setTokenManager(TokenManager tokenManager)
public void setApplicationDao(ApplicationDAO applicationDao)
public void setTokenFactory(TokenFactory tokenFactory)
public void setCacheManager(CacheManager cacheManager)
public void setEventPublisher(com.atlassian.event.api.EventPublisher eventPublisher)
public void setPropertyManager(PropertyManager propertyManager)
public void setDirectoryManager(DirectoryManager directoryManager)
public void setApplicationManager(ApplicationManager applicationManager)
public void setApplicationService(ApplicationService applicationService)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |