OpenIDAuthenticationManager (Atlassian Crowd 2.6.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.openid.server.manager.openid
Interface OpenIDAuthenticationManager

All Known Implementing Classes:: OpenIDAuthenticationManagerGeneric

public interface OpenIDAuthenticationManager

Method Summary
`OpenIDAuthResponse`	`allowRequest(User user, long profileID, OpenIDAuthRequest authReq, boolean alwaysAllow)` Process a request if the "allow" or "allow always" action is taken by the user when a site has requested authentication.
`OpenIDAuthResponse`	`autoAllowRequest(User user, OpenIDAuthRequest authReq)` Processes a request if the "allow_always" flag has been set for the requesting site.
`OpenIDAuthResponse`	`checkImmediate(SOAPPrincipal principal, Locale locale, OpenIDAuthRequest authReq)` A convenience wrapper for the autoAllowRequest method.
`OpenIDAuthResponse`	`denyRequest(User user, OpenIDAuthRequest authReq)` Process a request if the "deny" action is taken by the user when a site has requested authentication.
`void`	`validateRequest(User user, OpenIDAuthRequest authReq)` Validates the OpenID authentication request.

Method Detail

validateRequest

void validateRequest(User user,
                     OpenIDAuthRequest authReq)
                     throws InvalidRequestException,
                            SiteDisallowedException,
                            IdentifierViolationException

Validates the OpenID authentication request. Does nothing if the request is valid. Throws a corresponding exception if request is invalid.

Parameters:: user - logged in user.; authReq - OpenID authentication request.
Throws:: InvalidRequestException - if authReq is null or the return_to URL is invalid/malformed.; SiteDisallowedException - if the site is disallowed by whitelist/blacklist or the site is localhost and local return_to URLs have been disallowed.; IdentifierViolationException - if the principal does not own the OpenID identifier.

autoAllowRequest

OpenIDAuthResponse autoAllowRequest(User user,
                                    OpenIDAuthRequest authReq)

Processes a request if the "allow_always" flag has been set for the requesting site. The OpenIDAuthResponse is successful and contains attributes from the associated profile, if the site is trusted by the user. Otherwise, it is unsuccessful.

Parameters:: user - user processing request.; authReq - OpenIDAuthRequest being processed.
Returns:: OpenIDAuthResponse corresponding to success if the site is trusted by the user and has an associated profile set.

denyRequest

OpenIDAuthResponse denyRequest(User user,
                               OpenIDAuthRequest authReq)

Process a request if the "deny" action is taken by the user when a site has requested authentication. This creates an authentication record of the deny action and returns an unsuccessful OpenIDAuthResponse.

Parameters:: user - user processing request.; authReq - OpenIDAuthRequest being processed.
Returns:: unsuccessful OpenIDAuthResponse.

allowRequest

OpenIDAuthResponse allowRequest(User user,
                                long profileID,
                                OpenIDAuthRequest authReq,
                                boolean alwaysAllow)

Process a request if the "allow" or "allow always" action is taken by the user when a site has requested authentication. This creates an authentication record of the deny action and returns an successful OpenIDAuthResponse containing attributes from the user's profile. If an error occurs (such as, the user is trying to access someone else's profile, or the profile selected does not exist) an unsuccessful OpenIDAuthResponse is generated.

Parameters:: user - user processing request.; profileID - ID of profile containing attributes to be used in response.; authReq - OpenIDAuthRequest being processed.; alwaysAllow - true if the user wants to trust the site.
Returns:: successful OpenIDAuthResponse if request processed without errors, otherwise unsuccessful OpenIDAuthResponse.

checkImmediate

OpenIDAuthResponse checkImmediate(SOAPPrincipal principal,
                                  Locale locale,
                                  OpenIDAuthRequest authReq)

A convenience wrapper for the autoAllowRequest method. This only returns a successful response if the user has trusted the site requesting authentication. If any errors occur, eg. backend errors getting the user object from the principal, or the requesting site is blacklisted/blocked, an immediate unsuccessful response is returned

Parameters:: principal - principal corresponding to logged in user.; locale - locale of the logged in user.; authReq - authentication request of the user.
Returns:: successful OpenIDAuthResponse iff the request is valid, site is not banned and user has a pre-existing trust relationship with the site.