Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.manager.authentication
Interface TokenAuthenticationManager

All Known Implementing Classes:
AliasingAwareTokenAuthenticationManager, TokenAuthenticationManagerImpl
public interface TokenAuthenticationManager

Method Summary
 Token authenticateApplication(ApplicationAuthenticationContext authenticationContext)
          Authenticates an application and generates an authentication token.
 Token authenticateUser(UserAuthenticationContext authenticateContext)
          Deprecated. This method exists to maintain the API for old clients. It creates a token with the default lifetime.
 Token authenticateUser(UserAuthenticationContext authenticateContext, TokenLifetime tokenLifetime)
          Authenticates a user and and generates an authentication token.
 Token authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext)
          Feigns the authentication process for a user and creates a token for the authentication without validating the password.
 List<Application> findAuthorisedApplications(User user, String applicationName)
          Returns a list of applications a user is authorised to authenticate with.
 User findUserByToken(String tokenKey, String applicationName)
          Will find a user via the passed in token key.
 Token findUserTokenByKey(String tokenKey, String applicationName)
          Returns the token matching a given key
 Date getTokenExpiryTime(Token token)
          Returns the expiry time of a token.
 void invalidateToken(String token)
          Attempts to invalidate a Token based on the passed in Token key (random hash).
 void invalidateTokensForUser(String username, String exclusionToken, String applicationName)
          Invalidates all sessions for a user, possibly excluding a specific one.
 void removeExpiredTokens()
          Removes all tokens that have exceeded their expiry time.
 Token validateApplicationToken(String tokenKey, ValidationFactor[] validationFactors)
          Validates an application token key given validation factors.
 Token validateUserToken(String userTokenKey, ValidationFactor[] validationFactors, String application)
          Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application
 

Method Detail

authenticateApplication

Token authenticateApplication(ApplicationAuthenticationContext authenticationContext)
                              throws InvalidAuthenticationException
Authenticates an application and generates an authentication token.

Parameters:
authenticationContext - application authentication credentials.
Returns:
generated authentication token.
Throws:
InvalidAuthenticationException - authentication was not successful because either the application does not exist, the password is incorrect, the application is inactive or there was a problem generating the authentication token.

authenticateUser

Token authenticateUser(UserAuthenticationContext authenticateContext,
                       TokenLifetime tokenLifetime)
                       throws InvalidAuthenticationException,
                              OperationFailedException,
                              InactiveAccountException,
                              ApplicationAccessDeniedException,
                              ExpiredCredentialException,
                              ApplicationNotFoundException
Authenticates a user and and generates an authentication token. The password of the user is validated before generating a token.

The RemoteDirectory.authenticate(String, com.atlassian.crowd.embedded.api.PasswordCredential) method is iteratively called for each assigned directory. If the user does not exist in one directory, the directory is skipped and the next one is examined. If the user does not exist in any of the assigned directories then an InvalidAuthenticationException is thrown.

Parameters:
authenticateContext - The authentication details for the user.
tokenLifetime - Requested lifetime of the token
Returns:
The authenticated token for the user.
Throws:
InvalidAuthenticationException - The authentication was not successful.
OperationFailedException - error thrown by directory implementation when attempting to find or authenticate the user.
InactiveAccountException - user account is inactive.
ApplicationAccessDeniedException - user does not have access to authenticate with application.
ExpiredCredentialException - the user's credentials have expired. The user must change their credentials in order to successfully authenticate.
ApplicationNotFoundException - if the application could not be found

authenticateUser

@Deprecated
Token authenticateUser(UserAuthenticationContext authenticateContext)
                       throws InvalidAuthenticationException,
                              OperationFailedException,
                              InactiveAccountException,
                              ApplicationAccessDeniedException,
                              ExpiredCredentialException,
                              ApplicationNotFoundException
Deprecated. This method exists to maintain the API for old clients. It creates a token with the default lifetime.

Throws:
InvalidAuthenticationException
OperationFailedException
InactiveAccountException
ApplicationAccessDeniedException
ExpiredCredentialException
ApplicationNotFoundException
See Also:
authenticateUser(com.atlassian.crowd.model.authentication.UserAuthenticationContext, TokenLifetime)

authenticateUserWithoutValidatingPassword

Token authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext)
                                                throws InvalidAuthenticationException,
                                                       OperationFailedException,
                                                       InactiveAccountException,
                                                       ApplicationAccessDeniedException,
                                                       ApplicationNotFoundException
Feigns the authentication process for a user and creates a token for the authentication without validating the password.

This method only be used to generate a token for a user that has already authenticated credentials via some other means (eg. SharePoint NTLM connector) as this method bypasses any password checks.

If you want actual password authentication, use the authenticateUser(com.atlassian.crowd.model.authentication.UserAuthenticationContext, TokenLifetime) method.

Parameters:
authenticateContext - The authentication details for the user.
Returns:
The authenticated token for the user.
Throws:
InvalidAuthenticationException - if the authentication was not successful.
OperationFailedException - if the error thrown by directory implementation when attempting to find or authenticate the user.
InactiveAccountException - if the user account is inactive.
ApplicationAccessDeniedException - if the user does not have access to authenticate with application.
ApplicationNotFoundException - if the application could not be found

validateApplicationToken

Token validateApplicationToken(String tokenKey,
                               ValidationFactor[] validationFactors)
                               throws InvalidTokenException
Validates an application token key given validation factors.

Parameters:
tokenKey - returns a valid token corresponding to the tokenKey.
validationFactors - validation factors for generating the token hash.
Returns:
validated token.
Throws:
InvalidTokenException - if the tokenKey or corresponding client validation factors do not represent a valid application token.

validateUserToken

Token validateUserToken(String userTokenKey,
                        ValidationFactor[] validationFactors,
                        String application)
                        throws InvalidTokenException,
                               ApplicationAccessDeniedException,
                               OperationFailedException
Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application

Parameters:
userTokenKey - returns a valid token corresponding to the tokenKey.
validationFactors - validation factors for generating the token hash.
application - name of application to authenticate with.
Returns:
validated authentication token.
Throws:
InvalidTokenException - if the userTokenKey or corresponding validationFactors do not represent a valid SSO token.
OperationFailedException - there was an error communicating with an underlying directory when determining if a user is allowed to authenticate with the application (eg. if a user has the appropriate group memberships).
ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.

invalidateToken

void invalidateToken(String token)
Attempts to invalidate a Token based on the passed in Token key (random hash).

If the token does not exist (ie. already invalidated) this method silently returns. If an existing token is successfully invalidated, a TokenInvalidatedEvent is fired.

Parameters:
token - the token key (random hash) to invalidate.

removeExpiredTokens

void removeExpiredTokens()
Removes all tokens that have exceeded their expiry time.

NOTE: Do not call this method from the web layer, as this is wrapped in a Spring managed transaction.

findUserByToken

User findUserByToken(String tokenKey,
                     String applicationName)
                     throws InvalidTokenException,
                            OperationFailedException,
                            ApplicationNotFoundException,
                            ApplicationAccessDeniedException
Will find a user via the passed in token key.

Parameters:
tokenKey - the token key
applicationName - name of the current application
Returns:
the User associated to the given token key
Throws:
InvalidTokenException - if the User or Directory cannot be found that relates to the given token, or the token is associated to an Application and not a User
OperationFailedException - if there was an issue accessing the user from the underlying directory
ApplicationNotFoundException - if the application could not be found
ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.

findUserTokenByKey

Token findUserTokenByKey(String tokenKey,
                         String applicationName)
                         throws InvalidTokenException,
                                ApplicationAccessDeniedException,
                                OperationFailedException,
                                ApplicationNotFoundException
Returns the token matching a given key

Parameters:
tokenKey - the token key
applicationName - name of the current application
Returns:
the Token with the given token key
Throws:
InvalidTokenException - if the token cannot be found by the give key, or the token is associated to an Application and not a User
OperationFailedException - if there was an issue accessing the user from the underlying directory
ApplicationNotFoundException - if the application could not be found
ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.

findAuthorisedApplications

List<Application> findAuthorisedApplications(User user,
                                             String applicationName)
                                             throws OperationFailedException,
                                                    DirectoryNotFoundException,
                                                    ApplicationNotFoundException
Returns a list of applications a user is authorised to authenticate with.

NOTE: this is a potentially expensive call, iterating all applications and all group mappings for each application and determining group membership, ie. expense = number of applications * number of group mappings per application.

Parameters:
user - user to search for.
applicationName - name of the current application
Returns:
list of applications.
Throws:
OperationFailedException - if there was an error querying directory.
DirectoryNotFoundException - if the directory could not be found.
ApplicationNotFoundException - if the application could not be found

invalidateTokensForUser

void invalidateTokensForUser(String username,
                             @Nullable
                             String exclusionToken,
                             String applicationName)
                             throws UserNotFoundException,
                                    ApplicationNotFoundException
Invalidates all sessions for a user, possibly excluding a specific one.

Parameters:
applicationName - name of the current application
username -
exclusionToken - the random hash of a token to leave valid
Throws:
UserNotFoundException
ApplicationNotFoundException

getTokenExpiryTime

Date getTokenExpiryTime(Token token)
Returns the expiry time of a token.

Parameters:
token - a token
Returns:
the expiry time for the given token
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 Atlassian. All Rights Reserved.