com.atlassian.crowd.manager.authentication

Class AliasingAwareTokenAuthenticationManager

java.lang.Object

com.atlassian.crowd.manager.authentication.AliasingAwareTokenAuthenticationManager

All Implemented Interfaces:

TokenAuthenticationManager

@Transactional
public class AliasingAwareTokenAuthenticationManager
extends Object
implements TokenAuthenticationManager

Constructor Summary

Constructors

Constructor and Description
AliasingAwareTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager, ApplicationManager applicationManager, AliasManager aliasManager)

Method Summary

Methods

Modifier and Type	Method and Description
Token	authenticateApplication(ApplicationAuthenticationContext authenticationContext, TokenLifetime tokenLifetime) Authenticates an application and generates an authentication token.
Token	authenticateUser(UserAuthenticationContext authenticateContext)
Token	authenticateUser(UserAuthenticationContext authenticateContext, TokenLifetime tokenLifetime) Authenticates a user and and generates an authentication token.
Token	authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext) Feigns the authentication process for a user and creates a token for the authentication without validating the password.
List<Application>	findAuthorisedApplications(User user, String applicationName) Returns a list of applications a user is authorised to authenticate with.
User	findUserByToken(String key, String applicationName) Will find a user via the passed in token key.
Token	findUserTokenByKey(String tokenKey, String applicationName) Returns the token matching a given key
Date	getTokenExpiryTime(Token token) Returns the expiry time of a token.
void	invalidateToken(String token) Attempts to invalidate a Token based on the passed in Token key (random hash).
void	invalidateTokensForUser(String username, String exclusionToken, String applicationName) Invalidates all sessions for a user, possibly excluding a specific one.
void	removeExpiredTokens() Removes all tokens that have exceeded their expiry time.
Token	validateApplicationToken(String tokenKey, ValidationFactor[] validationFactors) Validates an application token key given validation factors.
Token	validateUserToken(String userTokenKey, ValidationFactor[] validationFactors, String application) Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AliasingAwareTokenAuthenticationManager

public AliasingAwareTokenAuthenticationManager(TokenAuthenticationManager tokenAuthenticationManager,
                                       ApplicationManager applicationManager,
                                       AliasManager aliasManager)

Method Detail

authenticateApplication

public Token authenticateApplication(ApplicationAuthenticationContext authenticationContext,
                            TokenLifetime tokenLifetime)
                              throws InvalidAuthenticationException

Description copied from interface: TokenAuthenticationManager

Authenticates an application and generates an authentication token.

Specified by:

authenticateApplication in interface TokenAuthenticationManager

Parameters:

authenticationContext - application authentication credentials.

tokenLifetime - Requested lifetime of the token

Returns:

generated authentication token.

Throws:

InvalidAuthenticationException - authentication was not successful because either the application does not exist, the password is incorrect, the application is inactive or there was a problem generating the authentication token.

authenticateUser

public Token authenticateUser(UserAuthenticationContext authenticateContext)
                       throws InvalidAuthenticationException,
                              OperationFailedException,
                              InactiveAccountException,
                              ApplicationAccessDeniedException,
                              ExpiredCredentialException,
                              ApplicationNotFoundException

Specified by:

authenticateUser in interface TokenAuthenticationManager

Throws:

InvalidAuthenticationException

OperationFailedException

InactiveAccountException

ApplicationAccessDeniedException

ExpiredCredentialException

ApplicationNotFoundException

See Also:

TokenAuthenticationManager.authenticateUser(com.atlassian.crowd.model.authentication.UserAuthenticationContext, TokenLifetime)

authenticateUser

public Token authenticateUser(UserAuthenticationContext authenticateContext,
                     TokenLifetime tokenLifetime)
                       throws InvalidAuthenticationException,
                              OperationFailedException,
                              InactiveAccountException,
                              ApplicationAccessDeniedException,
                              ExpiredCredentialException,
                              ApplicationNotFoundException

Description copied from interface: TokenAuthenticationManager

Authenticates a user and and generates an authentication token. The password of the user is validated before generating a token.

The RemoteDirectory.authenticate(String, com.atlassian.crowd.embedded.api.PasswordCredential) method is iteratively called for each assigned directory. If the user does not exist in one directory, the directory is skipped and the next one is examined. If the user does not exist in any of the assigned directories then an InvalidAuthenticationException is thrown.

Specified by:

authenticateUser in interface TokenAuthenticationManager

Parameters:

authenticateContext - The authentication details for the user.

tokenLifetime - Requested lifetime of the token

Returns:

The authenticated token for the user.

Throws:

InvalidAuthenticationException - The authentication was not successful.

OperationFailedException - error thrown by directory implementation when attempting to find or authenticate the user.

InactiveAccountException - user account is inactive.

ApplicationAccessDeniedException - user does not have access to authenticate with application.

ExpiredCredentialException - the user's credentials have expired. The user must change their credentials in order to successfully authenticate.

ApplicationNotFoundException - if the application could not be found

authenticateUserWithoutValidatingPassword

public Token authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext)
                                                throws InvalidAuthenticationException,
                                                       OperationFailedException,
                                                       InactiveAccountException,
                                                       ApplicationAccessDeniedException,
                                                       ApplicationNotFoundException

Description copied from interface: TokenAuthenticationManager

Feigns the authentication process for a user and creates a token for the authentication without validating the password.

This method only be used to generate a token for a user that has already authenticated credentials via some other means (eg. SharePoint NTLM connector) as this method bypasses any password checks.

If you want actual password authentication, use the TokenAuthenticationManager.authenticateUser(com.atlassian.crowd.model.authentication.UserAuthenticationContext, TokenLifetime) method.

Specified by:

authenticateUserWithoutValidatingPassword in interface TokenAuthenticationManager

Parameters:

authenticateContext - The authentication details for the user.

Returns:

The authenticated token for the user.

Throws:

InvalidAuthenticationException - if the authentication was not successful.

OperationFailedException - if the error thrown by directory implementation when attempting to find or authenticate the user.

InactiveAccountException - if the user account is inactive.

ApplicationAccessDeniedException - if the user does not have access to authenticate with application.

ApplicationNotFoundException - if the application could not be found

validateApplicationToken

public Token validateApplicationToken(String tokenKey,
                             ValidationFactor[] validationFactors)
                               throws InvalidTokenException

Description copied from interface: TokenAuthenticationManager

Validates an application token key given validation factors.

Specified by:

validateApplicationToken in interface TokenAuthenticationManager

Parameters:

tokenKey - returns a valid token corresponding to the tokenKey.

validationFactors - validation factors for generating the token hash.

Returns:

validated token.

Throws:

InvalidTokenException - if the tokenKey or corresponding client validation factors do not represent a valid application token.

validateUserToken

public Token validateUserToken(String userTokenKey,
                      ValidationFactor[] validationFactors,
                      String application)
                        throws InvalidTokenException,
                               ApplicationAccessDeniedException,
                               OperationFailedException

Description copied from interface: TokenAuthenticationManager

Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application

Specified by:

validateUserToken in interface TokenAuthenticationManager

Parameters:

userTokenKey - returns a valid token corresponding to the tokenKey.

validationFactors - validation factors for generating the token hash.

application - name of application to authenticate with.

Returns:

validated authentication token.

Throws:

InvalidTokenException - if the userTokenKey or corresponding validationFactors do not represent a valid SSO token.

ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.

OperationFailedException - there was an error communicating with an underlying directory when determining if a user is allowed to authenticate with the application (eg. if a user has the appropriate group memberships).

invalidateToken

public void invalidateToken(String token)

Description copied from interface: TokenAuthenticationManager

Attempts to invalidate a Token based on the passed in Token key (random hash).

If the token does not exist (ie. already invalidated) this method silently returns. If an existing token is successfully invalidated, a TokenInvalidatedEvent is fired.

Specified by:

invalidateToken in interface TokenAuthenticationManager

Parameters:

token - the token key (random hash) to invalidate.

removeExpiredTokens

public void removeExpiredTokens()

Description copied from interface: TokenAuthenticationManager

Removes all tokens that have exceeded their expiry time.

NOTE: Do not call this method from the web layer, as this is wrapped in a Spring managed transaction.

Specified by:

removeExpiredTokens in interface TokenAuthenticationManager

findUserByToken

public User findUserByToken(String key,
                   String applicationName)
                     throws InvalidTokenException,
                            OperationFailedException,
                            ApplicationNotFoundException,
                            ApplicationAccessDeniedException

Description copied from interface: TokenAuthenticationManager

Will find a user via the passed in token key.

Specified by:

findUserByToken in interface TokenAuthenticationManager

Parameters:

key - the token key

applicationName - name of the current application

Returns:

the User associated to the given token key

Throws:

InvalidTokenException - if the User or Directory cannot be found that relates to the given token, or the token is associated to an Application and not a User

OperationFailedException - if there was an issue accessing the user from the underlying directory

ApplicationNotFoundException - if the application could not be found

ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.

findUserTokenByKey

public Token findUserTokenByKey(String tokenKey,
                       String applicationName)
                         throws InvalidTokenException,
                                ApplicationAccessDeniedException,
                                OperationFailedException,
                                ApplicationNotFoundException

Description copied from interface: TokenAuthenticationManager

Returns the token matching a given key

Specified by:

findUserTokenByKey in interface TokenAuthenticationManager

Parameters:

tokenKey - the token key

applicationName - name of the current application

Returns:

the Token with the given token key

Throws:

InvalidTokenException - if the token cannot be found by the give key, or the token is associated to an Application and not a User

ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.

OperationFailedException - if there was an issue accessing the user from the underlying directory

ApplicationNotFoundException - if the application could not be found

findAuthorisedApplications

public List<Application> findAuthorisedApplications(User user,
                                           String applicationName)
                                             throws OperationFailedException,
                                                    DirectoryNotFoundException,
                                                    ApplicationNotFoundException

Description copied from interface: TokenAuthenticationManager

Returns a list of applications a user is authorised to authenticate with.

NOTE: this is a potentially expensive call, iterating all applications and all group mappings for each application and determining group membership, ie. expense = number of applications * number of group mappings per application.

Specified by:

findAuthorisedApplications in interface TokenAuthenticationManager

Parameters:

user - user to search for.

applicationName - name of the current application

Returns:

list of applications.

Throws:

OperationFailedException - if there was an error querying directory.

DirectoryNotFoundException - if the directory could not be found.

ApplicationNotFoundException - if the application could not be found

invalidateTokensForUser

public void invalidateTokensForUser(String username,
                           String exclusionToken,
                           String applicationName)
                             throws UserNotFoundException,
                                    ApplicationNotFoundException

Description copied from interface: TokenAuthenticationManager

Invalidates all sessions for a user, possibly excluding a specific one.

Specified by:

invalidateTokensForUser in interface TokenAuthenticationManager

exclusionToken - the random hash of a token to leave valid

applicationName - name of the current application

Throws:

UserNotFoundException

ApplicationNotFoundException

getTokenExpiryTime

public Date getTokenExpiryTime(Token token)

Description copied from interface: TokenAuthenticationManager

Returns the expiry time of a token.

Specified by:

getTokenExpiryTime in interface TokenAuthenticationManager

Parameters:

token - a token

Returns:

the expiry time for the given token