CacheAwareCrowdHttpAuthenticator (Atlassian Crowd 4.0.0 API)

java.lang.Object
- com.atlassian.crowd.integration.http.CacheAwareCrowdHttpAuthenticator

All Implemented Interfaces:

CrowdHttpAuthenticator
```
public class CacheAwareCrowdHttpAuthenticator
extends Object
implements CrowdHttpAuthenticator
```
CacheAwareCrowdHttpAuthenticator ensures that a user exists in the cache when a user is retrieved from the server or is authenticated.

Constructor Summary

Constructors
Constructor and Description

CacheAwareCrowdHttpAuthenticator(CrowdHttpAuthenticator delegate, AuthenticatorUserCache userCache)

Constructors
Constructor and Description
`CacheAwareCrowdHttpAuthenticator(CrowdHttpAuthenticator delegate, AuthenticatorUserCache userCache)`

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`User`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password)` Authenticates the user based on provided credentials.
`User`	`authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username)` Authenticates the user without validating password.
`AuthenticationState`	`checkAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Tests whether a request is authenticated via SSO.
`String`	`getToken(javax.servlet.http.HttpServletRequest request)` Retrieves the Crowd authentication token from the request.
`User`	`getUser(javax.servlet.http.HttpServletRequest request)` Attempts to retrieve the currently authenticated User from the request.
`boolean`	`isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Deprecated.
`void`	`logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Logs out the authenticated user.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CacheAwareCrowdHttpAuthenticator
```
public CacheAwareCrowdHttpAuthenticator(CrowdHttpAuthenticator delegate,
                                        AuthenticatorUserCache userCache)
```
- Method Detail
  - getUser
```
public User getUser(javax.servlet.http.HttpServletRequest request)
             throws InvalidTokenException,
                    InvalidAuthenticationException,
                    ApplicationPermissionException,
                    OperationFailedException
```
    Description copied from interface: CrowdHttpAuthenticator
    Attempts to retrieve the currently authenticated User from the request. This will attempt to find the Crowd SSO token via:
    1. a request attribute (not the request parameter), OR
    2. a cookie on the request
    Specified by:
    
    getUser in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - HTTP request, possibly containing a Crowd SSO cookie.
    
    Returns:
    
    authenticated User or null if the there is no authenticated user.
    
    Throws:
    
    InvalidTokenException - if the token in the request is not valid.
    
    InvalidAuthenticationException - if the application and password are not valid.
    
    ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.
    
    OperationFailedException - if the operation has failed for an unknown reason.
  - authenticate
```
public User authenticate(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         String username,
                         String password)
                  throws InvalidTokenException,
                         ApplicationAccessDeniedException,
                         InvalidAuthenticationException,
                         ExpiredCredentialException,
                         ApplicationPermissionException,
                         InactiveAccountException,
                         OperationFailedException
```
    Description copied from interface: CrowdHttpAuthenticator
    Authenticates the user based on provided credentials.
    Validation factors (such as IP address) are extracted from the request.
    If the user is successfully authenticated, the Crowd SSO token is placed in:
    1. the request: as an attribute, so the user is authenticated for the span of the request.
    2. the response: as a cookie, so the user is authenticated for subsequent requests.
    If the credentials fail authentication, any existing Crowd SSO token is removed from:
    1. the request attribute.
    2. the response as a cookie as a cookie with a max-age of 0.
    Specified by:
    
    authenticate in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - request to set the Crowd SSO token
    
    response - response to set the Crowd SSO token cookie
    
    username - username to authenticate
    
    password - password of the user
    
    Returns:
    
    the authenticated user if the authentication was successful, otherwise an exception is thrown.
    
    Throws:
    
    InvalidAuthenticationException - if the application and password are not valid.
    
    ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.
    
    OperationFailedException - if the operation has failed for an unknown reason.
    
    InvalidTokenException
    
    ApplicationAccessDeniedException
    
    ExpiredCredentialException
    
    InactiveAccountException
  - authenticateWithoutValidatingPassword
```
public User authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response,
                                                  String username)
                                           throws InvalidAuthenticationException,
                                                  OperationFailedException,
                                                  InvalidTokenException,
                                                  ApplicationAccessDeniedException,
                                                  ApplicationPermissionException,
                                                  InactiveAccountException
```
    Description copied from interface: CrowdHttpAuthenticator
    Authenticates the user without validating password.
    Validation factors (such as IP address) are extracted from the request.
    If the user is successfully authenticated, the Crowd SSO token is placed in:
    1. the request: as an attribute, so the user is authenticated for the span of the request.
    2. the response: as a cookie, so the user is authenticated for subsequent requests.
    If authentication fails, any existing Crowd SSO token is removed from:
    1. the request attribute.
    2. the response as a cookie as a cookie with a max-age of 0.
    Specified by:
    
    authenticateWithoutValidatingPassword in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - request to set the Crowd SSO token
    
    response - response to set the Crowd SSO token cookie
    
    username - username to authenticate
    
    Returns:
    
    the authenticated user if the authentication was successful, otherwise an exception is thrown.
    
    Throws:
    
    InvalidAuthenticationException - if the application and password are not valid.
    
    OperationFailedException - if the operation has failed for an unknown reason.
    
    ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.
    
    InvalidTokenException
    
    ApplicationAccessDeniedException
    
    InactiveAccountException
  - isAuthenticated
```
@Deprecated
public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response)
                                    throws OperationFailedException
```
    Deprecated.
    
    Description copied from interface: CrowdHttpAuthenticator
    
    Tests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie. The last validated date/time attribute of the request session is updated.
    
    Specified by:
    
    isAuthenticated in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - HttpServletRequest
    
    response - HttpServletResponse
    
    Returns:
    
    true if and only if the request has been authenticated.
    
    Throws:
    
    OperationFailedException - if the operation has failed for an unknown reason.
  - checkAuthenticated
```
public AuthenticationState checkAuthenticated(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
                                       throws OperationFailedException
```
    Description copied from interface: CrowdHttpAuthenticator
    
    Tests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie. The last validated date/time attribute of the request session is updated.
    
    Specified by:
    
    checkAuthenticated in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - HttpServletRequest
    
    response - HttpServletResponse
    
    Returns:
    
    details of whether the request is authenticated
    
    Throws:
    
    OperationFailedException - if the operation has failed for an unknown reason.
  - logout
```
public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws InvalidAuthenticationException,
                   ApplicationPermissionException,
                   OperationFailedException
```
    Description copied from interface: CrowdHttpAuthenticator
    
    Logs out the authenticated user. Removes the cookie from the response and request attribute. Invalidates the token on the server.
    
    Specified by:
    
    logout in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - request contains the Crowd SSO token to invalidate and hence log the user out.
    
    response - response returns a request to remove the token cookie from the user browser.
    
    Throws:
    
    InvalidAuthenticationException - if the application and password are not valid.
    
    ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.
    
    OperationFailedException - if the operation has failed for an unknown reason.
  - getToken
```
public String getToken(javax.servlet.http.HttpServletRequest request)
```
    Description copied from interface: CrowdHttpAuthenticator
    
    Retrieves the Crowd authentication token from the request.
    
    Specified by:
    
    getToken in interface CrowdHttpAuthenticator
    
    Parameters:
    
    request - request to look for the Crowd SSO token.
    
    Returns:
    
    value of the token if found, otherwise null.

Class CacheAwareCrowdHttpAuthenticator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CacheAwareCrowdHttpAuthenticator

Method Detail

getUser

authenticate

authenticateWithoutValidatingPassword

isAuthenticated

checkAuthenticated

logout

getToken