com.atlassian.crowd.manager.token

Class RecoveryModeAwareTokenAuthenticationManager

java.lang.Object

com.atlassian.crowd.manager.authentication.TokenAuthenticationManagerImpl

com.atlassian.crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager

All Implemented Interfaces:

TokenAuthenticationManager

public class RecoveryModeAwareTokenAuthenticationManager
extends TokenAuthenticationManagerImpl

Field Summary

Fields inherited from class com.atlassian.crowd.manager.authentication.TokenAuthenticationManagerImpl

RECENT_TOKENS_CACHE_SIZE_SYSTEM_PROPERTY_NAME, RECENT_TOKENS_CACHE_TTL_SYSTEM_PROPERTY_NAME

Constructor Summary

Constructors

Constructor and Description

RecoveryModeAwareTokenAuthenticationManager(SessionTokenStorage tokenManager, ApplicationDAO applicationDao, TokenFactory tokenFactory, com.atlassian.cache.Cache<String,Boolean> cache, com.atlassian.event.api.EventPublisher eventPublisher, PropertyManager propertyManager, DirectoryManager directoryManager, ApplicationManager applicationManager, ApplicationService applicationService, RecoveryModeService recoveryModeService, ApplicationFactory applicationFactory, Clock clock)

Method Summary

Modifier and Type	Method and Description
protected boolean	isAllowedToAuthenticate(String username, long directoryId, Application application) Determines if a user is permitted to attempt authentication with a given application.

Methods inherited from class com.atlassian.crowd.manager.authentication.TokenAuthenticationManagerImpl

activeValidationFactors, authenticateApplication, authenticateApplicationWithoutValidatingPassword, authenticateUser, authenticateUser, authenticateUserWithoutValidatingPassword, findAuthorisedApplications, findUserByToken, findUserTokenByKey, generateUserToken, genericValidateToken, getTokenExpiryTime, invalidateAllTokens, invalidateToken, invalidateTokensForUser, isExpired, maybeUpdateLastAccessedTime, removeExpiredTokens, validateApplicationToken, validateUserToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RecoveryModeAwareTokenAuthenticationManager

public RecoveryModeAwareTokenAuthenticationManager(SessionTokenStorage tokenManager,
                                                   ApplicationDAO applicationDao,
                                                   TokenFactory tokenFactory,
                                                   com.atlassian.cache.Cache<String,Boolean> cache,
                                                   com.atlassian.event.api.EventPublisher eventPublisher,
                                                   PropertyManager propertyManager,
                                                   DirectoryManager directoryManager,
                                                   ApplicationManager applicationManager,
                                                   ApplicationService applicationService,
                                                   RecoveryModeService recoveryModeService,
                                                   ApplicationFactory applicationFactory,
                                                   Clock clock)

Method Detail

isAllowedToAuthenticate

protected boolean isAllowedToAuthenticate(String username,
                                          long directoryId,
                                          Application application)
                                   throws OperationFailedException,
                                          DirectoryNotFoundException

Description copied from class: TokenAuthenticationManagerImpl

Determines if a user is permitted to attempt authentication with a given application.

For a a user to have access to an application:

1. the Application must be active.

And either:

• the User is stored in a directory which is associated to the Application and the "allow all to authenticate" flag is true.
• the User is a member of a Group that is allowed to authenticate with the Application and both the User and Group are from the same RemoteDirectory.

Note that this call is not cached and does not affect the cache.

Overrides:

isAllowedToAuthenticate in class TokenAuthenticationManagerImpl

Parameters:

username - the username of the user that wants to authenticate with the application.

directoryId - the directoryId of the user that wants to authenticate with the application.

application - application the user wants to authenticate with.

Returns:

true iff the user is permitted to attempt authentication with the application.

Throws:

OperationFailedException - if the directory implementation could not be loaded when performing a membership check.

DirectoryNotFoundException