public class HttpAuthenticatorImpl extends Object implements HttpAuthenticator
It is the fundamental class for web/SSO authentication integration.
This class contains many convenience methods for authentication integration with existing applications. For most applications, using the following methods will be sufficient to achieve SSO:
authenticate:
authenticate a user.isAuthenticated:
determine if a request is authenticated.getPrincipal:
retrieve the principal for an authenticated request.logoff:
sign the user out.
Use the HttpAuthenticatorFactory
to get an instance
of this class, or use an IoC container (like Spring) to manage this
class as a singleton.
SecurityServerClient
Constructor and Description |
---|
HttpAuthenticatorImpl(AuthenticationManager authenticationManager) |
Modifier and Type | Method and Description |
---|---|
void |
authenticate(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
Authenticate a remote user using SSO.
|
void |
authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username)
Authenticate a remote user using SSO, without validating their password.
|
protected String |
getCookieTokenKey() |
SOAPPrincipal |
getPrincipal(javax.servlet.http.HttpServletRequest request)
Attempts to retrieve the principal from the request.
|
UserAuthenticationContext |
getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String username,
String password)
Generate a PrincipalAuthenticationContext object containing the
provided username and password, and validation factors from the
the request.
|
SecurityServerClient |
getSecurityServerClient()
Retrieve the underlying SecurityServerClient used
to communicate with the Crowd Security Server.
|
SoapClientProperties |
getSoapClientProperties()
Retrieve the underlying client properties used
to communicate with the Crowd Security Server.
|
String |
getToken(javax.servlet.http.HttpServletRequest request)
Retrieve the Crowd authentication token from the request either via:
a request attribute (not request parameter), OR
a cookie on the request
|
ValidationFactor[] |
getValidationFactors(javax.servlet.http.HttpServletRequest request)
Retrieves validation factors from the request:
Remote Address: the source IP address of the HTTP request.
Original Address: the X-Forwarded-For HTTP header (if present and distinct from the Remote Address).
|
boolean |
isAuthenticated(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Tests whether a request is authenticated via SSO.
|
void |
logoff(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Log off the SSO authenticated user.
|
void |
setPrincipalToken(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String token)
Sets the underlying principal token on:
the request: as an attribute, so the user is authenticated for the span of the request.
the response: as a cookie, so the user is authenticated for subsequent requests.
|
void |
verifyAuthentication(String username,
String password)
Authenticate a remote principal without using SSO.
|
String |
verifyAuthentication(String username,
String password,
ValidationFactor[] validationFactors)
Verifies the authentication of a principal's username/password,
given a set of validation factors.
|
public HttpAuthenticatorImpl(AuthenticationManager authenticationManager)
authenticationManager
- the client to use to talk to the Crowd Server.public void setPrincipalToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String token) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException
HttpAuthenticator
setPrincipalToken
in interface HttpAuthenticator
request
- HttpServletRequestresponse
- HttpServletResponsetoken
- token value to use.InvalidAuthorizationTokenException
- the application client's token is invalid.RemoteException
- there was an underlying error communicating with the server.InvalidAuthenticationException
- the username/password combination is invalid.public SOAPPrincipal getPrincipal(javax.servlet.http.HttpServletRequest request) throws InvalidAuthorizationTokenException, RemoteException, InvalidTokenException, InvalidAuthenticationException
HttpAuthenticator
getPrincipal
in interface HttpAuthenticator
request
- servlet requestInvalidAuthorizationTokenException
- the application client's token is invalidRemoteException
- there are communication issues between the client and Crowd serverInvalidTokenException
- unable to find the tokenInvalidAuthenticationException
- he username/password combination is invalidpublic String getToken(javax.servlet.http.HttpServletRequest request) throws InvalidTokenException
HttpAuthenticator
getToken
in interface HttpAuthenticator
request
- HttpServletRequest.InvalidTokenException
- unable to find token in either a request attribute or cookie.HttpAuthenticator.setPrincipalToken(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)
public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws InvalidAuthorizationTokenException, RemoteException, ApplicationAccessDeniedException, InvalidAuthenticationException
HttpAuthenticator
isAuthenticated
in interface HttpAuthenticator
request
- HttpServletRequestresponse
- HttpServletResponsetrue
if and only if the request has been authenticatedInvalidAuthorizationTokenException
- the application client's token is invalidRemoteException
- there was an underlying error communicating with the serverApplicationAccessDeniedException
- user does not have access to the applicationInvalidAuthenticationException
- the username/password combination is invalidpublic void authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
HttpAuthenticator
See HttpAuthenticator.getValidationFactors(javax.servlet.http.HttpServletRequest)
for details regarding the validation factors used for authentication
authenticate
in interface HttpAuthenticator
request
- HttpServletRequest to obtain validation factorsresponse
- HttpServletResponse to write SSO cookieusername
- username of principalpassword
- password of principalInvalidAuthorizationTokenException
- the application client's token is invalidRemoteException
- there was an underlying error communicating with the serverInvalidAuthenticationException
- the username/password combination is invalidInactiveAccountException
- the principal's account has been deactivatedApplicationAccessDeniedException
- user does not have access to the applicationExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.HttpAuthenticator.getValidationFactors(javax.servlet.http.HttpServletRequest)
public void authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username) throws ApplicationAccessDeniedException, InvalidAuthenticationException, InvalidAuthorizationTokenException, InactiveAccountException, RemoteException
HttpAuthenticator
HttpAuthenticator.authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String, String)
instead.authenticateWithoutValidatingPassword
in interface HttpAuthenticator
request
- HttpServletRequest to obtain validation factorsresponse
- HttpServletResponse to write SSO cookieusername
- username of the principal that you have already authenticated via some external meansApplicationAccessDeniedException
- user does not have access to the applicationInvalidAuthenticationException
- the username/password combination is invalidInvalidAuthorizationTokenException
- the application client's token is invalidInactiveAccountException
- the principal's account has been deactivatedRemoteException
- there was an underlying error communicating with the serverpublic String verifyAuthentication(String username, String password, ValidationFactor[] validationFactors) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
HttpAuthenticator
authenticate
method instead.verifyAuthentication
in interface HttpAuthenticator
username
- username of principalpassword
- password of principalvalidationFactors
- validation factors used to generate a tokenInvalidAuthorizationTokenException
- the application client's token is invalid.InvalidAuthenticationException
- the username/password combination is invalid.RemoteException
- there was an underlying error communicating with the server.InactiveAccountException
- the principal's account has been deactivate.ApplicationAccessDeniedException
- user does not have access to the application.ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate/public void verifyAuthentication(String username, String password) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException
HttpAuthenticator
verifyAuthentication
in interface HttpAuthenticator
username
- username of the principal.password
- password of the principal.InvalidAuthorizationTokenException
- the application client's token is invalidInvalidAuthenticationException
- the username/password combination is invalidRemoteException
- there was an underlying error while connecting to the remote server.InactiveAccountException
- the user's account is invalid.ApplicationAccessDeniedException
- the user does not have access to the application.ExpiredCredentialException
- the user's credentials have expired. The user must change their credentials in order to successfully authenticate.SecurityServerClient.authenticatePrincipalSimple(String, String)
public ValidationFactor[] getValidationFactors(javax.servlet.http.HttpServletRequest request)
HttpAuthenticator
getValidationFactors
in interface HttpAuthenticator
request
- HttpServletRequest.public void logoff(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException
HttpAuthenticator
logoff
in interface HttpAuthenticator
request
- HttpServletRequest.response
- HttpServletResponse.InvalidAuthorizationTokenException
- the application client's token is invalidRemoteException
- there was an error while connecting to the remote server.InvalidAuthenticationException
- the username/password combination is invalid.public UserAuthenticationContext getPrincipalAuthenticationContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password)
HttpAuthenticator
getPrincipalAuthenticationContext
in interface HttpAuthenticator
request
- HttpServletRequest.response
- unused.username
- username of principal.password
- password of principal.public SoapClientProperties getSoapClientProperties()
HttpAuthenticator
getSoapClientProperties
in interface HttpAuthenticator
SecurityServerClient.getSoapClientProperties()
protected String getCookieTokenKey()
public SecurityServerClient getSecurityServerClient()
HttpAuthenticator
getSecurityServerClient
in interface HttpAuthenticator
Copyright © 2020 Atlassian. All rights reserved.