com.atlassian.crowd.integration.http

Class CrowdHttpAuthenticatorImpl

java.lang.Object

com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl

All Implemented Interfaces:

CrowdHttpAuthenticator

public class CrowdHttpAuthenticatorImpl
extends Object
implements CrowdHttpAuthenticator

An implementation of CrowdHttpAuthenticator using a CrowdClient to talk to a Crowd server. All methods potentially result in calls to a remote Crowd server.

If the ClientProperties provided has a session validation interval configured then isAuthenticated(HttpServletRequest, HttpServletResponse) will only make remote calls when that interval expires.

Constructor Summary

Constructors

Constructor and Description
CrowdHttpAuthenticatorImpl(CrowdClient client, ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper)
CrowdHttpAuthenticatorImpl(CrowdClient client, ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper, TokenLockProvider tokenLockProvider)

Method Summary

Modifier and Type	Method and Description
User	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password) Authenticates the user based on provided credentials.
User	authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username) Authenticates the user without validating password.
AuthenticationState	checkAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Tests whether a request is authenticated via SSO.
String	getToken(javax.servlet.http.HttpServletRequest request) Retrieves the Crowd authentication token from the request.
User	getUser(javax.servlet.http.HttpServletRequest request) Attempts to retrieve the currently authenticated User from the request.
boolean	isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated.
void	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Logs out the authenticated user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CrowdHttpAuthenticatorImpl

public CrowdHttpAuthenticatorImpl(CrowdClient client,
                                  ClientProperties clientProperties,
                                  CrowdHttpTokenHelper tokenHelper)

CrowdHttpAuthenticatorImpl

public CrowdHttpAuthenticatorImpl(CrowdClient client,
                                  ClientProperties clientProperties,
                                  CrowdHttpTokenHelper tokenHelper,
                                  TokenLockProvider tokenLockProvider)

Method Detail

getUser

public User getUser(javax.servlet.http.HttpServletRequest request)
             throws InvalidTokenException,
                    ApplicationPermissionException,
                    InvalidAuthenticationException,
                    OperationFailedException

Description copied from interface: CrowdHttpAuthenticator

Attempts to retrieve the currently authenticated User from the request. This will attempt to find the Crowd SSO token via:

1. a request attribute (not the request parameter), OR
2. a cookie on the request

Specified by:

getUser in interface CrowdHttpAuthenticator

Parameters:

request - HTTP request, possibly containing a Crowd SSO cookie.

Returns:

authenticated User or null if the there is no authenticated user.

Throws:

InvalidTokenException - if the token in the request is not valid.

ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.

InvalidAuthenticationException - if the application and password are not valid.

OperationFailedException - if the operation has failed for an unknown reason.

authenticate

public User authenticate(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         String username,
                         String password)
                  throws InvalidTokenException,
                         ApplicationAccessDeniedException,
                         ExpiredCredentialException,
                         InactiveAccountException,
                         ApplicationPermissionException,
                         InvalidAuthenticationException,
                         OperationFailedException

Description copied from interface: CrowdHttpAuthenticator

Authenticates the user based on provided credentials.

Validation factors (such as IP address) are extracted from the request.

If the user is successfully authenticated, the Crowd SSO token is placed in:

1. the request: as an attribute, so the user is authenticated for the span of the request.
2. the response: as a cookie, so the user is authenticated for subsequent requests.

If the credentials fail authentication, any existing Crowd SSO token is removed from:

1. the request attribute.
2. the response as a cookie as a cookie with a max-age of 0.

Specified by:

authenticate in interface CrowdHttpAuthenticator

Parameters:

request - request to set the Crowd SSO token

response - response to set the Crowd SSO token cookie

username - username to authenticate

password - password of the user

Returns:

the authenticated user if the authentication was successful, otherwise an exception is thrown.

Throws:

ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.

InvalidAuthenticationException - if the application and password are not valid.

OperationFailedException - if the operation has failed for an unknown reason.

InvalidTokenException

ApplicationAccessDeniedException

ExpiredCredentialException

InactiveAccountException

authenticateWithoutValidatingPassword

public User authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response,
                                                  String username)
                                           throws InvalidTokenException,
                                                  ApplicationAccessDeniedException,
                                                  InactiveAccountException,
                                                  ApplicationPermissionException,
                                                  InvalidAuthenticationException,
                                                  OperationFailedException

Description copied from interface: CrowdHttpAuthenticator

Authenticates the user without validating password.

Validation factors (such as IP address) are extracted from the request.

If the user is successfully authenticated, the Crowd SSO token is placed in:

1. the request: as an attribute, so the user is authenticated for the span of the request.
2. the response: as a cookie, so the user is authenticated for subsequent requests.

If authentication fails, any existing Crowd SSO token is removed from:

1. the request attribute.
2. the response as a cookie as a cookie with a max-age of 0.

Specified by:

authenticateWithoutValidatingPassword in interface CrowdHttpAuthenticator

Parameters:

request - request to set the Crowd SSO token

response - response to set the Crowd SSO token cookie

username - username to authenticate

Returns:

the authenticated user if the authentication was successful, otherwise an exception is thrown.

Throws:

ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.

InvalidAuthenticationException - if the application and password are not valid.

OperationFailedException - if the operation has failed for an unknown reason.

InvalidTokenException

ApplicationAccessDeniedException

InactiveAccountException

isAuthenticated

@Deprecated
public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response)
                                    throws OperationFailedException

Deprecated.

Description copied from interface: CrowdHttpAuthenticator

Tests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie. The last validated date/time attribute of the request session is updated.

Specified by:

isAuthenticated in interface CrowdHttpAuthenticator

Parameters:

request - HttpServletRequest

response - HttpServletResponse

Returns:

true if and only if the request has been authenticated.

Throws:

OperationFailedException - if the operation has failed for an unknown reason.

checkAuthenticated

public AuthenticationState checkAuthenticated(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
                                       throws OperationFailedException

Description copied from interface: CrowdHttpAuthenticator

Tests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie. The last validated date/time attribute of the request session is updated.

Specified by:

checkAuthenticated in interface CrowdHttpAuthenticator

Parameters:

request - HttpServletRequest

response - HttpServletResponse

Returns:

details of whether the request is authenticated

Throws:

OperationFailedException - if the operation has failed for an unknown reason.

logout

public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws ApplicationPermissionException,
                   InvalidAuthenticationException,
                   OperationFailedException

Description copied from interface: CrowdHttpAuthenticator

Logs out the authenticated user. Removes the cookie from the response and request attribute. Invalidates the token on the server.

Specified by:

logout in interface CrowdHttpAuthenticator

Parameters:

request - request contains the Crowd SSO token to invalidate and hence log the user out.

response - response returns a request to remove the token cookie from the user browser.

Throws:

ApplicationPermissionException - if the application is not permitted to perform the requested operation on the server.

InvalidAuthenticationException - if the application and password are not valid.

OperationFailedException - if the operation has failed for an unknown reason.

getToken

public String getToken(javax.servlet.http.HttpServletRequest request)

Description copied from interface: CrowdHttpAuthenticator

Retrieves the Crowd authentication token from the request.

Specified by:

getToken in interface CrowdHttpAuthenticator

Parameters:

request - request to look for the Crowd SSO token.

Returns:

value of the token if found, otherwise null.