com.atlassian.crowd.plugin.rest.service.controller

Class TokenController

java.lang.Object

com.atlassian.crowd.plugin.rest.service.controller.AbstractResourceController

com.atlassian.crowd.plugin.rest.service.controller.TokenController

@Named
public class TokenController
extends AbstractResourceController

Performs token authentication for the user.

Constructor Summary

Constructors

Constructor and Description
TokenController(TokenAuthenticationManager tokenAuthenticationManager, CrowdRememberMeService rememberMeService, AuthenticatedApplicationHolder authenticatedApplicationHolder)

Method Summary

Modifier and Type	Method and Description
SessionEntity	authenticateUser(String username, String password, TokenLifetime tokenDuration, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) Authenticates a user for the given application.
SessionEntity	authenticateUserWithoutValidatingPassword(String username, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) Feigns the authentication process for a user and creates a token for the authentication without validating the password.
SessionEntity	getSessionFromToken(String tokenKey, URI baseUri) Returns the session associated with the Crowd SSO token.
void	invalidateAllTokens() Invalidates all tokens.
void	invalidateToken(String token) Invalidates a token.
void	invalidateTokensForUser(String username, String exclusionToken, String applicationName)
SessionEntity	validateToken(String token, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) Validates a Crowd SSO token and creates a new token with an updated last accessed date (for the internal token representation).

Methods inherited from class com.atlassian.crowd.plugin.rest.service.controller.AbstractResourceController

getAuthenticatedApplication

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TokenController

@Inject
public TokenController(TokenAuthenticationManager tokenAuthenticationManager,
                               CrowdRememberMeService rememberMeService,
                               AuthenticatedApplicationHolder authenticatedApplicationHolder)

Method Detail

authenticateUser

public SessionEntity authenticateUser(String username,
                                      String password,
                                      TokenLifetime tokenDuration,
                                      Collection<ValidationFactorEntity> validationFactorEntities,
                                      URI baseUri)
                               throws InvalidAuthenticationException,
                                      InactiveAccountException,
                                      ExpiredCredentialException,
                                      ApplicationAccessDeniedException,
                                      OperationFailedException

Authenticates a user for the given application.

Parameters:

username - name of the user

password - password of the user

tokenDuration - Requested token lifetime.

validationFactorEntities - validation factors

baseUri - base URI of the REST service

Returns:

Crowd SSO Token if the user successfully authenticated.

Throws:

InvalidAuthenticationException - if the authentication was not successful

InactiveAccountException - if the user account is marked as inactive

ExpiredCredentialException - if the user credential has expired and the user needs to set a new password

ApplicationAccessDeniedException - if the user does not have access to authenticate with the application

OperationFailedException - if the operation failed for any other reason

authenticateUserWithoutValidatingPassword

public SessionEntity authenticateUserWithoutValidatingPassword(String username,
                                                               Collection<ValidationFactorEntity> validationFactorEntities,
                                                               URI baseUri)
                                                        throws InvalidAuthenticationException,
                                                               InactiveAccountException,
                                                               ApplicationAccessDeniedException,
                                                               OperationFailedException

Feigns the authentication process for a user and creates a token for the authentication without validating the password.

This method only be used to generate a token for a user that has already authenticated credentials via some other means (eg. SharePoint NTLM connector) as this method bypasses any password checks.

If you want actual password authentication, use the authenticateUser(java.lang.String, java.lang.String, com.atlassian.crowd.model.token.TokenLifetime, java.util.Collection<com.atlassian.crowd.plugin.rest.entity.ValidationFactorEntity>, java.net.URI) method.

Parameters:

username - name of the user

validationFactorEntities - validation factors

baseUri - base URI of the REST service

Returns:

Crowd SSO Token if the user successfully authenticated.

Throws:

InvalidAuthenticationException - if the authentication was not successful

InactiveAccountException - if the user account is marked as inactive

ApplicationAccessDeniedException - if the user does not have access to authenticate with the application

OperationFailedException - if the operation failed for any other reason

invalidateToken

public void invalidateToken(String token)

Invalidates a token. If the token does not exist, the method will silently return.

Parameters:

token - Token to invalidate

invalidateAllTokens

public void invalidateAllTokens()

Invalidates all tokens.

validateToken

public SessionEntity validateToken(String token,
                                   Collection<ValidationFactorEntity> validationFactorEntities,
                                   URI baseUri)
                            throws InvalidTokenException,
                                   ApplicationAccessDeniedException,
                                   OperationFailedException

Validates a Crowd SSO token and creates a new token with an updated last accessed date (for the internal token representation).

Parameters:

token - Crowd SSO token

validationFactorEntities - validation factors

baseUri - base URI of the REST service

Returns:

new token.

Throws:

InvalidTokenException - if the token or validation factors are not valid.

ApplicationAccessDeniedException - if the user is not allowed to authenticate with the application.

OperationFailedException - if the application failed for any other reason.

getSessionFromToken

public SessionEntity getSessionFromToken(String tokenKey,
                                         URI baseUri)
                                  throws InvalidTokenException,
                                         OperationFailedException,
                                         ApplicationAccessDeniedException

Returns the session associated with the Crowd SSO token.

Parameters:

tokenKey - token for the session

baseUri - base URI of the REST service

Returns:

new SessionEntity with an expanded user

Throws:

InvalidTokenException - if the token could not be found

OperationFailedException - if the operation failed for any other reason

ApplicationAccessDeniedException - if the user does not have access to authenticate with the application

invalidateTokensForUser

public void invalidateTokensForUser(String username,
                                    String exclusionToken,
                                    String applicationName)
                             throws UserNotFoundException,
                                    ApplicationNotFoundException

Throws:

UserNotFoundException

ApplicationNotFoundException