com.atlassian.crowd.service.cache

Class CacheAwareAuthenticationManager

java.lang.Object

com.atlassian.crowd.service.cache.CacheAwareAuthenticationManager

All Implemented Interfaces:

AuthenticationManager

public class CacheAwareAuthenticationManager
extends Object
implements AuthenticationManager

This class provides a version of the AuthenticationManager interface that, will ensure that if the authentication is successful, the user will exist in the cache. The abstraction is in place so we can decouple client-side code from the SecurityServerClient.

It also serves to logically break out the API.

Constructor Summary

Constructors

Constructor and Description
CacheAwareAuthenticationManager(SecurityServerClient securityServerClient, UserManager crowdUserManager)

Method Summary

Modifier and Type	Method and Description
String	authenticate(String username, String password) Authenticates a user, using just a username and password.
String	authenticate(UserAuthenticationContext authenticationContext) Authenticate a user.
String	authenticateWithoutValidatingPassword(UserAuthenticationContext authenticationContext) Authenticate a user without validating their password.
SecurityServerClient	getSecurityServerClient() Returns an instance of the SecurityServerClient, for when you need more API access than the authentication manager provides.
void	invalidate(String token) Marks the presented token as invalid, meaning that the principal it represents is no longer authenticated.
boolean	isAuthenticated(String token, ValidationFactor[] validationFactors) Checks that the token (as returned from AuthenticationManager.authenticate(com.atlassian.crowd.model.authentication.UserAuthenticationContext) is still valid, given the validation factors.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CacheAwareAuthenticationManager

public CacheAwareAuthenticationManager(SecurityServerClient securityServerClient,
                                       UserManager crowdUserManager)

Method Detail

authenticate

public String authenticate(UserAuthenticationContext authenticationContext)
                    throws RemoteException,
                           InvalidAuthorizationTokenException,
                           InvalidAuthenticationException,
                           InactiveAccountException,
                           ApplicationAccessDeniedException,
                           ExpiredCredentialException

Description copied from interface: AuthenticationManager

Authenticate a user. The PrincipalAuthenticationContext contains the details of who they are, the credentials they're presenting, and where they're coming from. If the authenticationContext does not contain application details, they will be added using details provided by the SecurityServerClient.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

authenticationContext - The details of the user that is to be authenticated.

Returns:

Returns an authorization token if successful.

Throws:

RemoteException - A communication error occurred - the Crowd server may not be available.

InvalidAuthorizationTokenException - The application (not the user) was not authenticated correctly.

InvalidAuthenticationException - The user was not successfully authenticated.

InactiveAccountException - The user's account is inactive and they are not be allowed to authenticate.

ApplicationAccessDeniedException - user does not have authorisation to access application.

ExpiredCredentialException - The user's credentials have expired. The user must change their credentials in order to successfully authenticate.

authenticateWithoutValidatingPassword

public String authenticateWithoutValidatingPassword(UserAuthenticationContext authenticationContext)
                                             throws ApplicationAccessDeniedException,
                                                    InvalidAuthenticationException,
                                                    InvalidAuthorizationTokenException,
                                                    InactiveAccountException,
                                                    RemoteException

Description copied from interface: AuthenticationManager

Authenticate a user without validating their password. The PrincipalAuthenticationContext contains the details of who they are and where they're coming from but does not need to contain any credentials.

Specified by:

authenticateWithoutValidatingPassword in interface AuthenticationManager

Parameters:

authenticationContext - The details of the user that is to be authenticated. Username and validation factors are required.

Returns:

Returns an authorization token if successful.

Throws:

ApplicationAccessDeniedException - user does not have authorisation to access application.

InvalidAuthenticationException - The user was not successfully authenticated.

InvalidAuthorizationTokenException - The application (not the user) was not authenticated correctly.

InactiveAccountException - The user's account is inactive and they are not be allowed to authenticate.

RemoteException - A communication error occurred - the Crowd server may not be available.

authenticate

public String authenticate(String username,
                           String password)
                    throws RemoteException,
                           InvalidAuthorizationTokenException,
                           InvalidAuthenticationException,
                           InactiveAccountException,
                           ApplicationAccessDeniedException,
                           ExpiredCredentialException

Description copied from interface: AuthenticationManager

Authenticates a user, using just a username and password.

Specified by:

authenticate in interface AuthenticationManager

Parameters:

username - username of user.

password - credentials of user.

Returns:

Returns an authorization token if successful.

Throws:

RemoteException - A communication error occurred - the Crowd server may not be available.

InvalidAuthorizationTokenException - The application (not the user) was not authenticated correctly.

InvalidAuthenticationException - The user was not successfully authenticated.

InactiveAccountException - The user's account is inactive and they are not be allowed to authenticate.

ApplicationAccessDeniedException - user does not have authorisation to access application.

ExpiredCredentialException - The user's credentials have expired.

isAuthenticated

public boolean isAuthenticated(String token,
                               ValidationFactor[] validationFactors)
                        throws RemoteException,
                               InvalidAuthorizationTokenException,
                               ApplicationAccessDeniedException,
                               InvalidAuthenticationException

Description copied from interface: AuthenticationManager

Checks that the token (as returned from AuthenticationManager.authenticate(com.atlassian.crowd.model.authentication.UserAuthenticationContext) is still valid, given the validation factors.

Specified by:

isAuthenticated in interface AuthenticationManager

Parameters:

token - The token presented by the user as evidence of their authenticity

validationFactors - Details of where the user's come from. If presented, must match those presented during authentication.

Returns:

true if the user is still authenticated, false if not.

Throws:

RemoteException - A communication error occurred - the Crowd server may not be available.

InvalidAuthorizationTokenException - The application (not the user) was not authenticated correctly.

ApplicationAccessDeniedException - user does not have authorisation to access application.

InvalidAuthenticationException - The user was not successfully authenticated.

invalidate

public void invalidate(String token)
                throws RemoteException,
                       InvalidAuthorizationTokenException,
                       InvalidAuthenticationException

Description copied from interface: AuthenticationManager

Marks the presented token as invalid, meaning that the principal it represents is no longer authenticated. Usually used to make the user logged-off.

Specified by:

invalidate in interface AuthenticationManager

Parameters:

token - The token presented by the user, as returned from AuthenticationManager.authenticate(com.atlassian.crowd.model.authentication.UserAuthenticationContext)

Throws:

RemoteException - A communication error occurred - the Crowd server may not be available.

InvalidAuthorizationTokenException - The application (not the user) was not authenticated correctly.

InvalidAuthenticationException - The user was not successfully authenticated.

getSecurityServerClient

public SecurityServerClient getSecurityServerClient()

Description copied from interface: AuthenticationManager

Returns an instance of the SecurityServerClient, for when you need more API access than the authentication manager provides.

Specified by:

getSecurityServerClient in interface AuthenticationManager

Returns:

underlying SecurityServerClient.