Package com.atlassian.crowd.manager.authentication

Class RetryingTokenAuthenticationManager

java.lang.Object

com.atlassian.crowd.manager.authentication.DelegatingTokenAuthenticationManager

com.atlassian.crowd.manager.authentication.RetryingTokenAuthenticationManager

All Implemented Interfaces:

TokenAuthenticationManager

@Transactional(propagation=NOT_SUPPORTED)
public class RetryingTokenAuthenticationManager
extends DelegatingTokenAuthenticationManager

Handles raciness of TokenAuthenticationManagerImpl by retrying authentications that fail due to a concurrent authentication creating a token.

Constructor Summary

Constructors

Constructor	Description
RetryingTokenAuthenticationManager(TokenAuthenticationManager delegate, int retryCount)

Method Summary

Modifier and Type	Method	Description
Token	authenticateApplication(Application application, ApplicationAuthenticationContext authenticationContext, TokenLifetime tokenLifetime)	Authenticates an application and generates an authentication token.
Token	authenticateApplicationWithoutValidatingPassword(Application application, ApplicationAuthenticationContext authenticationContext, TokenLifetime tokenLifetime)	Authenticates an application and generates an authentication token, ignoring the credentials.
Token	authenticateUser(Application application, UserAuthenticationContext authenticateContext, TokenLifetime tokenLifetime)	Authenticates a user and and generates an authentication token.
Token	authenticateUserWithoutValidatingPassword(Application application, UserAuthenticationContext authenticateContext)	Feigns the authentication process for a user and creates a token for the authentication without validating the password.

Methods inherited from class com.atlassian.crowd.manager.authentication.DelegatingTokenAuthenticationManager

findAuthorisedApplications, findUserByToken, findUserTokenByKey, getTokenExpiryTime, invalidateAllTokens, invalidateToken, invalidateTokensForUser, removeExpiredTokens, validateApplicationToken, validateUserToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RetryingTokenAuthenticationManager

public RetryingTokenAuthenticationManager(TokenAuthenticationManager delegate,
 int retryCount)

Method Details

authenticateApplication

public Token authenticateApplication(Application application,
 ApplicationAuthenticationContext authenticationContext,
 TokenLifetime tokenLifetime)
                              throws InvalidAuthenticationException

Description copied from interface: TokenAuthenticationManager

Authenticates an application and generates an authentication token.

Specified by:

authenticateApplication in interface TokenAuthenticationManager

Overrides:

authenticateApplication in class DelegatingTokenAuthenticationManager

Parameters:

application - the application being authenticated

authenticationContext - application authentication credentials.

tokenLifetime - Requested lifetime of the token

Returns:

generated authentication token.

Throws:

InvalidAuthenticationException - authentication was not successful because either the application does not exist, the password is incorrect, the application is inactive or there was a problem generating the authentication token.

authenticateApplicationWithoutValidatingPassword

public Token authenticateApplicationWithoutValidatingPassword(Application application,
 ApplicationAuthenticationContext authenticationContext,
 TokenLifetime tokenLifetime)
                                                       throws InvalidAuthenticationException

Description copied from interface: TokenAuthenticationManager

Authenticates an application and generates an authentication token, ignoring the credentials.

This method should only be used to generate a token for an application that has already authenticated via some other means (eg. TLS client certificates) as this method bypasses any password checks.

Specified by:

authenticateApplicationWithoutValidatingPassword in interface TokenAuthenticationManager

Overrides:

authenticateApplicationWithoutValidatingPassword in class DelegatingTokenAuthenticationManager

Parameters:

application - the application being authenticated

authenticationContext - application authentication credentials.

tokenLifetime - Requested lifetime of the token

Returns:

generated authentication token.

Throws:

InvalidAuthenticationException - authentication was not successful because either the application does not exist, the application is inactive or there was a problem generating the authentication token.

authenticateUser

public Token authenticateUser(Application application,
 UserAuthenticationContext authenticateContext,
 TokenLifetime tokenLifetime)
                       throws InvalidAuthenticationException,
OperationFailedException,
InactiveAccountException,
ApplicationAccessDeniedException,
ExpiredCredentialException

Description copied from interface: TokenAuthenticationManager

Authenticates a user and and generates an authentication token. The password of the user is validated before generating a token.

The RemoteDirectory.authenticate(String, com.atlassian.crowd.embedded.api.PasswordCredential) method is iteratively called for each assigned directory. If the user does not exist in one directory, the directory is skipped and the next one is examined. If the user does not exist in any of the assigned directories then an InvalidAuthenticationException is thrown.

Specified by:

authenticateUser in interface TokenAuthenticationManager

Overrides:

authenticateUser in class DelegatingTokenAuthenticationManager

authenticateContext - The authentication details for the user.

tokenLifetime - Requested lifetime of the token

Returns:

The authenticated token for the user.

Throws:

InvalidAuthenticationException - The authentication was not successful.

OperationFailedException - error thrown by directory implementation when attempting to find or authenticate the user.

InactiveAccountException - user account is inactive.

ApplicationAccessDeniedException - user does not have access to authenticate with application.

ExpiredCredentialException - the user's credentials have expired. The user must change their credentials in order to successfully authenticate.

authenticateUserWithoutValidatingPassword

public Token authenticateUserWithoutValidatingPassword(Application application,
 UserAuthenticationContext authenticateContext)
                                                throws InvalidAuthenticationException,
OperationFailedException,
InactiveAccountException,
ApplicationAccessDeniedException

Description copied from interface: TokenAuthenticationManager

Feigns the authentication process for a user and creates a token for the authentication without validating the password.

This method should only be used to generate a token for a user that has already authenticated credentials via some other means (eg. SharePoint NTLM connector) as this method bypasses any password checks.

If you want actual password authentication, use the TokenAuthenticationManager.authenticateUser(Application, UserAuthenticationContext, TokenLifetime) method.

Specified by:

authenticateUserWithoutValidatingPassword in interface TokenAuthenticationManager

Overrides:

authenticateUserWithoutValidatingPassword in class DelegatingTokenAuthenticationManager

authenticateContext - The authentication details for the user.

Returns:

The authenticated token for the user.

Throws:

InvalidAuthenticationException - if the authentication was not successful.

OperationFailedException - if the error thrown by directory implementation when attempting to find or authenticate the user.

InactiveAccountException - if the user account is inactive.

ApplicationAccessDeniedException - if the user does not have access to authenticate with application.