Class TokenController
java.lang.Object
com.atlassian.crowd.plugin.rest.service.controller.AbstractResourceController
com.atlassian.crowd.plugin.rest.service.controller.TokenController
Performs token authentication for the user.
-
Constructor Summary
ConstructorsConstructorDescriptionTokenController(TokenAuthenticationManager tokenAuthenticationManager, CrowdRememberMeService rememberMeService, AuthenticatedApplicationHolder authenticatedApplicationHolder) -
Method Summary
Modifier and TypeMethodDescriptionauthenticateUser(String username, String password, TokenLifetime tokenDuration, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) Authenticates a user for the given application.authenticateUserWithoutValidatingPassword(String username, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) Feigns the authentication process for a user and creates a token for the authentication without validating the password.getSessionFromToken(String tokenKey, URI baseUri) Returns the session associated with the Crowd SSO token.voidInvalidates all tokens.voidinvalidateToken(String token) Invalidates a token.voidinvalidateTokensForUser(String username, String exclusionToken, String applicationName) validateToken(String token, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) Validates a Crowd SSO token and creates a new token with an updated last accessed date (for the internal token representation).Methods inherited from class com.atlassian.crowd.plugin.rest.service.controller.AbstractResourceController
getAuthenticatedApplication
-
Constructor Details
-
TokenController
@Inject public TokenController(TokenAuthenticationManager tokenAuthenticationManager, CrowdRememberMeService rememberMeService, AuthenticatedApplicationHolder authenticatedApplicationHolder)
-
-
Method Details
-
authenticateUser
public SessionEntity authenticateUser(String username, String password, TokenLifetime tokenDuration, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) throws InvalidAuthenticationException, InactiveAccountException, ExpiredCredentialException, ApplicationAccessDeniedException, OperationFailedException Authenticates a user for the given application.- Parameters:
username- name of the userpassword- password of the usertokenDuration- Requested token lifetime.validationFactorEntities- validation factorsbaseUri- base URI of the REST service- Returns:
- Crowd SSO Token if the user successfully authenticated.
- Throws:
InvalidAuthenticationException- if the authentication was not successfulInactiveAccountException- if the user account is marked as inactiveExpiredCredentialException- if the user credential has expired and the user needs to set a new passwordApplicationAccessDeniedException- if the user does not have access to authenticate with the applicationOperationFailedException- if the operation failed for any other reason
-
authenticateUserWithoutValidatingPassword
public SessionEntity authenticateUserWithoutValidatingPassword(String username, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) throws InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, OperationFailedException Feigns the authentication process for a user and creates a token for the authentication without validating the password.This method only be used to generate a token for a user that has already authenticated credentials via some other means (eg. SharePoint NTLM connector) as this method bypasses any password checks.
If you want actual password authentication, use the
authenticateUser(java.lang.String, java.lang.String, com.atlassian.crowd.model.token.TokenLifetime, java.util.Collection<com.atlassian.crowd.plugin.rest.entity.ValidationFactorEntity>, java.net.URI)method.- Parameters:
username- name of the uservalidationFactorEntities- validation factorsbaseUri- base URI of the REST service- Returns:
- Crowd SSO Token if the user successfully authenticated.
- Throws:
InvalidAuthenticationException- if the authentication was not successfulInactiveAccountException- if the user account is marked as inactiveApplicationAccessDeniedException- if the user does not have access to authenticate with the applicationOperationFailedException- if the operation failed for any other reason
-
invalidateToken
Invalidates a token. If the token does not exist, the method will silently return.- Parameters:
token- Token to invalidate
-
invalidateAllTokens
public void invalidateAllTokens()Invalidates all tokens. -
validateToken
public SessionEntity validateToken(String token, Collection<ValidationFactorEntity> validationFactorEntities, URI baseUri) throws InvalidTokenException, ApplicationAccessDeniedException, OperationFailedException Validates a Crowd SSO token and creates a new token with an updated last accessed date (for the internal token representation).- Parameters:
token- Crowd SSO tokenvalidationFactorEntities- validation factorsbaseUri- base URI of the REST service- Returns:
- new token.
- Throws:
InvalidTokenException- if the token or validation factors are not valid.ApplicationAccessDeniedException- if the user is not allowed to authenticate with the application.OperationFailedException- if the application failed for any other reason.
-
getSessionFromToken
public SessionEntity getSessionFromToken(String tokenKey, URI baseUri) throws InvalidTokenException, OperationFailedException, ApplicationAccessDeniedException Returns the session associated with the Crowd SSO token.- Parameters:
tokenKey- token for the sessionbaseUri- base URI of the REST service- Returns:
- new SessionEntity with an expanded user
- Throws:
InvalidTokenException- if the token could not be foundOperationFailedException- if the operation failed for any other reasonApplicationAccessDeniedException- if the user does not have access to authenticate with the application
-
invalidateTokensForUser
public void invalidateTokensForUser(String username, String exclusionToken, String applicationName) throws UserNotFoundException, ApplicationNotFoundException
-