Class CrowdHttpAuthenticatorImpl
java.lang.Object
com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl
- All Implemented Interfaces:
CrowdHttpAuthenticator
An implementation of CrowdHttpAuthenticator using a CrowdClient
to talk to a Crowd server. All methods potentially result in calls to a
remote Crowd server.
If the ClientProperties provided has a session validation
interval configured then isAuthenticated(HttpServletRequest, HttpServletResponse)
will only make remote calls when that interval expires.
-
Constructor Summary
ConstructorsConstructorDescriptionCrowdHttpAuthenticatorImpl(CrowdClient client, ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper) CrowdHttpAuthenticatorImpl(CrowdClient client, ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper, TokenLockProvider tokenLockProvider) -
Method Summary
Modifier and TypeMethodDescriptionauthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password) Authenticates the user based on provided credentials.authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username) Authenticates the user without validating password.checkAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Tests whether a request is authenticated via SSO.getToken(javax.servlet.http.HttpServletRequest request) Retrieves the Crowd authentication token from the request.getUser(javax.servlet.http.HttpServletRequest request) Attempts to retrieve the currently authenticated User from the request.booleanisAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated.voidlogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Logs out the authenticated user.
-
Constructor Details
-
CrowdHttpAuthenticatorImpl
public CrowdHttpAuthenticatorImpl(CrowdClient client, ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper) -
CrowdHttpAuthenticatorImpl
public CrowdHttpAuthenticatorImpl(CrowdClient client, ClientProperties clientProperties, CrowdHttpTokenHelper tokenHelper, TokenLockProvider tokenLockProvider)
-
-
Method Details
-
getUser
public User getUser(javax.servlet.http.HttpServletRequest request) throws InvalidTokenException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException Description copied from interface:CrowdHttpAuthenticatorAttempts to retrieve the currently authenticated User from the request. This will attempt to find the Crowd SSO token via:- a request attribute (not the request parameter), OR
- a cookie on the request
- Specified by:
getUserin interfaceCrowdHttpAuthenticator- Parameters:
request- HTTP request, possibly containing a Crowd SSO cookie.- Returns:
- authenticated
Userornullif the there is no authenticated user. - Throws:
InvalidTokenException- if the token in the request is not valid.ApplicationPermissionException- if the application is not permitted to perform the requested operation on the server.InvalidAuthenticationException- if the application and password are not valid.OperationFailedException- if the operation has failed for an unknown reason.
-
authenticate
public User authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username, String password) throws InvalidTokenException, ApplicationAccessDeniedException, ExpiredCredentialException, InactiveAccountException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException Description copied from interface:CrowdHttpAuthenticatorAuthenticates the user based on provided credentials.Validation factors (such as IP address) are extracted from the request.
If the user is successfully authenticated, the Crowd SSO token is placed in:
- the request: as an attribute, so the user is authenticated for the span of the request.
- the response: as a cookie, so the user is authenticated for subsequent requests.
If the credentials fail authentication, any existing Crowd SSO token is removed from:
- the request attribute.
- the response as a cookie as a cookie with a max-age of 0.
- Specified by:
authenticatein interfaceCrowdHttpAuthenticator- Parameters:
request- request to set the Crowd SSO tokenresponse- response to set the Crowd SSO token cookieusername- username to authenticatepassword- password of the user- Returns:
- the authenticated user if the authentication was successful, otherwise an exception is thrown.
- Throws:
ApplicationPermissionException- if the application is not permitted to perform the requested operation on the server.InvalidAuthenticationException- if the application and password are not valid.OperationFailedException- if the operation has failed for an unknown reason.InvalidTokenExceptionApplicationAccessDeniedExceptionExpiredCredentialExceptionInactiveAccountException
-
authenticateWithoutValidatingPassword
public User authenticateWithoutValidatingPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String username) throws InvalidTokenException, ApplicationAccessDeniedException, InactiveAccountException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException Description copied from interface:CrowdHttpAuthenticatorAuthenticates the user without validating password.Validation factors (such as IP address) are extracted from the request.
If the user is successfully authenticated, the Crowd SSO token is placed in:
- the request: as an attribute, so the user is authenticated for the span of the request.
- the response: as a cookie, so the user is authenticated for subsequent requests.
If authentication fails, any existing Crowd SSO token is removed from:
- the request attribute.
- the response as a cookie as a cookie with a max-age of 0.
- Specified by:
authenticateWithoutValidatingPasswordin interfaceCrowdHttpAuthenticator- Parameters:
request- request to set the Crowd SSO tokenresponse- response to set the Crowd SSO token cookieusername- username to authenticate- Returns:
- the authenticated user if the authentication was successful, otherwise an exception is thrown.
- Throws:
ApplicationPermissionException- if the application is not permitted to perform the requested operation on the server.InvalidAuthenticationException- if the application and password are not valid.OperationFailedException- if the operation has failed for an unknown reason.InvalidTokenExceptionApplicationAccessDeniedExceptionInactiveAccountException
-
isAuthenticated
@Deprecated public boolean isAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws OperationFailedException Deprecated.Description copied from interface:CrowdHttpAuthenticatorTests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie. The last validated date/time attribute of the request session is updated.- Specified by:
isAuthenticatedin interfaceCrowdHttpAuthenticator- Parameters:
request- HttpServletRequestresponse- HttpServletResponse- Returns:
trueif and only if the request has been authenticated.- Throws:
OperationFailedException- if the operation has failed for an unknown reason.
-
checkAuthenticated
public AuthenticationState checkAuthenticated(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws OperationFailedException Description copied from interface:CrowdHttpAuthenticatorTests whether a request is authenticated via SSO. This only tests against the Crowd server if the validation interval is exceeded, this value is obtained from crowd.properties AND that there is a valid token present for the user in the Crowd Cookie. The last validated date/time attribute of the request session is updated.- Specified by:
checkAuthenticatedin interfaceCrowdHttpAuthenticator- Parameters:
request- HttpServletRequestresponse- HttpServletResponse- Returns:
- details of whether the request is authenticated
- Throws:
OperationFailedException- if the operation has failed for an unknown reason.
-
logout
public void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException Description copied from interface:CrowdHttpAuthenticatorLogs out the authenticated user. Removes the cookie from the response and request attribute. Invalidates the token on the server.- Specified by:
logoutin interfaceCrowdHttpAuthenticator- Parameters:
request- request contains the Crowd SSO token to invalidate and hence log the user out.response- response returns a request to remove the token cookie from the user browser.- Throws:
ApplicationPermissionException- if the application is not permitted to perform the requested operation on the server.InvalidAuthenticationException- if the application and password are not valid.OperationFailedException- if the operation has failed for an unknown reason.
-
getToken
Description copied from interface:CrowdHttpAuthenticatorRetrieves the Crowd authentication token from the request.- Specified by:
getTokenin interfaceCrowdHttpAuthenticator- Parameters:
request- request to look for the Crowd SSO token.- Returns:
- value of the token if found, otherwise null.
-