Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.seraph.elevatedsecurity
Interface ElevatedSecurityGuard

All Superinterfaces:
Initable
All Known Implementing Classes:
NoopElevatedSecurityGuard
public interface ElevatedSecurityGuard
extends Initable

An ElevatedSecurityGaurd is responsible for checking whether a user has failed authentication too many times and hence needs to pass an "elevated" security check before they can authenticate again.

Since:
v2.1

Method Summary
 void onFailedLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
          This is called when a user fails a login check, either because they failed the elevated security check or they failed the more basic username and password check.
 void onSuccessfulLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
          This is called when a user passes a login check.
 boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
          This will be called to perform an elevated security check for a given user name.
 
Methods inherited from interface com.atlassian.seraph.Initable
init
 

Method Detail

performElevatedSecurityCheck

boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
                                     String userName)
This will be called to perform an elevated security check for a given user name. Its up to the implementor to decide what if any tests needs to be done. It should return true if the authentication can proceed.

Parameters:
httpServletRequest - the HTTP request in play
userName - the name of the user to get login information about
Returns:
true if the user passed the elevated security check or false if not. If you dont want any elevated security checks done them always return true.

onFailedLoginAttempt

void onFailedLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                          String userName)
This is called when a user fails a login check, either because they failed the elevated security check or they failed the more basic username and password check.

The username MAY be null if a valid username cannot be found for example

Parameters:
httpServletRequest - the HTTP request in play
userName - the name of the user to get login information about

onSuccessfulLoginAttempt

void onSuccessfulLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                              String userName)
This is called when a user passes a login check.

The username MAY be null if a valid username cannot be found for example

Parameters:
httpServletRequest - the HTTP request in play
userName - the name of the user to get login information about
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 Atlassian. All Rights Reserved.