com.atlassian.bitbucket.auth.HttpAuthenticationHandler |
Implementations may also implement HttpLogoutHandler
, in which case they'll get a callback when the user
logs out.
Implementations should be stateless and thread-safe, as a single instance will be used to service all authentication requests.
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This method is deprecated.
in 5.5 for removal in 6.0. Use
performAuthentication(HttpAuthenticationContext)
instead.
| |||||||||||
Invoked by the system when authentication is attempted over HTTP.
| |||||||||||
Invoked by the system on requests that have an authenticated user.
|
This method is deprecated.
in 5.5 for removal in 6.0. Use performAuthentication(HttpAuthenticationContext)
instead.
Starting in 5.5 the system will never call this method directly, instead the system calls
performAuthentication(HttpAuthenticationContext)
, and the default implementation of that delegates to this method.
performAuthentication(HttpAuthenticationContext)
and authenticate(HttpAuthenticationContext)
.
authenticate(HttpAuthenticationContext)
can return null
or throw UnsupportedOperationException.
It shouldn't be tagged @Override
, since the interface method will be removed in 6.0.
authenticate(HttpAuthenticationContext)
without overriding performAuthentication(HttpAuthenticationContext)
.
authenticationContext | the authentication context that provides username, password, request details, etc. |
---|
null
when the handler opts out of authentication.when authentication fails. |
Invoked by the system when authentication is attempted over HTTP. Implementations must
AuthenticationResult
if the user is authenticated successfully
null
if the handler does not know how to authenticate the user from the
request (for instance when an expected SSO cookie is not present). By returning null
,
other handlers
will be attempted.
handlers
will be attempted.
handlers
will be invoked in
weight order
until a handler returns a AuthenticationResult
,
or throws an AuthenticationException.authenticationContext | the authentication context that provides username, password, request details, etc. |
---|
AuthenticationResult
if the handler was able to authenticate a user based on the request, or
null
if the handler opted outif the handler is able to authenticate the request, but the credentials supplied were not valid or could not be validated |
Invoked by the system on requests that have an authenticated user. Implementations that need to check whether an external (SSO) session is still valid should implement that logic here.
This method is called for every incoming request after the user initially authenticated. Implementors should make the implementation of this method as lightweight as possible.
authenticationContext | the authentication context that provides the authenticated user, request details, etc. |
---|
if the current authentication is no longer valid and the user must re-authenticate. |