Package com.atlassian.bitbucket.auth

Interface AuthenticationService

public interface AuthenticationService
Since:
5.5

  • Method Details

    • authenticate

      @Nonnull Authentication authenticate(@Nonnull String token)
      Attempts to authenticate with the specified token.

      Note: this method only authenticates; it does not apply the authentication to the current request, nor does it call any authentication success or failure handlers.

      Parameters:
      token - the token
      Returns:
      the ApplicationUser representing the authenticated user
      Throws:
      AuthenticationException - if the provided token is invalid
      Since:
      7.19

    • authenticate

      @Nonnull Authentication authenticate(@Nonnull String username, @Nonnull String password)
      Attempts to authenticate the specified user given their password. Failed authentications will not count towards the maximum number allowed before CAPTCHA is imposed for the supplied user.

      Note: this method only authenticates; it does not apply the authentication to the current request, nor does it call any authentication success or failure handlers.

      Parameters:
      username - the username
      password - the user's password
      Returns:
      the ApplicationUser representing the authenticated user
      Throws:
      AuthenticationSystemException - if a failure occurs in Crowd
      ExpiredPasswordAuthenticationException - if the user's password has expired and must be changed
      InactiveUserAuthenticationException - if the specified user is inactive
      IncorrectPasswordAuthenticationException - if the provided password is incorrect
      NoSuchUserException - if the specified user does not exist or their user details cannot be retrieved
      See Also:

    • authenticate

      @Nonnull Authentication authenticate(@Nonnull String username, @Nonnull String password, boolean isFormBased)
      Attempts to authenticate the specified user given their password. Failed authentications will not count towards the maximum number allowed before CAPTCHA is imposed for the supplied user.

      If isFormBased is true, the authentication will be treated as form-based.

      Note: this method only authenticates; it does not apply the authentication to the current request, nor does it call any authentication success or failure handlers.

      Parameters:
      username - the username
      password - the user's password
      isFormBased - whether the authentication method is form-based
      Returns:
      the ApplicationUser representing the authenticated user
      Throws:
      AuthenticationSystemException - if a failure occurs in Crowd
      ExpiredPasswordAuthenticationException - if the user's password has expired and must be changed
      InactiveUserAuthenticationException - if the specified user is inactive
      IncorrectPasswordAuthenticationException - if the provided password is incorrect
      NoSuchUserException - if the specified user does not exist or their user details cannot be retrieved
      Since:
      9.3
      See Also:

    • authenticateWithCaptcha

      @Nonnull Authentication authenticateWithCaptcha(@Nonnull String username, @Nonnull String password)
      Attempts to authenticate the specified user given their password. Failed authentications will count towards the maximum number allowed before CAPTCHA is imposed for the supplied user. If the maximum number of allowed failed logins has already been exceeded the method will throw CaptchaRequiredAuthenticationException

      Note: this method only authenticates; it does not apply the authentication to the current request, nor does it call any authentication success or failure handlers.

      Parameters:
      username - the username
      password - the user's password
      Returns:
      the Authentication representing the authenticated user and additional properties
      Throws:
      AuthenticationSystemException - if a failure occurs in one of the authentication handlers
      CaptchaRequiredAuthenticationException - if CAPTCHA is required
      ExpiredPasswordAuthenticationException - if the user's password has expired and must be changed
      InactiveUserAuthenticationException - if the specified user is inactive
      IncorrectPasswordAuthenticationException - if the provided password is incorrect
      NoSuchUserException - if the specified user does not exist or their user details cannot be retrieved

    • clear

      @Nonnull Authentication clear()
      Clears the current authentication, if any, resulting in an anonymous context
      Returns:
      the previously active authentication

    • get

      @Nonnull Authentication get()
      Returns:
      the authentication that's active on the current thread

    • set

      @Nonnull Authentication set(@Nonnull Authentication authentication)
      Sets the authentication for the current thread (and thereby request)
      Parameters:
      authentication - the authentication to set
      Returns:
      the previously active authentication