Package com.atlassian.jira.security.login

Class LoginManagerImpl

java.lang.Object
com.atlassian.jira.security.login.LoginManagerImpl
All Implemented Interfaces:
LoginManager
public class LoginManagerImpl extends Object implements LoginManager
Implementation of LoginManager
Since:
v4.0.1

  • Field Details

    • AUTHORISED_FAILURE

      public static final String AUTHORISED_FAILURE

    • AUTHORISING_USER_KEY

      public static final String AUTHORISING_USER_KEY

  • Constructor Details

  • Method Details

    • getLoginInfo

      public LoginInfo getLoginInfo(String userName)
      Description copied from interface: LoginManager
      This is called to get LoginInfo about a given user.
      Specified by:
      getLoginInfo in interface LoginManager
      Parameters:
      userName - the name of the user in play. This MUST not be null.
      Returns:
      a LoginInfo object

    • performElevatedSecurityCheck

      public boolean performElevatedSecurityCheck(jakarta.servlet.http.HttpServletRequest httpServletRequest, String userName)
      Description copied from interface: LoginManager
      This is called to see whether the user has passed an extended security check (such as CAPTCHA)
      Specified by:
      performElevatedSecurityCheck in interface LoginManager
      Parameters:
      httpServletRequest - the HTTP request in play
      userName - the name of the user in play. This MUST not be null.
      Returns:
      true if they have passed the extended security check

    • authoriseForLogin

      public boolean authoriseForLogin(@Nonnull ApplicationUser user, jakarta.servlet.http.HttpServletRequest httpServletRequest)
      Description copied from interface: LoginManager
      This is called to see if an authenticated user is allowed to login JIRA in the context of a web request.

      At this stage the user has had their username and password authenticated but we need to see if they can be authorised to use JIRA.

      Specified by:
      authoriseForLogin in interface LoginManager
      Parameters:
      user - the user to authorise. This MUST not be null.
      httpServletRequest - the web request in play
      Returns:
      true if the user can be authorised for login

    • getRequiredRoles

      public Set<String> getRequiredRoles(jakarta.servlet.http.HttpServletRequest httpServletRequest)
      Description copied from interface: LoginManager
      Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
      Specified by:
      getRequiredRoles in interface LoginManager
      Parameters:
      httpServletRequest - the request in play
      Returns:
      a set of roles

    • authoriseForRole

      public boolean authoriseForRole(@Nullable ApplicationUser user, jakarta.servlet.http.HttpServletRequest httpServletRequest, String role)
      Description copied from interface: LoginManager
      This is called to see if an authenticated user is allowed to execute the web request given the required role

      Specified by:
      authoriseForRole in interface LoginManager
      Parameters:
      user - the user to authorise. This MAY be null.
      httpServletRequest - the web request in play
      Returns:
      true if the user can be authorised for this request

    • authenticate

      public LoginResult authenticate(ApplicationUser user, String password)
      Description copied from interface: LoginManager
      This can be called to see if an user knows the given password.

      If the user requests elevatedSecurity then this will always fail with LoginReason.AUTHENTICATION_DENIED

      Specified by:
      authenticate in interface LoginManager
      Parameters:
      user - the user to authenticate. This MUST not be null.
      password - the password to authenticate against
      Returns:
      true if the user can be authenticated

    • authenticateWithoutElevatedCheck

      public LoginResult authenticateWithoutElevatedCheck(ApplicationUser user, String password)
      Description copied from interface: LoginManager
      This can be called to see if an user knows the given password.

      Calling this method will not cause the request to fail if the user is required to do an elevated security check on normal login.

      Specified by:
      authenticateWithoutElevatedCheck in interface LoginManager
      Parameters:
      user - the user to authenticate. This MUST not be null.
      password - the password to authenticate against
      Returns:
      true if the user can be authenticated

    • onLoginAttempt

      public LoginInfo onLoginAttempt(jakarta.servlet.http.HttpServletRequest httpServletRequest, String userName, boolean loginSuccessful)
      Description copied from interface: LoginManager
      This is called after a login attempt has been made. It allows the LoginManager to update information about a users login history and clear the elevated security check.
      Specified by:
      onLoginAttempt in interface LoginManager
      Parameters:
      httpServletRequest - the HTTP request in play
      userName - the name of the user in play. This MUST not be null.
      loginSuccessful - whether the login attempt was sucessful or not
      Returns:
      the updated LoginInfo about the user

    • updateLastLoginTime

      public LoginInfo updateLastLoginTime(ApplicationUser user)
      Description copied from interface: LoginManager
      This is called to update the last login time without clearing the elevated security check.
      Specified by:
      updateLastLoginTime in interface LoginManager
      Parameters:
      user - the user in play. This MUST not be null.
      Returns:
      the updated LoginInfo about the user

    • logout

      public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Description copied from interface: LoginManager
      This is called to logout the current user and destroy their JIRA session.
      Specified by:
      logout in interface LoginManager
      Parameters:
      request - the HTTP request in play
      response - the HTTP response in play

    • isElevatedSecurityCheckAlwaysShown

      public boolean isElevatedSecurityCheckAlwaysShown()
      Specified by:
      isElevatedSecurityCheckAlwaysShown in interface LoginManager
      Returns:
      true if the elevated security check (such as CAPTCHA) is always shown

    • resetFailedLoginCount

      public void resetFailedLoginCount(ApplicationUser user)
      Description copied from interface: LoginManager
      This can be called to reset the failed login count of a user
      Specified by:
      resetFailedLoginCount in interface LoginManager
      Parameters:
      user - the user to authorise. This MUST not be null.

    • getLoginDeniedReasons

      protected Set<DeniedReason> getLoginDeniedReasons(jakarta.servlet.http.HttpServletRequest request)
      Examines the HttpServletRequest, and determines the DeniedReason's that may have cause authentication to be denied by looking at the ELEVATED_SECURITY_FAILURE attribute. Currently the only reason why this attribute would be set is because a user is required to pass a CAPTCHA challenge.
      Parameters:
      request - a HttpServletRequest
      Returns:
      a Set, containing the reasons that may have caused authentication to be denied
      See Also:
      • ELEVATED_SECURITY_FAILURE