LoginManager (Atlassian JIRA 6.4.10 API)

All Known Implementing Classes:

BootstrapLoginManagerImpl, LoginManagerImpl
```
public interface LoginManager
```
The LoginManager keeps track of users login activities.

Since:

v4.0

Method Summary

Methods
Modifier and Type	Method and Description
`LoginResult`	`authenticate(com.atlassian.crowd.embedded.api.User user, String password)` This can be called to see if an user knows the given password.
`LoginResult`	`authenticateWithoutElevatedCheck(com.atlassian.crowd.embedded.api.User user, String password)` This can be called to see if an user knows the given password.
`boolean`	`authoriseForLogin(ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest)` This is called to see if an autenticated user is allowed to login JIRA in the context of a web request.
`boolean`	`authoriseForRole(ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest, String role)` This is called to see if an autenticated user is allowed to execute the web request given the required role
`LoginInfo`	`getLoginInfo(String userName)` This is called to get LoginInfo about a given user.
`Set<String>`	`getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)` Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
`boolean`	`isElevatedSecurityCheckAlwaysShown()`
`void`	`logout(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)` This is called to logout the current user ourt and destroy their JIRA session
`LoginInfo`	`onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName, boolean loginSuccessful)` This is called after a login attempt has been made.
`boolean`	`performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)` This is called to see whether the user has passed an extended security check (such as CAPTCHA)
`void`	`resetFailedLoginCount(com.atlassian.crowd.embedded.api.User user)` This can be called to reset the failed login count of a user

- Method Detail
  - getLoginInfo
```
LoginInfo getLoginInfo(String userName)
```
    This is called to get LoginInfo about a given user.
    
    Parameters:
    userName - the name of the user in play. This MUST not be null.
    
    Returns:
    a LoginInfo object
  - performElevatedSecurityCheck
```
boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
                                   String userName)
```
    This is called to see whether the user has passed an extended security check (such as CAPTCHA)
    
    Parameters:
    httpServletRequest - the HTTP request in play
    userName - the name of the user in play. This MUST not be null.
    
    Returns:
    true if they have passed the extended security check
  - onLoginAttempt
```
LoginInfo onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                       String userName,
                       boolean loginSuccessful)
```
    This is called after a login attempt has been made. It allows the LoginManager to update information about a users login history.
    
    Parameters:
    httpServletRequest - the HTTP request in play
    userName - the name of the user in play. This MUST not be null.
    loginSuccessful - whether the login attempt was sucessful or not
    
    Returns:
    the updated LoginInfo about the user
  - authenticate
```
LoginResult authenticate(com.atlassian.crowd.embedded.api.User user,
                       String password)
```
    This can be called to see if an user knows the given password. Services such as SOAP and XML-RPC may use this to validate a request.
    If the user requests elevatedSecurity then this will always fail with LoginReason.AUTHENTICATION_DENIED
    
    Parameters:
    user - the user to authenticate. This MUST not be null.
    password - the password to authenticate against
    
    Returns:
    true if the user can be authenticated
  - authenticateWithoutElevatedCheck
```
LoginResult authenticateWithoutElevatedCheck(com.atlassian.crowd.embedded.api.User user,
                                           String password)
```
    This can be called to see if an user knows the given password. Services such as SOAP and XML-RPC may use this to validate a request.
    Calling this method will not cause the request to fail if the user is required to do an elevated security check on normal login.
    
    Parameters:
    user - the user to authenticate. This MUST not be null.
    password - the password to authenticate against
    
    Returns:
    true if the user can be authenticated
  - authoriseForLogin
```
boolean authoriseForLogin(@Nonnull
                        ApplicationUser user,
                        javax.servlet.http.HttpServletRequest httpServletRequest)
```
    This is called to see if an autenticated user is allowed to login JIRA in the context of a web request.
    At this stage the user has had their username and password authenticated but we need to see if they can be authorised to use JIRA.
    
    Parameters:
    user - the user to authorise. This MUST not be null.
    httpServletRequest - the web request in play
    
    Returns:
    true if the user can be authorised for login
  - getRequiredRoles
```
Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
```
    Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
    
    Parameters:
    httpServletRequest - the request in play
    
    Returns:
    a set of roles
  - authoriseForRole
```
boolean authoriseForRole(@Nullable
                       ApplicationUser user,
                       javax.servlet.http.HttpServletRequest httpServletRequest,
                       String role)
```
    This is called to see if an autenticated user is allowed to execute the web request given the required role
    
    Parameters:
    user - the user to authorise. This MAY be null.
    httpServletRequest - the web request in play
    
    Returns:
    true if the user can be authorised for this request
  - logout
```
void logout(javax.servlet.http.HttpServletRequest httpServletRequest,
          javax.servlet.http.HttpServletResponse httpServletResponse)
```
    This is called to logout the current user ourt and destroy their JIRA session
    
    Parameters:
    httpServletRequest - the HTTP request in play
    httpServletResponse - the HTTP response in play
  - isElevatedSecurityCheckAlwaysShown
```
boolean isElevatedSecurityCheckAlwaysShown()
```
    Returns:
    true if the elevated security check (such as CAPTCHA) is always shown
  - resetFailedLoginCount
```
void resetFailedLoginCount(com.atlassian.crowd.embedded.api.User user)
```
    This can be called to reset the failed login count of a user
    
    Parameters:
    user - the user to authorise. This MUST not be null.

Interface LoginManager

Method Summary

Method Detail

getLoginInfo

performElevatedSecurityCheck

onLoginAttempt

authenticate

authenticateWithoutElevatedCheck

authoriseForLogin

getRequiredRoles

authoriseForRole

logout

isElevatedSecurityCheckAlwaysShown

resetFailedLoginCount