public class LoginManagerImpl extends Object implements LoginManager
LoginManager
Modifier and Type | Field and Description |
---|---|
static String |
AUTHORISED_FAILURE |
static String |
AUTHORISING_USER_KEY |
Constructor and Description |
---|
LoginManagerImpl(LoginStore loginStore,
JiraAuthenticationContext jiraAuthenticationContext,
com.atlassian.crowd.embedded.api.CrowdService crowdService,
JiraCaptchaService jiraCaptchaService,
VelocityRequestContextFactory velocityRequestContextFactory,
com.atlassian.event.api.EventPublisher eventPublisher,
AuthorisationManager authorisationManager) |
Modifier and Type | Method and Description |
---|---|
LoginResult |
authenticate(com.atlassian.crowd.embedded.api.User user,
String password)
This can be called to see if an user knows the given password.
|
LoginResult |
authenticateWithoutElevatedCheck(com.atlassian.crowd.embedded.api.User user,
String password)
This can be called to see if an user knows the given password.
|
boolean |
authoriseForLogin(ApplicationUser user,
javax.servlet.http.HttpServletRequest httpServletRequest)
This is called to see if an autenticated user is allowed to login JIRA in the context of a web request.
|
boolean |
authoriseForRole(ApplicationUser user,
javax.servlet.http.HttpServletRequest httpServletRequest,
String role)
This is called to see if an autenticated user is allowed to execute the web request given the required role
|
protected Set<DeniedReason> |
getLoginDeniedReasons(javax.servlet.http.HttpServletRequest request)
Examines the HttpServletRequest, and determines the DeniedReason's that may have cause authentication to be
denied by looking at the
ELEVATED_SECURITY_FAILURE attribute. |
LoginInfo |
getLoginInfo(String userName)
This is called to get LoginInfo about a given user.
|
Set<String> |
getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
|
boolean |
isElevatedSecurityCheckAlwaysShown() |
void |
logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This is called to logout the current user ourt and destroy their JIRA session
|
LoginInfo |
onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
String userName,
boolean loginSuccessful)
This is called after a login attempt has been made.
|
boolean |
performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
String userName)
This is called to see whether the user has passed an extended security check (such as CAPTCHA)
|
void |
resetFailedLoginCount(com.atlassian.crowd.embedded.api.User user)
This can be called to reset the failed login count of a user
|
public static final String AUTHORISED_FAILURE
public static final String AUTHORISING_USER_KEY
public LoginManagerImpl(LoginStore loginStore, JiraAuthenticationContext jiraAuthenticationContext, com.atlassian.crowd.embedded.api.CrowdService crowdService, JiraCaptchaService jiraCaptchaService, VelocityRequestContextFactory velocityRequestContextFactory, com.atlassian.event.api.EventPublisher eventPublisher, AuthorisationManager authorisationManager)
public LoginInfo getLoginInfo(String userName)
LoginManager
getLoginInfo
in interface LoginManager
userName
- the name of the user in play. This MUST not be null.LoginInfo
objectpublic boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
LoginManager
performElevatedSecurityCheck
in interface LoginManager
httpServletRequest
- the HTTP request in playuserName
- the name of the user in play. This MUST not be null.public boolean authoriseForLogin(@Nonnull ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest)
LoginManager
authoriseForLogin
in interface LoginManager
user
- the user to authorise. This MUST not be null.httpServletRequest
- the web request in playpublic Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
LoginManager
getRequiredRoles
in interface LoginManager
httpServletRequest
- the request in playpublic boolean authoriseForRole(@Nullable ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest, String role)
LoginManager
authoriseForRole
in interface LoginManager
user
- the user to authorise. This MAY be null.httpServletRequest
- the web request in playpublic LoginResult authenticate(com.atlassian.crowd.embedded.api.User user, String password)
LoginManager
authenticate
in interface LoginManager
user
- the user to authenticate. This MUST not be null.password
- the password to authenticate againstpublic LoginResult authenticateWithoutElevatedCheck(com.atlassian.crowd.embedded.api.User user, String password)
LoginManager
authenticateWithoutElevatedCheck
in interface LoginManager
user
- the user to authenticate. This MUST not be null.password
- the password to authenticate againstpublic LoginInfo onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName, boolean loginSuccessful)
LoginManager
onLoginAttempt
in interface LoginManager
httpServletRequest
- the HTTP request in playuserName
- the name of the user in play. This MUST not be null.loginSuccessful
- whether the login attempt was sucessful or notLoginInfo
about the userpublic void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
LoginManager
logout
in interface LoginManager
request
- the HTTP request in playresponse
- the HTTP response in playpublic boolean isElevatedSecurityCheckAlwaysShown()
isElevatedSecurityCheckAlwaysShown
in interface LoginManager
public void resetFailedLoginCount(com.atlassian.crowd.embedded.api.User user)
LoginManager
resetFailedLoginCount
in interface LoginManager
user
- the user to authorise. This MUST not be null.protected Set<DeniedReason> getLoginDeniedReasons(javax.servlet.http.HttpServletRequest request)
ELEVATED_SECURITY_FAILURE
attribute. Currently the only reason why this
attribute would be set is because a user is required to pass a CAPTCHA challenge.request
- a HttpServletRequestELEVATED_SECURITY_FAILURE
Copyright © 2002-2015 Atlassian. All Rights Reserved.