com.atlassian.jira.security.login

Class LoginManagerImpl

java.lang.Object

com.atlassian.jira.security.login.LoginManagerImpl

All Implemented Interfaces:

LoginManager

public class LoginManagerImpl
extends Object
implements LoginManager

Implementation of LoginManager

Since:

v4.0.1

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHORISED_FAILURE
static String	AUTHORISING_USER_KEY

Constructor Summary

Constructors

Constructor and Description
LoginManagerImpl(LoginStore loginStore, JiraAuthenticationContext jiraAuthenticationContext, com.atlassian.crowd.embedded.api.CrowdService crowdService, JiraCaptchaService jiraCaptchaService, VelocityRequestContextFactory velocityRequestContextFactory, com.atlassian.event.api.EventPublisher eventPublisher, AuthorisationManager authorisationManager)

Method Summary

Modifier and Type	Method and Description
LoginResult	authenticate(ApplicationUser user, String password) This can be called to see if an user knows the given password.
LoginResult	authenticateWithoutElevatedCheck(ApplicationUser user, String password) This can be called to see if an user knows the given password.
boolean	authoriseForLogin(ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest) This is called to see if an authenticated user is allowed to login JIRA in the context of a web request.
boolean	authoriseForRole(ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest, String role) This is called to see if an authenticated user is allowed to execute the web request given the required role
protected Set<DeniedReason>	getLoginDeniedReasons(javax.servlet.http.HttpServletRequest request) Examines the HttpServletRequest, and determines the DeniedReason's that may have cause authentication to be denied by looking at the ELEVATED_SECURITY_FAILURE attribute.
LoginInfo	getLoginInfo(String userName) This is called to get LoginInfo about a given user.
Set<String>	getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest) Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
boolean	isElevatedSecurityCheckAlwaysShown()
void	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) This is called to logout the current user and destroy their JIRA session.
LoginInfo	onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName, boolean loginSuccessful) This is called after a login attempt has been made.
boolean	performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName) This is called to see whether the user has passed an extended security check (such as CAPTCHA)
void	resetFailedLoginCount(ApplicationUser user) This can be called to reset the failed login count of a user

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUTHORISED_FAILURE

public static final String AUTHORISED_FAILURE

AUTHORISING_USER_KEY

public static final String AUTHORISING_USER_KEY

Constructor Detail

LoginManagerImpl

public LoginManagerImpl(LoginStore loginStore,
                        JiraAuthenticationContext jiraAuthenticationContext,
                        com.atlassian.crowd.embedded.api.CrowdService crowdService,
                        JiraCaptchaService jiraCaptchaService,
                        VelocityRequestContextFactory velocityRequestContextFactory,
                        com.atlassian.event.api.EventPublisher eventPublisher,
                        AuthorisationManager authorisationManager)

Method Detail

getLoginInfo

public LoginInfo getLoginInfo(String userName)

Description copied from interface: LoginManager

This is called to get LoginInfo about a given user.

Specified by:

getLoginInfo in interface LoginManager

Parameters:

userName - the name of the user in play. This MUST not be null.

Returns:

a LoginInfo object

performElevatedSecurityCheck

public boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
                                            String userName)

Description copied from interface: LoginManager

This is called to see whether the user has passed an extended security check (such as CAPTCHA)

Specified by:

performElevatedSecurityCheck in interface LoginManager

Parameters:

httpServletRequest - the HTTP request in play

userName - the name of the user in play. This MUST not be null.

Returns:

true if they have passed the extended security check

authoriseForLogin

public boolean authoriseForLogin(@Nonnull
                                 ApplicationUser user,
                                 javax.servlet.http.HttpServletRequest httpServletRequest)

Description copied from interface: LoginManager

This is called to see if an authenticated user is allowed to login JIRA in the context of a web request.

At this stage the user has had their username and password authenticated but we need to see if they can be authorised to use JIRA.

Specified by:

authoriseForLogin in interface LoginManager

Parameters:

user - the user to authorise. This MUST not be null.

httpServletRequest - the web request in play

Returns:

true if the user can be authorised for login

getRequiredRoles

public Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)

Description copied from interface: LoginManager

Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.

Specified by:

getRequiredRoles in interface LoginManager

Parameters:

httpServletRequest - the request in play

Returns:

a set of roles

authoriseForRole

public boolean authoriseForRole(@Nullable
                                ApplicationUser user,
                                javax.servlet.http.HttpServletRequest httpServletRequest,
                                String role)

Description copied from interface: LoginManager

This is called to see if an authenticated user is allowed to execute the web request given the required role

Specified by:

authoriseForRole in interface LoginManager

Parameters:

user - the user to authorise. This MAY be null.

httpServletRequest - the web request in play

Returns:

true if the user can be authorised for this request

authenticate

public LoginResult authenticate(ApplicationUser user,
                                String password)

Description copied from interface: LoginManager

This can be called to see if an user knows the given password.

If the user requests elevatedSecurity then this will always fail with LoginReason.AUTHENTICATION_DENIED

Specified by:

authenticate in interface LoginManager

Parameters:

user - the user to authenticate. This MUST not be null.

password - the password to authenticate against

Returns:

true if the user can be authenticated

authenticateWithoutElevatedCheck

public LoginResult authenticateWithoutElevatedCheck(ApplicationUser user,
                                                    String password)

Description copied from interface: LoginManager

This can be called to see if an user knows the given password.

Calling this method will not cause the request to fail if the user is required to do an elevated security check on normal login.

Specified by:

authenticateWithoutElevatedCheck in interface LoginManager

Parameters:

user - the user to authenticate. This MUST not be null.

password - the password to authenticate against

Returns:

true if the user can be authenticated

onLoginAttempt

public LoginInfo onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
                                String userName,
                                boolean loginSuccessful)

Description copied from interface: LoginManager

This is called after a login attempt has been made. It allows the LoginManager to update information about a users login history.

Specified by:

onLoginAttempt in interface LoginManager

Parameters:

httpServletRequest - the HTTP request in play

userName - the name of the user in play. This MUST not be null.

loginSuccessful - whether the login attempt was sucessful or not

Returns:

the updated LoginInfo about the user

logout

public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)

Description copied from interface: LoginManager

This is called to logout the current user and destroy their JIRA session.

Specified by:

logout in interface LoginManager

Parameters:

request - the HTTP request in play

response - the HTTP response in play

isElevatedSecurityCheckAlwaysShown

public boolean isElevatedSecurityCheckAlwaysShown()

Specified by:

isElevatedSecurityCheckAlwaysShown in interface LoginManager

Returns:

true if the elevated security check (such as CAPTCHA) is always shown

resetFailedLoginCount

public void resetFailedLoginCount(ApplicationUser user)

Description copied from interface: LoginManager

This can be called to reset the failed login count of a user

Specified by:

resetFailedLoginCount in interface LoginManager

Parameters:

user - the user to authorise. This MUST not be null.

getLoginDeniedReasons

protected Set<DeniedReason> getLoginDeniedReasons(javax.servlet.http.HttpServletRequest request)

Examines the HttpServletRequest, and determines the DeniedReason's that may have cause authentication to be denied by looking at the ELEVATED_SECURITY_FAILURE attribute. Currently the only reason why this attribute would be set is because a user is required to pass a CAPTCHA challenge.

Parameters:

request - a HttpServletRequest

Returns:

a Set, containing the reasons that may have caused authentication to be denied

See Also:

ELEVATED_SECURITY_FAILURE