public class LoginManagerImpl extends Object implements LoginManager
LoginManager
Modifier and Type | Field and Description |
---|---|
static String |
AUTHORISED_FAILURE |
static String |
AUTHORISING_USER_KEY |
Constructor and Description |
---|
LoginManagerImpl(LoginStore loginStore,
JiraAuthenticationContext jiraAuthenticationContext,
com.atlassian.crowd.embedded.api.CrowdService crowdService,
JiraCaptchaService jiraCaptchaService,
VelocityRequestContextFactory velocityRequestContextFactory,
com.atlassian.event.api.EventPublisher eventPublisher,
AuthorisationManager authorisationManager) |
Modifier and Type | Method and Description |
---|---|
LoginResult |
authenticate(ApplicationUser user,
String password)
This can be called to see if an user knows the given password.
|
LoginResult |
authenticateWithoutElevatedCheck(ApplicationUser user,
String password)
This can be called to see if an user knows the given password.
|
boolean |
authoriseForLogin(ApplicationUser user,
javax.servlet.http.HttpServletRequest httpServletRequest)
This is called to see if an authenticated user is allowed to login JIRA in the context of a web request.
|
boolean |
authoriseForRole(ApplicationUser user,
javax.servlet.http.HttpServletRequest httpServletRequest,
String role)
This is called to see if an authenticated user is allowed to execute the web request given the required role
|
protected Set<DeniedReason> |
getLoginDeniedReasons(javax.servlet.http.HttpServletRequest request)
Examines the HttpServletRequest, and determines the DeniedReason's that may have cause authentication to be
denied by looking at the
ELEVATED_SECURITY_FAILURE attribute. |
LoginInfo |
getLoginInfo(String userName)
This is called to get LoginInfo about a given user.
|
Set<String> |
getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
Gets the set of role strings that are examined by Seraph to decide if a user is authorised to execute a request.
|
boolean |
isElevatedSecurityCheckAlwaysShown() |
void |
logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This is called to logout the current user and destroy their JIRA session.
|
LoginInfo |
onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest,
String userName,
boolean loginSuccessful)
This is called after a login attempt has been made.
|
boolean |
performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest,
String userName)
This is called to see whether the user has passed an extended security check (such as CAPTCHA)
|
void |
resetFailedLoginCount(ApplicationUser user)
This can be called to reset the failed login count of a user
|
LoginInfo |
updateLastLoginTime(ApplicationUser user)
This is called to update the last login time without clearing the elevated security check.
|
public static final String AUTHORISED_FAILURE
public static final String AUTHORISING_USER_KEY
public LoginManagerImpl(LoginStore loginStore, JiraAuthenticationContext jiraAuthenticationContext, com.atlassian.crowd.embedded.api.CrowdService crowdService, JiraCaptchaService jiraCaptchaService, VelocityRequestContextFactory velocityRequestContextFactory, com.atlassian.event.api.EventPublisher eventPublisher, AuthorisationManager authorisationManager)
public LoginInfo getLoginInfo(String userName)
LoginManager
getLoginInfo
in interface LoginManager
userName
- the name of the user in play. This MUST not be null.LoginInfo
objectpublic boolean performElevatedSecurityCheck(javax.servlet.http.HttpServletRequest httpServletRequest, String userName)
LoginManager
performElevatedSecurityCheck
in interface LoginManager
httpServletRequest
- the HTTP request in playuserName
- the name of the user in play. This MUST not be null.public boolean authoriseForLogin(@Nonnull ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest)
LoginManager
At this stage the user has had their username and password authenticated but we need to see if they can be authorised to use JIRA.
authoriseForLogin
in interface LoginManager
user
- the user to authorise. This MUST not be null.httpServletRequest
- the web request in playpublic Set<String> getRequiredRoles(javax.servlet.http.HttpServletRequest httpServletRequest)
LoginManager
getRequiredRoles
in interface LoginManager
httpServletRequest
- the request in playpublic boolean authoriseForRole(@Nullable ApplicationUser user, javax.servlet.http.HttpServletRequest httpServletRequest, String role)
LoginManager
authoriseForRole
in interface LoginManager
user
- the user to authorise. This MAY be null.httpServletRequest
- the web request in playpublic LoginResult authenticate(ApplicationUser user, String password)
LoginManager
If the user requests elevatedSecurity then this will always fail with LoginReason.AUTHENTICATION_DENIED
authenticate
in interface LoginManager
user
- the user to authenticate. This MUST not be null.password
- the password to authenticate againstpublic LoginResult authenticateWithoutElevatedCheck(ApplicationUser user, String password)
LoginManager
Calling this method will not cause the request to fail if the user is required to do an elevated security check on normal login.
authenticateWithoutElevatedCheck
in interface LoginManager
user
- the user to authenticate. This MUST not be null.password
- the password to authenticate againstpublic LoginInfo onLoginAttempt(javax.servlet.http.HttpServletRequest httpServletRequest, String userName, boolean loginSuccessful)
LoginManager
onLoginAttempt
in interface LoginManager
httpServletRequest
- the HTTP request in playuserName
- the name of the user in play. This MUST not be null.loginSuccessful
- whether the login attempt was sucessful or notLoginInfo
about the userpublic LoginInfo updateLastLoginTime(ApplicationUser user)
LoginManager
updateLastLoginTime
in interface LoginManager
user
- the user in play. This MUST not be null.LoginInfo
about the userpublic void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
LoginManager
logout
in interface LoginManager
request
- the HTTP request in playresponse
- the HTTP response in playpublic boolean isElevatedSecurityCheckAlwaysShown()
isElevatedSecurityCheckAlwaysShown
in interface LoginManager
public void resetFailedLoginCount(ApplicationUser user)
LoginManager
resetFailedLoginCount
in interface LoginManager
user
- the user to authorise. This MUST not be null.protected Set<DeniedReason> getLoginDeniedReasons(javax.servlet.http.HttpServletRequest request)
ELEVATED_SECURITY_FAILURE
attribute. Currently the only reason why this
attribute would be set is because a user is required to pass a CAPTCHA challenge.request
- a HttpServletRequestELEVATED_SECURITY_FAILURE
Copyright © 2002-2021 Atlassian. All Rights Reserved.