Package com.atlassian.crowd.manager.authentication

Class TokenAuthenticationManagerImpl

java.lang.Object
com.atlassian.crowd.manager.authentication.TokenAuthenticationManagerImpl
All Implemented Interfaces:
TokenAuthenticationManager
@Transactional public class TokenAuthenticationManagerImpl extends Object implements TokenAuthenticationManager

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected static final String
    RECENT_TOKENS_CACHE_SIZE_SYSTEM_PROPERTY_NAME
     
    protected static final String
    RECENT_TOKENS_CACHE_TTL_SYSTEM_PROPERTY_NAME
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    TokenAuthenticationManagerImpl(com.atlassian.crowd.dao.token.SessionTokenStorage tokenManager, com.atlassian.crowd.dao.application.ApplicationDAO applicationDao, TokenFactory tokenFactory, com.atlassian.cache.Cache<String,Boolean> cache, com.atlassian.event.api.EventPublisher eventPublisher, PropertyManager propertyManager, DirectoryManager directoryManager, ApplicationManager applicationManager, ApplicationService applicationService, Clock clock)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected List<com.atlassian.crowd.model.authentication.ValidationFactor>
    activeValidationFactors(com.atlassian.crowd.model.authentication.ValidationFactor[] factors)
     
    com.atlassian.crowd.model.token.Token
    authenticateApplication(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.ApplicationAuthenticationContext authenticationContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime)
     
    com.atlassian.crowd.model.token.Token
    authenticateApplicationWithoutValidatingPassword(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.ApplicationAuthenticationContext authenticationContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime)
     
    com.atlassian.crowd.model.token.Token
    authenticateUser(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.UserAuthenticationContext authenticationContext, boolean validatePassword, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime)
     
    com.atlassian.crowd.model.token.Token
    authenticateUser(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.UserAuthenticationContext authenticateContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime)
     
    com.atlassian.crowd.model.token.Token
    authenticateUserWithoutValidatingPassword(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.UserAuthenticationContext authenticateContext)
     
    List<com.atlassian.crowd.model.application.Application>
    findAuthorisedApplications(User user, String applicationName)
     
    User
    findUserByToken(com.atlassian.crowd.model.token.Token token, com.atlassian.crowd.model.application.Application application)
     
    com.atlassian.crowd.model.token.Token
    findUserTokenByKey(String tokenKey, com.atlassian.crowd.model.application.Application application)
     
    protected org.apache.commons.lang3.tuple.Pair<com.atlassian.crowd.model.token.Token,Boolean>
    generateUserToken(long directoryID, com.atlassian.crowd.model.authentication.AuthenticationContext authenticationContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime)
    This method will return a Token based on the passed in parameters.
    protected org.apache.commons.lang3.tuple.Pair<com.atlassian.crowd.model.token.Token,Boolean>
    genericValidateToken(String token, com.atlassian.crowd.model.authentication.ValidationFactor[] validationFactors)
    Will validate a token key with the given ValidationFactor's against one (if it exists) in the datastore.
    Date
    getTokenExpiryTime(com.atlassian.crowd.model.token.Token token)
     
    void
    invalidateAllTokens()
     
    Optional<com.atlassian.crowd.model.token.Token>
    invalidateToken(String tokenKey)
     
    void
    invalidateTokensForUser(String username, String exclusionToken, String applicationName)
     
    protected boolean
    isAllowedToAuthenticate(String username, long directoryId, com.atlassian.crowd.model.application.Application application)
    Determines if a user is permitted to attempt authentication with a given application.
    protected boolean
    isExpired(com.atlassian.crowd.model.token.Token token)
     
    protected org.apache.commons.lang3.tuple.Pair<com.atlassian.crowd.model.token.Token,Boolean>
    maybeUpdateLastAccessedTime(com.atlassian.crowd.model.token.Token token)
     
    void
    removeExpiredTokens()
     
    com.atlassian.crowd.model.token.Token
    validateApplicationToken(String tokenKey, com.atlassian.crowd.model.authentication.ValidationFactor[] clientValidationFactors)
     
    com.atlassian.crowd.model.token.Token
    validateUserToken(com.atlassian.crowd.model.application.Application application, String userTokenKey, com.atlassian.crowd.model.authentication.ValidationFactor[] validationFactors)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • RECENT_TOKENS_CACHE_SIZE_SYSTEM_PROPERTY_NAME

      protected static final String RECENT_TOKENS_CACHE_SIZE_SYSTEM_PROPERTY_NAME
      See Also:

    • RECENT_TOKENS_CACHE_TTL_SYSTEM_PROPERTY_NAME

      protected static final String RECENT_TOKENS_CACHE_TTL_SYSTEM_PROPERTY_NAME
      See Also:

  • Constructor Details

    • TokenAuthenticationManagerImpl

      public TokenAuthenticationManagerImpl(com.atlassian.crowd.dao.token.SessionTokenStorage tokenManager, com.atlassian.crowd.dao.application.ApplicationDAO applicationDao, TokenFactory tokenFactory, com.atlassian.cache.Cache<String,Boolean> cache, com.atlassian.event.api.EventPublisher eventPublisher, PropertyManager propertyManager, DirectoryManager directoryManager, ApplicationManager applicationManager, ApplicationService applicationService, Clock clock)

  • Method Details

    • invalidateToken

      public Optional<com.atlassian.crowd.model.token.Token> invalidateToken(String tokenKey)
      Specified by:
      invalidateToken in interface TokenAuthenticationManager

    • invalidateAllTokens

      public void invalidateAllTokens()
      Specified by:
      invalidateAllTokens in interface TokenAuthenticationManager

    • removeExpiredTokens

      public void removeExpiredTokens()
      Specified by:
      removeExpiredTokens in interface TokenAuthenticationManager

    • findUserByToken

      public User findUserByToken(com.atlassian.crowd.model.token.Token token, com.atlassian.crowd.model.application.Application application) throws com.atlassian.crowd.exception.InvalidTokenException, com.atlassian.crowd.exception.OperationFailedException
      Specified by:
      findUserByToken in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidTokenException
      com.atlassian.crowd.exception.OperationFailedException

    • findUserTokenByKey

      public com.atlassian.crowd.model.token.Token findUserTokenByKey(String tokenKey, com.atlassian.crowd.model.application.Application application) throws com.atlassian.crowd.exception.InvalidTokenException, ApplicationAccessDeniedException, com.atlassian.crowd.exception.OperationFailedException
      Specified by:
      findUserTokenByKey in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidTokenException
      ApplicationAccessDeniedException
      com.atlassian.crowd.exception.OperationFailedException

    • findAuthorisedApplications

      public List<com.atlassian.crowd.model.application.Application> findAuthorisedApplications(User user, String applicationName) throws com.atlassian.crowd.exception.OperationFailedException, com.atlassian.crowd.exception.DirectoryNotFoundException
      Specified by:
      findAuthorisedApplications in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.OperationFailedException
      com.atlassian.crowd.exception.DirectoryNotFoundException

    • authenticateApplication

      public com.atlassian.crowd.model.token.Token authenticateApplication(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.ApplicationAuthenticationContext authenticationContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime) throws com.atlassian.crowd.exception.InvalidAuthenticationException
      Specified by:
      authenticateApplication in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidAuthenticationException

    • authenticateApplicationWithoutValidatingPassword

      public com.atlassian.crowd.model.token.Token authenticateApplicationWithoutValidatingPassword(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.ApplicationAuthenticationContext authenticationContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime) throws com.atlassian.crowd.exception.InvalidAuthenticationException
      Specified by:
      authenticateApplicationWithoutValidatingPassword in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidAuthenticationException

    • authenticateUser

      public com.atlassian.crowd.model.token.Token authenticateUser(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.UserAuthenticationContext authenticationContext, boolean validatePassword, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime) throws com.atlassian.crowd.exception.InvalidAuthenticationException, com.atlassian.crowd.exception.OperationFailedException, com.atlassian.crowd.exception.InactiveAccountException, ApplicationAccessDeniedException, com.atlassian.crowd.exception.ExpiredCredentialException
      Throws:
      com.atlassian.crowd.exception.InvalidAuthenticationException
      com.atlassian.crowd.exception.OperationFailedException
      com.atlassian.crowd.exception.InactiveAccountException
      ApplicationAccessDeniedException
      com.atlassian.crowd.exception.ExpiredCredentialException

    • authenticateUser

      public com.atlassian.crowd.model.token.Token authenticateUser(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.UserAuthenticationContext authenticateContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime) throws com.atlassian.crowd.exception.InvalidAuthenticationException, com.atlassian.crowd.exception.OperationFailedException, com.atlassian.crowd.exception.InactiveAccountException, ApplicationAccessDeniedException, com.atlassian.crowd.exception.ExpiredCredentialException
      Specified by:
      authenticateUser in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidAuthenticationException
      com.atlassian.crowd.exception.OperationFailedException
      com.atlassian.crowd.exception.InactiveAccountException
      ApplicationAccessDeniedException
      com.atlassian.crowd.exception.ExpiredCredentialException

    • authenticateUserWithoutValidatingPassword

      public com.atlassian.crowd.model.token.Token authenticateUserWithoutValidatingPassword(com.atlassian.crowd.model.application.Application application, com.atlassian.crowd.model.authentication.UserAuthenticationContext authenticateContext) throws com.atlassian.crowd.exception.InvalidAuthenticationException, com.atlassian.crowd.exception.OperationFailedException, com.atlassian.crowd.exception.InactiveAccountException, ApplicationAccessDeniedException
      Specified by:
      authenticateUserWithoutValidatingPassword in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidAuthenticationException
      com.atlassian.crowd.exception.OperationFailedException
      com.atlassian.crowd.exception.InactiveAccountException
      ApplicationAccessDeniedException

    • validateApplicationToken

      public com.atlassian.crowd.model.token.Token validateApplicationToken(String tokenKey, com.atlassian.crowd.model.authentication.ValidationFactor[] clientValidationFactors) throws com.atlassian.crowd.exception.InvalidTokenException
      Specified by:
      validateApplicationToken in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidTokenException

    • validateUserToken

      public com.atlassian.crowd.model.token.Token validateUserToken(com.atlassian.crowd.model.application.Application application, String userTokenKey, com.atlassian.crowd.model.authentication.ValidationFactor[] validationFactors) throws com.atlassian.crowd.exception.InvalidTokenException, ApplicationAccessDeniedException, com.atlassian.crowd.exception.OperationFailedException
      Specified by:
      validateUserToken in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.InvalidTokenException
      ApplicationAccessDeniedException
      com.atlassian.crowd.exception.OperationFailedException

    • activeValidationFactors

      protected List<com.atlassian.crowd.model.authentication.ValidationFactor> activeValidationFactors(com.atlassian.crowd.model.authentication.ValidationFactor[] factors)

    • generateUserToken

      protected org.apache.commons.lang3.tuple.Pair<com.atlassian.crowd.model.token.Token,Boolean> generateUserToken(long directoryID, com.atlassian.crowd.model.authentication.AuthenticationContext authenticationContext, com.atlassian.crowd.model.token.TokenLifetime tokenLifetime) throws com.atlassian.crowd.exception.InvalidTokenException, com.atlassian.crowd.exception.OperationFailedException
      This method will return a Token based on the passed in parameters. If a token already exists in the datastore, this token will be returned with an updated lastAccessed time. If a token is not found based on the passed in parameters a new Token will be generated and stored in the datastore.
      Parameters:
      directoryID - the directoryID you wish to generate a Token for
      authenticationContext - holder for the required attributes to authenticate against the Crowd server
      tokenLifetime - requested lifetime of the token
      Returns:
      a pair of Token and boolean indicating whether lastAccessedTime was updated
      Throws:
      com.atlassian.crowd.exception.InvalidTokenException - if there was an issue generating the key for a token.
      com.atlassian.crowd.exception.OperationFailedException - if adding the new token failed

    • genericValidateToken

      protected org.apache.commons.lang3.tuple.Pair<com.atlassian.crowd.model.token.Token,Boolean> genericValidateToken(String token, com.atlassian.crowd.model.authentication.ValidationFactor[] validationFactors) throws com.atlassian.crowd.exception.InvalidTokenException
      Will validate a token key with the given ValidationFactor's against one (if it exists) in the datastore.
      Parameters:
      token - the key of a Token
      validationFactors - the ValidationFactor's that are being used for authentication
      Returns:
      the existing token if there is a match and boolean indicating whether lastAccessed time was updated
      Throws:
      com.atlassian.crowd.exception.InvalidTokenException - thrown if the token keys are not equal, or the token has expired, or the token does not exist

    • maybeUpdateLastAccessedTime

      protected org.apache.commons.lang3.tuple.Pair<com.atlassian.crowd.model.token.Token,Boolean> maybeUpdateLastAccessedTime(com.atlassian.crowd.model.token.Token token) throws com.atlassian.crowd.exception.ObjectNotFoundException
      Throws:
      com.atlassian.crowd.exception.ObjectNotFoundException

    • isExpired

      protected boolean isExpired(com.atlassian.crowd.model.token.Token token)

    • isAllowedToAuthenticate

      protected boolean isAllowedToAuthenticate(String username, long directoryId, com.atlassian.crowd.model.application.Application application) throws com.atlassian.crowd.exception.OperationFailedException, com.atlassian.crowd.exception.DirectoryNotFoundException
      Determines if a user is permitted to attempt authentication with a given application.

      For a a user to have access to an application:

      1. the Application must be active.

      And either:

      • the User is stored in a directory which is associated to the Application and the "allow all to authenticate" flag is true.
      • the User is a member of a Group that is allowed to authenticate with the Application and both the User and Group are from the same RemoteDirectory.

      Note that this call is not cached and does not affect the cache.

      Parameters:
      application - application the user wants to authenticate with.
      username - the username of the user that wants to authenticate with the application.
      directoryId - the directoryId of the user that wants to authenticate with the application.
      Returns:
      true iff the user is permitted to attempt authentication with the application.
      Throws:
      com.atlassian.crowd.exception.OperationFailedException - if the directory implementation could not be loaded when performing a membership check.
      com.atlassian.crowd.exception.DirectoryNotFoundException

    • invalidateTokensForUser

      public void invalidateTokensForUser(String username, @Nullable String exclusionToken, String applicationName) throws com.atlassian.crowd.exception.UserNotFoundException, com.atlassian.crowd.exception.ApplicationNotFoundException
      Specified by:
      invalidateTokensForUser in interface TokenAuthenticationManager
      Throws:
      com.atlassian.crowd.exception.UserNotFoundException
      com.atlassian.crowd.exception.ApplicationNotFoundException

    • getTokenExpiryTime

      public Date getTokenExpiryTime(com.atlassian.crowd.model.token.Token token)
      Specified by:
      getTokenExpiryTime in interface TokenAuthenticationManager