Class DefaultLoginManager
java.lang.Object
com.atlassian.confluence.impl.security.login.DefaultLoginManager
- All Implemented Interfaces:
LoginManager
Default LoginManager that keeps track of login activity.
For known users the number of failed login attempts is stored in a user bound PropertySet.
For unknown users the DefaultLoginManager tracks the number of login attempts in a cache. It is important to track the number of login attempts for unknown users otherwise the observable behaviour of the application might be different for known and unknown users (See JRA-21016).
Every successful login clears the number of failed login attempts for a known user.
- Since:
- 8.0
-
Constructor Summary
ConstructorsConstructorDescriptionDefaultLoginManager(GlobalSettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.cache.CacheFactory cacheFactory, com.atlassian.core.util.Clock clock, UserLoginInfoDao loginInfoDao, PersonalInformationManager personalInformationManager) -
Method Summary
Modifier and TypeMethodDescriptionauthenticate(String userName, String password) Try to authenticate a user given theuserNameandpassword.@Nullable LoginInfogetLoginInfo(com.atlassian.user.User user) Return information about a user's login history.@Nullable LoginInfogetLoginInfo(String userName) Return information about a user's login history.booleanCheck if elevated security checks are available/enabled.voidonFailedLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest) This method uses a new transaction propagation because the failed login attempt should be persisted regardless of whether the transaction that it is a part of is committed or rolled back.voidonSuccessfulLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest) This is called after a successful login attempt has been made.booleanrequiresElevatedSecurityCheck(String userName) This is called to see whether the user requires an extended security check (such as CAPTCHA)voidresetFailedLoginCount(com.atlassian.user.User user) This can be called to reset the failed login count of a user
-
Constructor Details
-
DefaultLoginManager
public DefaultLoginManager(GlobalSettingsManager settingsManager, UserAccessor userAccessor, com.atlassian.cache.CacheFactory cacheFactory, com.atlassian.core.util.Clock clock, UserLoginInfoDao loginInfoDao, PersonalInformationManager personalInformationManager)
-
-
Method Details
-
onFailedLoginAttempt
@Transactional(propagation=REQUIRES_NEW) public void onFailedLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest) This method uses a new transaction propagation because the failed login attempt should be persisted regardless of whether the transaction that it is a part of is committed or rolled back.- Specified by:
onFailedLoginAttemptin interfaceLoginManager- Parameters:
userName- the name of the user in play. This MUST not be null.servletRequest- the request pertaining to a login attempt.
-
onSuccessfulLoginAttempt
public void onSuccessfulLoginAttempt(String userName, javax.servlet.http.HttpServletRequest servletRequest) Description copied from interface:LoginManagerThis is called after a successful login attempt has been made. It allows the LoginManager to update information about a users login history.- Specified by:
onSuccessfulLoginAttemptin interfaceLoginManager- Parameters:
userName- the name of the user in play. This MUST not be null.servletRequest- the request pertaining to a login attempt.
-
isElevatedSecurityCheckEnabled
@Transactional(readOnly=true) public boolean isElevatedSecurityCheckEnabled()Description copied from interface:LoginManagerCheck if elevated security checks are available/enabled.- Specified by:
isElevatedSecurityCheckEnabledin interfaceLoginManager- Returns:
- true if elevated security checks are enabled, false otherwise
-
authenticate
Description copied from interface:LoginManagerTry to authenticate a user given theuserNameandpassword.Returns a
LoginResultthat contains information about this particular authentication attempt.Calling this method has side effects as the login manager tracks the number of failed and successful login attempts.
- Specified by:
authenticatein interfaceLoginManager- Returns:
- The result of the authentication attempt, this will never be null.
-
requiresElevatedSecurityCheck
Description copied from interface:LoginManagerThis is called to see whether the user requires an extended security check (such as CAPTCHA)- Specified by:
requiresElevatedSecurityCheckin interfaceLoginManager- Parameters:
userName- the name of the user in play. This MUST not be null.- Returns:
- true if the user with the user name
userNamerequires an extended security check
-
resetFailedLoginCount
public void resetFailedLoginCount(com.atlassian.user.User user) Description copied from interface:LoginManagerThis can be called to reset the failed login count of a user- Specified by:
resetFailedLoginCountin interfaceLoginManager- Parameters:
user- the user for which to reset the failed login count. This MUST not be null.
-
getLoginInfo
Description copied from interface:LoginManagerReturn information about a user's login history.- Specified by:
getLoginInfoin interfaceLoginManager- Returns:
- LoginInfo
-
getLoginInfo
Description copied from interface:LoginManagerReturn information about a user's login history.- Specified by:
getLoginInfoin interfaceLoginManager- Returns:
- LoginInfo
-