Interface AuthenticationFailureManager


  • @Unstable
    @Role
    public interface AuthenticationFailureManager
    Manager of the authentication failures strategies.
    Since:
    13.1RC1
    Version:
    $Id: bcfbe773a071a8a32fc643557ad6ec69006dca6c $
    • Method Detail

      • recordAuthenticationFailure

        boolean recordAuthenticationFailure​(String username,
                                            javax.servlet.http.HttpServletRequest request)
        Record that the given username fails to authenticate.
        Parameters:
        username - the username that fails the authentication. Should be the username typed by the user and not a computed login.
        request - a wrapping of the request used for the authentication.
        Returns:
        true if the authentication failure limits defined by the configuration has been reached.
      • resetAuthenticationFailureCounter

        void resetAuthenticationFailureCounter​(String username)
        Remove all records of authentication failure for the given user.
        Parameters:
        username - the username that is used for the authentication. Should be the username typed by the user and not a computed login.
      • getForm

        String getForm​(String username,
                       javax.servlet.http.HttpServletRequest request)
        If the user reached the authentication failure limit, aggregate form information returned by the different strategies (see AuthenticationFailureStrategy.getForm(String)). Else return an empty string.
        Parameters:
        username - the username that is used for the authentication. Should be the username typed by the user and not a computed login.
        request - a wrapping of the request used for the authentication.
        Returns:
        the aggregated form information to add to the standard login form, or an empty string.
      • validateForm

        boolean validateForm​(String username,
                             javax.servlet.http.HttpServletRequest request)
        If the user reached the authentication failure limit, validate the form information against the different strategies used and return the result (see AuthenticationFailureStrategy.validateForm(String, HttpServletRequest)). Else returns true.
        Parameters:
        username - the username that is used for the authentication. Should be the username typed by the user and not a computed login.
        request - a wrapping of the request used for the authentication.
        Returns:
        true if all strategies validate the request or if the user didn't reach the limit.
      • getErrorMessage

        String getErrorMessage​(String username)
        If the user reached the authentication failure limit, aggregate the error message of the different strategies (see AuthenticationFailureStrategy.getErrorMessage(String)). Else return an empty string.
        Parameters:
        username - the username that is used for the authentication. Should be the username typed by the user and not a computed login.
        Returns:
        the aggregated error message from the strategies or an empty string.
      • findUser

        DocumentReference findUser​(String username)
        Find a user document reference based on the given username.
        Parameters:
        username - the username from which to query the user document reference.
        Returns:
        a document reference corresponding to the username or null if it doesn't exist.
      • resetAuthenticationFailureCounter

        default void resetAuthenticationFailureCounter​(DocumentReference user)
        Remove all records of authentication failure for the given user.
        Parameters:
        user - the document reference of a user.
        Since:
        11.7RC1