Versions Compared

Old Version 2

changes.mady.by.user Jan Willem Janssen

Saved on

compared with

New Version Current

changes.mady.by.user Jan Willem Janssen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Authentication

To test whether an initiator of an action is known to the UserAdmin service, it should be authenticated. To authenticate a user, you typically do something like:

Code Block
java
java
private UserAdmin m_userAdmin;
// ...
User user = m_userAdmin.getUser("username", getUserName());
if (user == null || !user.hasCredential("password", getPassword())) {
  throw new InvalidUsernameOrPasswordException();
}

Authorization

Only authorized users should be able to initiate privileged actions. Whether a user is authorized to do so depends on its membership in groups. The UserAdmin service aids in this by providing an Authorization facade that helps you to determine whether or not users are authorized to initiate certain actions.

Note that the UserAdmin only provides answer to the question whether a user is allowed to initiate a certain action, it does not actually shield it from doing this, like, for example, the SecurityManager in Java. This means that the common pattern used to authorize users with UserAdmin looks something like:

Code Block
java
java
private UserAdmin m_userAdmin;
// ...
User user = m_userAdmin.getUser("username", getUserName());
// assume user is already authenticated...
Authorization auth = m_userAdmin.getAuthorization(user);
if (!auth.hasRole("admin")) {
  throw new InsufficientRightsException();
}