AbstractPasswordBasedSecurityRealm (Jenkins main module 1.512 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

hudson.security
Class AbstractPasswordBasedSecurityRealm

java.lang.Object
  hudson.model.AbstractDescribableImpl<SecurityRealm>
      hudson.security.SecurityRealm
          hudson.security.AbstractPasswordBasedSecurityRealm

All Implemented Interfaces:: ExtensionPoint, Describable<SecurityRealm>, org.acegisecurity.userdetails.UserDetailsService

Direct Known Subclasses:: HudsonPrivateSecurityRealm, JenkinsRule.DummySecurityRealm

public abstract class AbstractPasswordBasedSecurityRealm
extends SecurityRealm
implements org.acegisecurity.userdetails.UserDetailsService
extends SecurityRealm
implements org.acegisecurity.userdetails.UserDetailsService

Partial implementation of SecurityRealm for username/password based authentication. This is a convenience base class if all you are trying to do is to check the given username and password with the information stored in somewhere else, and you don't want to do anything with Acegi.

This SecurityRealm uses the standard login form (and a few other optional mechanisms like BASIC auth) to gather the username/password information. Subtypes are responsible for authenticating this information.

Since:: 1.317
Author:: Kohsuke Kawaguchi

Nested Class Summary

Nested classes/interfaces inherited from class hudson.security.SecurityRealm
`SecurityRealm.SecurityComponents`

Nested classes/interfaces inherited from interface hudson.ExtensionPoint
`ExtensionPoint.LegacyInstancesAreScopedToHudson`

Field Summary

Fields inherited from class hudson.security.SecurityRealm
`AUTHENTICATED_AUTHORITY, LIST, NO_AUTHENTICATION`

Constructor Summary
`AbstractPasswordBasedSecurityRealm()`

Method Summary
`protected abstract org.acegisecurity.userdetails.UserDetails`	`authenticate(String username, String password)` Authenticate a login attempt.
`CliAuthenticator`	`createCliAuthenticator(CLICommand command)` Creates a `CliAuthenticator` object that authenticates an invocation of a CLI command.
`SecurityRealm.SecurityComponents`	`createSecurityComponents()` Creates fully-configured `AuthenticationManager` that performs authentication against the user realm.
`abstract GroupDetails`	`loadGroupByGroupname(String groupname)` Retrieves information about a group by its name.
`abstract org.acegisecurity.userdetails.UserDetails`	`loadUserByUsername(String username)` Retrieves information about an user by its name.

Methods inherited from class hudson.security.SecurityRealm
`all, allowsSignup, canLogOut, commenceSignup, createFilter, doCaptcha, doLogout, findBean, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getLoginUrl, getPostLogOutUrl, getSecurityComponents, setCaptchaSupport, validateCaptcha`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AbstractPasswordBasedSecurityRealm

public AbstractPasswordBasedSecurityRealm()

Method Detail

createSecurityComponents

public SecurityRealm.SecurityComponents createSecurityComponents()

Description copied from class: SecurityRealm

Creates fully-configured AuthenticationManager that performs authentication against the user realm. The implementation hides how such authentication manager is configured.

AuthenticationManager instantiation often depends on the user-specified parameters (for example, if the authentication is based on LDAP, the user needs to specify the host name of the LDAP server.) Such configuration is expected to be presented to the user via config.jelly and then captured as instance variables inside the SecurityRealm implementation.

Your SecurityRealm may also wants to alter Filter set up by overriding SecurityRealm.createFilter(FilterConfig).

Specified by:: createSecurityComponents in class SecurityRealm

createCliAuthenticator

public CliAuthenticator createCliAuthenticator(CLICommand command)

Description copied from class: SecurityRealm

Creates a CliAuthenticator object that authenticates an invocation of a CLI command. See CliAuthenticator for more details.

Overrides:: createCliAuthenticator in class SecurityRealm

Parameters:: command - The command about to be executed.
Returns:: never null. By default, this method returns a no-op authenticator that always authenticates the session as authenticated by the transport (which is often just Jenkins.ANONYMOUS.)

authenticate

protected abstract org.acegisecurity.userdetails.UserDetails authenticate(String username,
                                                                          String password)
                                                                   throws org.acegisecurity.AuthenticationException

Authenticate a login attempt. This method is the heart of a AbstractPasswordBasedSecurityRealm.

If the user name and the password pair matches, retrieve the information about this user and return it as a UserDetails object. User is a convenient implementation to use, but if your backend offers additional data, you may want to use your own subtype so that the rest of Hudson can use those additional information (such as e-mail address --- see MailAddressResolver.)

Properties like UserDetails.getPassword() make no sense, so just return an empty value from it. The only information that you need to pay real attention is UserDetails.getAuthorities(), which is a list of roles/groups that the user is in. At minimum, this must contain SecurityRealm.AUTHENTICATED_AUTHORITY (which indicates that this user is authenticated and not anonymous), but if your backend supports a notion of groups, you should make sure that the authorities contain one entry per one group. This enables users to control authorization based on groups.

If the user name and the password pair doesn't match, throw AuthenticationException to reject the login attempt.

Throws:: org.acegisecurity.AuthenticationException

loadUserByUsername

public abstract org.acegisecurity.userdetails.UserDetails loadUserByUsername(String username)
                                                                      throws org.acegisecurity.userdetails.UsernameNotFoundException,
                                                                             org.springframework.dao.DataAccessException

Retrieves information about an user by its name.

This method is used, for example, to validate if the given token is a valid user name when the user is configuring an ACL. This is an optional method that improves the user experience. If your backend doesn't support a query like this, just always throw UsernameNotFoundException.

Specified by:: loadUserByUsername in interface org.acegisecurity.userdetails.UserDetailsService
Overrides:: loadUserByUsername in class SecurityRealm

Returns:: never null.
Throws:: org.acegisecurity.userdetails.UsernameNotFoundException; org.springframework.dao.DataAccessException

loadGroupByGroupname

public abstract GroupDetails loadGroupByGroupname(String groupname)
                                           throws org.acegisecurity.userdetails.UsernameNotFoundException,
                                                  org.springframework.dao.DataAccessException

Retrieves information about a group by its name. This method is the group version of the loadUserByUsername(String).

Overrides:: loadGroupByGroupname in class SecurityRealm

Throws:: org.acegisecurity.userdetails.UsernameNotFoundException; org.springframework.dao.DataAccessException