Skip to content

Commit

Permalink
[JENKINS-11643] RememberMe doesn't work with AD in certain mode.
Browse files Browse the repository at this point in the history
  • Loading branch information
@kohsuke
kohsuke committed Nov 8, 2011
1 parent 87c69c3 commit 00d5f52
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 2 deletions.
5 changes: 5 additions & 0 deletions ...n/java/hudson/plugins/active_directory/AbstractActiveDirectoryAuthenticationProvider.java
View file
Expand Up @@ -14,6 +14,11 @@
public abstract class AbstractActiveDirectoryAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserDetailsService, GroupDetailsService {
protected abstract UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException;

/**
* Returns true if we can retrieve user just from the name without supplying any credential.
*/
protected abstract boolean canRetrieveUserByName();

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
return retrieveUser(username,null);
}
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
View file
Expand Up @@ -103,6 +103,11 @@ protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticati
).updateUserInfo();
}

@Override
protected boolean canRetrieveUserByName() {
return true;
}

private String getTelehoneNumber(IADsUser usr) {
try {
Object t = usr.telephoneNumber();
Expand Down
21 changes: 19 additions & 2 deletions src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
View file
Expand Up @@ -12,6 +12,7 @@
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.TokenBasedRememberMeServices2;
import hudson.util.FormValidation;
import hudson.util.Secret;
import hudson.util.spring.BeanBuilder;
Expand Down Expand Up @@ -39,11 +40,13 @@
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
Expand Down Expand Up @@ -125,7 +128,21 @@ public SecurityComponents createSecurityComponents() {
binding.setVariable("realm", this);
builder.parse(getClass().getResourceAsStream("ActiveDirectory.groovy"), binding);
WebApplicationContext context = builder.createApplicationContext();
return new SecurityComponents(findBean(AuthenticationManager.class, context), findBean(UserDetailsService.class, context));

final AbstractActiveDirectoryAuthenticationProvider adp = findBean(AbstractActiveDirectoryAuthenticationProvider.class, context);

return new SecurityComponents(
findBean(AuthenticationManager.class, context),
findBean(UserDetailsService.class, context),
new TokenBasedRememberMeServices2() {
public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
// no supporting auto-login unless we can do retrieveUser. See JENKINS-11643.
if (adp.canRetrieveUserByName())
return super.autoLogin(request,response);
else
return null;
}
});
}

@Override
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
View file
Expand Up @@ -73,6 +73,11 @@ protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticati
return userDetails;
}

@Override
protected boolean canRetrieveUserByName() {
return bindName!=null;
}

private UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication, String domainName) throws AuthenticationException {
// when we use custom socket factory below, every LDAP operations result
// in a classloading via context classloader, so we need it to resolve.
Expand Down

0 comments on commit 00d5f52

Please sign in to comment.