Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-7995] Extending from AbstractPasswordBasedSecurityRealm to b…
…enefit from uniform CLI authentication.
  • Loading branch information
kohsuke committed Nov 4, 2011
1 parent 46165c1 commit 26b7a72
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 7 deletions.
@@ -0,0 +1,14 @@
package hudson.plugins.active_directory;

import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;

/**
* @author Kohsuke Kawaguchi
*/
public abstract class AbstractActiveDirectoryAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserDetailsService, GroupDetailsService {
protected abstract UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException;
}
Expand Up @@ -39,8 +39,7 @@
*
* @author Kohsuke Kawaguchi
*/
public class ActiveDirectoryAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
implements UserDetailsService, GroupDetailsService {
public class ActiveDirectoryAuthenticationProvider extends AbstractActiveDirectoryAuthenticationProvider {
private final String defaultNamingContext;
/**
* ADO connection for searching Active Directory.
Expand Down
Expand Up @@ -9,6 +9,7 @@
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
Expand Down Expand Up @@ -42,6 +43,8 @@
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
Expand All @@ -55,9 +58,11 @@
import com.sun.jndi.ldap.LdapCtxFactory;

/**
* {@link SecurityRealm} that talks to Active Directory.
*
* @author Kohsuke Kawaguchi
*/
public class ActiveDirectorySecurityRealm extends SecurityRealm {
public class ActiveDirectorySecurityRealm extends AbstractPasswordBasedSecurityRealm {
/**
* Active directory domain name to authenticate against.
*
Expand Down Expand Up @@ -141,7 +146,7 @@ public void doAuthTest(StaplerRequest req, StaplerResponse rsp, @QueryParameter
ClassLoader ccl = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
try {
UserDetailsService uds = getSecurityComponents().userDetails;
UserDetailsService uds = getAuthenticationProvider();
if (uds instanceof ActiveDirectoryUnixAuthenticationProvider) {
ActiveDirectoryUnixAuthenticationProvider p = (ActiveDirectoryUnixAuthenticationProvider) uds;
DesciprotrImpl descriptor = getDescriptor();
Expand Down Expand Up @@ -473,8 +478,25 @@ public List<SocketInfo> obtainLDAPServer(DirContext ictx, String domainName, Str

@Override
public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException {
GroupDetailsService groupDetailsService = (GroupDetailsService) getSecurityComponents().userDetails;
return groupDetailsService.loadGroupByGroupname(groupname);
return getAuthenticationProvider().loadGroupByGroupname(groupname);
}

/**
* Interface that actually talks to Active Directory.
*/
public AbstractActiveDirectoryAuthenticationProvider getAuthenticationProvider() {
return (AbstractActiveDirectoryAuthenticationProvider)getSecurityComponents().userDetails;
}

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
// delegate to one of our ActiveDirectory(Unix)?AuthenticationProvider
return getAuthenticationProvider().loadUserByUsername(username);
}

@Override
protected UserDetails authenticate(String username, String password) throws AuthenticationException {
return getAuthenticationProvider().retrieveUser(username,new UsernamePasswordAuthenticationToken(username,password));
}

private static final Logger LOGGER = Logger.getLogger(ActiveDirectorySecurityRealm.class.getName());
Expand Down
Expand Up @@ -38,7 +38,7 @@
* @author Kohsuke Kawaguchi
* @author James Nord
*/
public class ActiveDirectoryUnixAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserDetailsService, GroupDetailsService {
public class ActiveDirectoryUnixAuthenticationProvider extends AbstractActiveDirectoryAuthenticationProvider {

private final String[] domainNames;

Expand Down

0 comments on commit 26b7a72

Please sign in to comment.