forked from fcrespel/jenkins-cas-plugin
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for CAS 3.0 protocol (JENKINS-37512)
- Loading branch information
Showing
10 changed files
with
141 additions
and
0 deletions.
There are no files selected for viewing
64 changes: 64 additions & 0 deletions
64
src/main/java/org/jenkinsci/plugins/cas/protocols/Cas30Protocol.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package org.jenkinsci.plugins.cas.protocols; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
import org.apache.commons.lang.StringUtils; | ||
import org.jasig.cas.client.validation.Cas30ProxyTicketValidator; | ||
import org.jasig.cas.client.validation.Cas30ServiceTicketValidator; | ||
import org.jasig.cas.client.validation.ProxyList; | ||
import org.jasig.cas.client.validation.TicketValidator; | ||
import org.jenkinsci.plugins.cas.CasProtocol; | ||
import org.kohsuke.stapler.DataBoundConstructor; | ||
|
||
import hudson.Extension; | ||
import hudson.Util; | ||
import hudson.model.Descriptor; | ||
|
||
/** | ||
* CAS 3.0 protocol support. | ||
* | ||
* @author Fabien Crespel <fabien@crespel.net> | ||
*/ | ||
public class Cas30Protocol extends CasProtocol { | ||
|
||
public final Boolean proxyEnabled; | ||
public final Boolean proxyAllowAny; | ||
public final String proxyAllowList; | ||
|
||
@DataBoundConstructor | ||
public Cas30Protocol(String authoritiesAttribute, String fullNameAttribute, String emailAttribute, Boolean proxyEnabled, Boolean proxyAllowAny, String proxyAllowList) { | ||
this.authoritiesAttribute = Util.fixEmptyAndTrim(authoritiesAttribute); | ||
this.fullNameAttribute = Util.fixEmptyAndTrim(fullNameAttribute); | ||
this.emailAttribute = Util.fixEmptyAndTrim(emailAttribute); | ||
this.proxyEnabled = proxyEnabled; | ||
this.proxyAllowAny = proxyAllowAny; | ||
this.proxyAllowList = proxyAllowList; | ||
} | ||
|
||
@Override | ||
public TicketValidator createTicketValidator(String casServerUrl) { | ||
if (this.proxyEnabled != null && this.proxyEnabled) { | ||
Cas30ProxyTicketValidator ptv = new Cas30ProxyTicketValidator(casServerUrl); | ||
ptv.setAcceptAnyProxy(this.proxyAllowAny); | ||
String[] proxyChain = StringUtils.split(this.proxyAllowList, '\n'); | ||
if (proxyChain != null && proxyChain.length > 0) { | ||
List<String[]> proxyList = new ArrayList<String[]>(1); | ||
proxyList.add(proxyChain); | ||
ptv.setAllowedProxyChains(new ProxyList(proxyList)); | ||
} | ||
return ptv; | ||
} else { | ||
return new Cas30ServiceTicketValidator(casServerUrl); | ||
} | ||
} | ||
|
||
@Extension | ||
public static final class DescriptorImpl extends Descriptor<CasProtocol> { | ||
@Override | ||
public String getDisplayName() { | ||
return "CAS 3.0"; | ||
} | ||
} | ||
|
||
} |
32 changes: 32 additions & 0 deletions
32
src/main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/config.jelly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<?jelly escape-by-default='true'?> | ||
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"> | ||
<f:block> | ||
<table> | ||
<f:description>${%description("https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html", "https://apereo.github.io/cas/4.2.x/integration/Attribute-Release.html")}</f:description> | ||
</table> | ||
</f:block> | ||
<f:advanced> | ||
<f:entry title="${%authoritiesAttribute}" field="authoritiesAttribute"> | ||
<f:textbox default="groups,roles" /> | ||
</f:entry> | ||
<f:entry title="${%fullNameAttribute}" field="fullNameAttribute"> | ||
<f:textbox default="cn" /> | ||
</f:entry> | ||
<f:entry title="${%emailAttribute}" field="emailAttribute"> | ||
<f:textbox default="mail" /> | ||
</f:entry> | ||
<f:entry title="${%proxySettings}"> | ||
<table> | ||
<f:optionalBlock title="${%proxyEnabled}" field="proxyEnabled" inline="true"> | ||
<f:radioBlock title="${%proxyAllowAny}" name="proxyAllowAny" value="true" checked="${instance.proxyAllowAny}" inline="true" /> | ||
<f:radioBlock title="${%proxyAllowList}" name="proxyAllowAny" value="false" checked="${!instance.proxyAllowAny}" inline="true"> | ||
<f:description>${%proxyAllowListDescription}</f:description> | ||
<f:entry field="proxyAllowList"> | ||
<f:textarea /> | ||
</f:entry> | ||
</f:radioBlock> | ||
</f:optionalBlock> | ||
</table> | ||
</f:entry> | ||
</f:advanced> | ||
</j:jelly> |
9 changes: 9 additions & 0 deletions
9
src/main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/config.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
description=<a href="{0}">CAS 3.0</a> is a XML-based protocol. It fully supports <a href="{1}">attributes</a> out-of-the-box, without requiring custom extensions. | ||
authoritiesAttribute=Roles Attribute(s) | ||
fullNameAttribute=Full Name Attribute | ||
emailAttribute=Email Attribute | ||
proxySettings=Proxy Settings | ||
proxyEnabled=Accept Proxy Tickets | ||
proxyAllowAny=Allow any proxy | ||
proxyAllowList=Allow a specific proxy chain | ||
proxyAllowListDescription=Enter one proxy URL per line, in the required traversal order |
9 changes: 9 additions & 0 deletions
9
src/main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/config_fr.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
description=<a href="{0}">CAS 3.0</a> est un protocole basé sur XML. Il supporte directement les <a href="{1}">attributs</a> sans nécessiter d''extension spécifique. | ||
authoritiesAttribute=Attribut(s) des rôles | ||
fullNameAttribute=Attribut du nom complet | ||
emailAttribute=Attribut de l''adresse e-mail | ||
proxySettings=Paramètres de Proxy | ||
proxyEnabled=Accepter les Proxy Tickets | ||
proxyAllowAny=Autoriser n''importe quel proxy | ||
proxyAllowList=Autoriser une chaine de proxies spécifique | ||
proxyAllowListDescription=Entrez une URL de proxy par ligne, dans l''ordre de traversée requis |
4 changes: 4 additions & 0 deletions
4
...esources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/help-authoritiesAttribute.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
<div> | ||
Attribute(s) holding the authorities (groups, roles, etc.) the user belongs to. | ||
Multiple values should be separated with commas (e.g. 'groups,roles'). | ||
</div> |
3 changes: 3 additions & 0 deletions
3
...main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/help-emailAttribute.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<div> | ||
Attribute holding the user's email address. | ||
</div> |
3 changes: 3 additions & 0 deletions
3
...n/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/help-fullNameAttribute.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<div> | ||
Attribute holding the user's full name. | ||
</div> |
3 changes: 3 additions & 0 deletions
3
src/main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/help-proxyAllowAny.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<div> | ||
When checked, the chain of proxy servers that eventually generated the Proxy Ticket will not be validated. | ||
</div> |
7 changes: 7 additions & 0 deletions
7
...main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/help-proxyAllowList.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
<div> | ||
Enter the exact proxy chain (one proxy URL per line) the Proxy Ticket must have gone through to be accepted. | ||
|
||
<p> | ||
Such validation can be necessary to ensure that only certain approved proxies may programmatically authenticate | ||
on Jenkins on behalf of a user. | ||
</div> |
7 changes: 7 additions & 0 deletions
7
src/main/resources/org/jenkinsci/plugins/cas/protocols/Cas30Protocol/help-proxyEnabled.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
<div> | ||
When checked, Proxy Tickets will be validated in addition to standard Service Tickets. | ||
|
||
<p> | ||
Proxy Tickets can be thought of as a secure alternative to <a href="https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients"> | ||
API Tokens</a> when external applications need to access Jenkins and already make use of CAS for their own authentication. | ||
</div> |