Skip to content

Commit

Permalink
[FIXED JENKINS-9681] PAM now supports CLI auth
Browse files Browse the repository at this point in the history 
... by extending from AbstractPasswordBasedSecurityRealm.
  • Loading branch information
@kohsuke
kohsuke committed Jul 10, 2011
1 parent 9b0c8d2 commit 6a75fe6
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 98 deletions.
3 changes: 3 additions & 0 deletions changelog.html
View file
Expand Up @@ -63,6 +63,9 @@
<li class=bug>
PAM authentication wasn't working with Ubuntu 11.04
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-9486">issue 9486</a>)
<li class=rfe>
PAM authentication now works with CLI login mechanism.
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-9681">issue 9681</a>)
<li class=rfe>
Jenkins behaves better in JRebel-enhanced environment during core/plugin development
(<a href="https://wiki.jenkins-ci.org/display/JENKINS/Developing+with+JRebel">details</a>)
Expand Down
69 changes: 21 additions & 48 deletions core/src/main/java/hudson/security/PAMSecurityRealm.java
View file
Expand Up @@ -66,7 +66,7 @@
* @author Kohsuke Kawaguchi
* @since 1.282
*/
public class PAMSecurityRealm extends SecurityRealm {
public class PAMSecurityRealm extends AbstractPasswordBasedSecurityRealm {
public final String serviceName;

@DataBoundConstructor
Expand All @@ -76,56 +76,29 @@ public PAMSecurityRealm(String serviceName) {
this.serviceName = serviceName;
}

public static class PAMAuthenticationProvider implements AuthenticationProvider {
private String serviceName;

public PAMAuthenticationProvider(String serviceName) {
this.serviceName = serviceName;
}

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getPrincipal().toString();
String password = authentication.getCredentials().toString();

try {
UnixUser u = new PAM(serviceName).authenticate(username, password);
GrantedAuthority[] groups = toAuthorities(u);

// I never understood why Acegi insists on keeping the password...
return new UsernamePasswordAuthenticationToken(username, password, groups);
} catch (PAMException e) {
throw new BadCredentialsException(e.getMessage(),e);
}
}

public boolean supports(Class clazz) {
return true;
@Override
protected UserDetails authenticate(String username, String password) throws AuthenticationException {
try {
UnixUser uu = new PAM(serviceName).authenticate(username, password);

// I never understood why Acegi insists on keeping the password...
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new BadCredentialsException(e.getMessage(),e);
}
}

public SecurityComponents createSecurityComponents() {
Binding binding = new Binding();
binding.setVariable("instance", this);

BeanBuilder builder = new BeanBuilder();
builder.parse(Jenkins.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/PAMSecurityRealm.groovy"),binding);
WebApplicationContext context = builder.createApplicationContext();
return new SecurityComponents(
findBean(AuthenticationManager.class, context),
new UserDetailsService() {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
if(!UnixUser.exists(username))
throw new UsernameNotFoundException("No such Unix user: "+username);
try {
UnixUser uu = new UnixUser(username);
// return some dummy instance
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
}
}
}
);
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
if(!UnixUser.exists(username))
throw new UsernameNotFoundException("No such Unix user: "+username);
try {
UnixUser uu = new UnixUser(username);
// return some dummy instance
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
}
}

private static GrantedAuthority[] toAuthorities(UnixUser u) {
Expand Down
50 changes: 0 additions & 50 deletions war/src/main/webapp/WEB-INF/security/PAMSecurityRealm.groovy
View file

This file was deleted.

0 comments on commit 6a75fe6

Please sign in to comment.