Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-14843] Allow extensions to determine whether it is appropria…
…te for specific security realms
  • Loading branch information
stephenc committed Sep 25, 2014
1 parent 923326e commit e0c69e3
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 3 deletions.
23 changes: 20 additions & 3 deletions src/main/java/hudson/plugins/openid/OpenIdExtension.java
Expand Up @@ -26,6 +26,8 @@
import hudson.ExtensionList;
import hudson.ExtensionPoint;
import hudson.model.Hudson;
import hudson.security.SecurityRealm;
import jenkins.model.Jenkins;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
Expand All @@ -40,6 +42,17 @@
* @author Paul Sandoz
*/
public abstract class OpenIdExtension implements ExtensionPoint {

/**
* Allow Extensions to determine that they are applicable when used with specific security realms.
* @param realm the realm.
* @return {@code true} if this extension is appropriate.
* @since 2.2
*/
public boolean isApplicable(SecurityRealm realm) {
return !(realm instanceof OpenIdSsoSecurityRealm) || ((OpenIdSsoSecurityRealm) realm).isApplicable(this);
}

/**
* Extend the authentication request.
* <p>
Expand Down Expand Up @@ -98,8 +111,10 @@ public static ExtensionList<OpenIdExtension> all() {
public static void extendRequest(AuthRequest authRequest) throws MessageException {
FetchRequest request = FetchRequest.createFetchRequest();
for (OpenIdExtension e : all()) {
e.extend(authRequest);
e.extendFetch(request);
if (e.isApplicable(Jenkins.getInstance().getSecurityRealm())) {
e.extend(authRequest);
e.extendFetch(request);
}
}
authRequest.addExtension(request);
}
Expand All @@ -115,7 +130,9 @@ public static void extendRequest(AuthRequest authRequest) throws MessageExceptio
*/
public static void processResponse(AuthSuccess authSuccess, Identity id) throws MessageException {
for (OpenIdExtension e : all()) {
e.process(authSuccess, id);
if (e.isApplicable(Jenkins.getInstance().getSecurityRealm())) {
e.process(authSuccess, id);
}
}
}
}
10 changes: 10 additions & 0 deletions src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
Expand Up @@ -210,6 +210,16 @@ public HttpResponse doFinishLogin(StaplerRequest request) throws IOException, Op
return session.doFinishLogin(request);
}

/**
* Allow OpenId SSO Security Realms to determine the extensions that are applicable.
* @param openIdExtension the extension.
* @return {@code true} if this extension is appropriate.
* @since 2.2
*/
public boolean isApplicable(OpenIdExtension openIdExtension) {
return true;
}

@Extension
public static class DescriptorImpl extends Descriptor<SecurityRealm> {
public String getDisplayName() {
Expand Down

0 comments on commit e0c69e3

Please sign in to comment.