Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-9681] PAM now supports CLI auth
... by extending from AbstractPasswordBasedSecurityRealm.

Originally-Committed-As: 6a75fe64e69c9f53757603fc849c16099dfc483a
  • Loading branch information
kohsuke committed Jul 10, 2011
1 parent a09b48d commit e6c2deb
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 98 deletions.
69 changes: 21 additions & 48 deletions core/src/main/java/hudson/security/PAMSecurityRealm.java
Expand Up @@ -66,7 +66,7 @@
* @author Kohsuke Kawaguchi
* @since 1.282
*/
public class PAMSecurityRealm extends SecurityRealm {
public class PAMSecurityRealm extends AbstractPasswordBasedSecurityRealm {
public final String serviceName;

@DataBoundConstructor
Expand All @@ -76,56 +76,29 @@ public PAMSecurityRealm(String serviceName) {
this.serviceName = serviceName;
}

public static class PAMAuthenticationProvider implements AuthenticationProvider {
private String serviceName;

public PAMAuthenticationProvider(String serviceName) {
this.serviceName = serviceName;
}

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getPrincipal().toString();
String password = authentication.getCredentials().toString();

try {
UnixUser u = new PAM(serviceName).authenticate(username, password);
GrantedAuthority[] groups = toAuthorities(u);

// I never understood why Acegi insists on keeping the password...
return new UsernamePasswordAuthenticationToken(username, password, groups);
} catch (PAMException e) {
throw new BadCredentialsException(e.getMessage(),e);
}
}

public boolean supports(Class clazz) {
return true;
@Override
protected UserDetails authenticate(String username, String password) throws AuthenticationException {
try {
UnixUser uu = new PAM(serviceName).authenticate(username, password);

// I never understood why Acegi insists on keeping the password...
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new BadCredentialsException(e.getMessage(),e);
}
}

public SecurityComponents createSecurityComponents() {
Binding binding = new Binding();
binding.setVariable("instance", this);

BeanBuilder builder = new BeanBuilder();
builder.parse(Jenkins.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/PAMSecurityRealm.groovy"),binding);
WebApplicationContext context = builder.createApplicationContext();
return new SecurityComponents(
findBean(AuthenticationManager.class, context),
new UserDetailsService() {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
if(!UnixUser.exists(username))
throw new UsernameNotFoundException("No such Unix user: "+username);
try {
UnixUser uu = new UnixUser(username);
// return some dummy instance
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
}
}
}
);
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
if(!UnixUser.exists(username))
throw new UsernameNotFoundException("No such Unix user: "+username);
try {
UnixUser uu = new UnixUser(username);
// return some dummy instance
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);
}
}

private static GrantedAuthority[] toAuthorities(UnixUser u) {
Expand Down
50 changes: 0 additions & 50 deletions war/src/main/webapp/WEB-INF/security/PAMSecurityRealm.groovy

This file was deleted.

0 comments on commit e6c2deb

Please sign in to comment.