@Override public UserDetails call() throws Exception { try { Jenkins jenkins = Jenkins.getInstance(); UserDetails userDetails = jenkins.getSecurityRealm().loadUserByUsername(idOrFullName); if (userDetails == null) { existenceCache.put(this.idOrFullName, Boolean.FALSE); throw new NullPointerException("hudson.security.SecurityRealm should never return null. " + jenkins.getSecurityRealm() + " returned null for idOrFullName='" + idOrFullName + "'"); } existenceCache.put(this.idOrFullName, Boolean.TRUE); return userDetails; } catch (UsernameNotFoundException e) { existenceCache.put(this.idOrFullName, Boolean.FALSE); throw e; } catch (DataAccessException e) { existenceCache.invalidate(this.idOrFullName); throw e; } } }
/** * Reset the proxies and filter for a change in {@link SecurityRealm}. */ public void reset(SecurityRealm securityRealm) throws ServletException { if (securityRealm != null) { SecurityRealm.SecurityComponents sc = securityRealm.getSecurityComponents(); AUTHENTICATION_MANAGER.setDelegate(sc.manager); USER_DETAILS_SERVICE_PROXY.setDelegate(sc.userDetails); REMEMBER_ME_SERVICES_PROXY.setDelegate(sc.rememberMe); // make sure this.filter is always a valid filter. Filter oldf = this.filter; Filter newf = securityRealm.createFilter(this.filterConfig); newf.init(this.filterConfig); this.filter = newf; if(oldf!=null) oldf.destroy(); } else { // no security related filter needed. AUTHENTICATION_MANAGER.setDelegate(null); USER_DETAILS_SERVICE_PROXY.setDelegate(null); REMEMBER_ME_SERVICES_PROXY.setDelegate(null); filter = null; } }
public void generateResponse(StaplerRequest req, StaplerResponse rsp, Object node) throws IOException, ServletException { SecurityRealm sr = Jenkins.getInstance().getSecurityRealm(); if (sr.allowsSignup()) { try { sr.commenceSignup(identity).generateResponse(req,rsp,node); return; } catch (UnsupportedOperationException e) { // fall through } } // this security realm doesn't support user registration. // just report an error req.getView(this,"error").forward(req,rsp); } }
private static int getUserType(String sid) { SecurityRealm sr = HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecurityRealm(); // system reserved group if (sid.equals("authenticated")) { return SID_GROUP; } try { sr.loadUserByUsername(sid); return SID_USER; } catch (UserMayOrMayNotExistException e) { return SID_UNKNOWN; } catch (UsernameNotFoundException e) { // fall through next } catch (DataAccessException e) { // fall through next } try { sr.loadGroupByGroupname(sid); return SID_GROUP; } catch (UserMayOrMayNotExistException e) { // undecidable, meaning the group may exist return SID_UNKNOWN; } catch (UsernameNotFoundException e) { // fall through next } catch (DataAccessException e) { // fall through next } return SID_INVALID; }
/** * Shortcut for {@link UserDetailsService#loadUserByUsername(String)}. * * @throws UserMayOrMayNotExistException * If the security realm cannot even tell if the user exists or not. * @return * never null. */ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { return getSecurityComponents().userDetails.loadUserByUsername(username); }
try { CliAuthenticator authenticator = Jenkins.get().getSecurityRealm().createCliAuthenticator(this); new ClassParser().parse(authenticator, parser);
/** * Logs out the user. */ public void doLogout( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { String user = getAuthentication().getName(); securityRealm.doLogout(req, rsp); SecurityListener.fireLoggedOut(user); }
/** * Handles the logout processing. * * <p> * The default implementation erases the session and do a few other clean up, then * redirect the user to the URL specified by {@link #getPostLogOutUrl(StaplerRequest, Authentication)}. * * @since 1.314 */ public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { HttpSession session = req.getSession(false); if(session!=null) session.invalidate(); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); SecurityContextHolder.clearContext(); // reset remember-me cookie Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,""); cookie.setMaxAge(0); cookie.setSecure(req.isSecure()); cookie.setHttpOnly(true); cookie.setPath(req.getContextPath().length()>0 ? req.getContextPath() : "/"); rsp.addCookie(cookie); rsp.sendRedirect2(getPostLogOutUrl(req,auth)); }
/** * Sign up for the user account. */ public void doSignup( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { if (getSecurityRealm().allowsSignup()) { req.getView(getSecurityRealm(), "signup.jelly").forward(req, rsp); return; } req.getView(SecurityRealm.class, "signup.jelly").forward(req, rsp); }
/** * Use this function to get the security components, without necessarily * recreating them. */ public synchronized SecurityComponents getSecurityComponents() { if (this.securityComponents == null) { this.securityComponents = this.createSecurityComponents(); } return this.securityComponents; }
/** * If this {@link SecurityRealm} supports a look up of {@link GroupDetails} by their names, override this method * to provide the look up. * <p> * This information, when available, can be used by {@link AuthorizationStrategy}s to improve the UI and * error diagnostics for the user. * * @param groupname the name of the group to fetch * @param fetchMembers if {@code true} then try and fetch the members of the group if it exists. Trying does not * imply that the members will be fetched and {@link hudson.security.GroupDetails#getMembers()} * may still return {@code null} * @throws UserMayOrMayNotExistException if no conclusive result could be determined regarding the group existence. * @throws UsernameNotFoundException if the group does not exist. * @throws DataAccessException if the backing security realm could not be connected to. * @since 1.549 */ public GroupDetails loadGroupByGroupname(String groupname, boolean fetchMembers) throws UsernameNotFoundException, DataAccessException { return loadGroupByGroupname(groupname); }
public HttpResponse superCommenceSignup(FederatedIdentity identity) { return super.commenceSignup(identity); }
public Filter superCreateFilter(FilterConfig filterConfig) { return super.createFilter(filterConfig); }
sr.loadUserByUsername(v); return FormValidation.respond(Kind.OK, makeImg("person.gif")+ev); } catch (UserMayOrMayNotExistException e) { sr.loadGroupByGroupname(v); return FormValidation.respond(Kind.OK, makeImg("user.gif") +ev); } catch (UserMayOrMayNotExistException e) {
/** * Creates {@link Filter} that all the incoming HTTP requests will go through * for authentication. * * <p> * The default implementation uses {@link #getSecurityComponents()} and builds * a standard filter chain from /WEB-INF/security/SecurityFilters.groovy. * But subclasses can override this to completely change the filter sequence. * * <p> * For other plugins that want to contribute {@link Filter}, see * {@link PluginServletFilter}. * * @since 1.271 */ public Filter createFilter(FilterConfig filterConfig) { LOGGER.entering(SecurityRealm.class.getName(), "createFilter"); Binding binding = new Binding(); SecurityComponents sc = getSecurityComponents(); binding.setVariable("securityComponents", sc); binding.setVariable("securityRealm",this); BeanBuilder builder = new BeanBuilder(); builder.parse(filterConfig.getServletContext().getResourceAsStream("/WEB-INF/security/SecurityFilters.groovy"),binding); WebApplicationContext context = builder.createApplicationContext(); return (Filter) context.getBean("filter"); }
old = sc.getAuthentication(); CliAuthenticator authenticator = Jenkins.getActiveInstance().getSecurityRealm().createCliAuthenticator(this); sc.setAuthentication(getTransportAuthentication()); new ClassParser().parse(authenticator,p);
/** * Logs out the user. */ public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { securityRealm.doLogout(req, rsp); }
public String superGetPostLogOutUrl(StaplerRequest req, Authentication auth) { return super.getPostLogOutUrl(req, auth); }
public boolean superAllowsSignup() { return super.allowsSignup(); }
/** * Use this function to get the security components, without necessarily * recreating them. */ public synchronized SecurityComponents getSecurityComponents() { if (this.securityComponents == null) { this.securityComponents = this.createSecurityComponents(); } return this.securityComponents; }