@SuppressWarnings("deprecation") private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); /* TokenBasedRememberMeServices needs to be used in conjunction with RememberMeAuthenticationProvider, and both needs to use the same key (this is a reflection of a poor design in AcgeiSecurity, if you ask me) and various security plugins have its own groovy script that configures them. So if we change this, it creates a painful situation for those plugins by forcing them to choose to work with earlier version of Jenkins or newer version of Jenkins, and not both. So we keep this here. */ rms.setKey(Jenkins.getInstance().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }
private @CheckForNull Authentication retrieveAuthFromCookie(HttpServletRequest request, HttpServletResponse response, String cookieValueBase64){ String cookieValue = decodeCookieBase64(cookieValueBase64); if (cookieValue == null) { String reason = "Cookie token was not Base64 encoded; value was '" + cookieValueBase64 + "'"; cancelCookie(request, response, reason); return null; cancelCookie(request, response, "Cookie token did not contain 3 tokens separated by [:]"); return null; cancelCookie(request, response, "Cookie token[1] did not contain a valid number"); return null; if (isTokenExpired(tokenExpiryTime)) { cancelCookie(request, response, "Cookie token[1] has expired"); return null; UserDetails userDetails = loadUserDetails(request, response, cookieTokens); cancelCookie(request, response, "Cookie token[0] contained a username without user associated"); return null; if (!isValidUserDetails(request, response, userDetails, cookieTokens)) { return null; String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails); ); if (!tokenValid) { cancelCookie(request, response, "Cookie token[2] contained invalid signature");
public SecurityComponents createSecurityComponents() { BeanBuilder builder = new BeanBuilder(getClass().getClassLoader()); Binding binding = new Binding(); binding.setVariable("realm", this); InputStream i = getClass().getResourceAsStream("ActiveDirectory.groovy"); try { builder.parse(i, binding); } finally { IOUtils.closeQuietly(i); } WebApplicationContext context = builder.createApplicationContext(); //final AbstractActiveDirectoryAuthenticationProvider adp = findBean(AbstractActiveDirectoryAuthenticationProvider.class, context); findBean(AbstractActiveDirectoryAuthenticationProvider.class, context); //Keeping the call because there might be side effects? final UserDetailsService uds = findBean(UserDetailsService.class, context); TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2() { public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) { try { return super.autoLogin(request, response); } catch (Exception e) {// TODO: this check is made redundant with 1.556, but needed with earlier versions cancelCookie(request, response, "Failed to handle remember-me cookie: "+Functions.printThrowable(e)); return null; } } }; rms.setUserDetailsService(uds); rms.setKey(Jenkins.getActiveInstance().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return new SecurityComponents( findBean(AuthenticationManager.class, context), uds, rms); }
@Override protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) { String userSeed; if (UserSeedProperty.DISABLE_USER_SEED) { userSeed = "no-seed"; } else { User user = User.getById(userDetails.getUsername(), false); if (user == null) { return "no-user"; } UserSeedProperty userSeedProperty = user.getProperty(UserSeedProperty.class); if (userSeedProperty == null) { // if you want to filter out the user seed property, you should consider using the DISABLE_USER_SEED instead return "no-prop"; } userSeed = userSeedProperty.getSeed(); } String token = String.join(":", userDetails.getUsername(), Long.toString(tokenExpiryTime), userSeed, getKey()); return MAC.mac(token); }
public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) { try { return super.autoLogin(request, response); } catch (Exception e) {// TODO: this check is made redundant with 1.556, but needed with earlier versions cancelCookie(request, response, "Failed to handle remember-me cookie: "+Functions.printThrowable(e)); return null; } } };
@Override protected String makeTokenSignature(long tokenExpiryTime, String username, String password) { String expectedTokenSignature = DigestUtils.md5Hex(username + ":" + tokenExpiryTime + ":" + "N/A" + ":" + getKey()); return expectedTokenSignature; }
private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); rms.setKey(Hudson.getInstance().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }
@Override protected String makeTokenSignature(long tokenExpiryTime, String username, String password) { String expectedTokenSignature = DigestUtils.md5Hex(username + ":" + tokenExpiryTime + ":" + "N/A" + ":" + getKey()); return expectedTokenSignature; }
private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); rms.setKey(HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }
@Override protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) { String expectedTokenSignature = DigestUtils.md5Hex(userDetails.getUsername() + ":" + tokenExpiryTime + ":" + "N/A" + ":" + getKey()); return expectedTokenSignature; }
private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); rms.setKey(Hudson.getInstance().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }
@Override protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) { String expectedTokenSignature = DigestUtils.md5Hex(userDetails.getUsername() + ":" + tokenExpiryTime + ":" + "N/A" + ":" + getKey()); return expectedTokenSignature; }
private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); rms.setKey(Hudson.getInstance().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }
@Override protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) { String expectedTokenSignature = MAC.mac(userDetails.getUsername() + ":" + tokenExpiryTime + ":" + "N/A" + ":" + getKey()); return expectedTokenSignature; }
@SuppressWarnings("deprecation") private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); /* TokenBasedRememberMeServices needs to be used in conjunction with RememberMeAuthenticationProvider, and both needs to use the same key (this is a reflection of a poor design in AcgeiSecurity, if you ask me) and various security plugins have its own groovy script that configures them. So if we change this, it creates a painful situation for those plugins by forcing them to choose to work with earlier version of Jenkins or newer version of Jenkins, and not both. So we keep this here. */ rms.setKey(Jenkins.getInstance().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }