Package hudson.plugins.active_directory

Class ActiveDirectorySecurityRealm

java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
hudson.security.AbstractPasswordBasedSecurityRealm
hudson.plugins.active_directory.ActiveDirectorySecurityRealm
All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>
public class ActiveDirectorySecurityRealm extends AbstractPasswordBasedSecurityRealm
SecurityRealm that talks to Active Directory.
Author:
Kohsuke Kawaguchi

  • Field Details

    • domain

      public transient String domain
      Represent the old Active Directory Domain

      We need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the newone.

      This has been deprecated since ActiveDirectoryDomain

    • server

      public transient String server
      Represent the old Active Directory Domain Controllers

      We need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the newone.

      This has been deprecated since ActiveDirectoryDomain

    • domains

      public List<ActiveDirectoryDomain> domains
      List of ActiveDirectoryDomain

    • site

      public final transient String site
      Active directory site (which specifies the physical concentration of the servers), if any. If the value is non-null, we'll only contact servers in this site.

      On Windows, I'm assuming ADSI takes care of everything automatically.

      We need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the newone.

    • bindName

      public transient String bindName
      Represent the old Name

      We need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the new one.

      This has been deprecated @since Jenkins 2.1

    • bindPassword

      public transient Secret bindPassword
      Represent the old bindPassword

      We need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the new one.

      This has been deprecated @since Jenkins 2.1

    • startTls

      public Boolean startTls
      If true enable startTls in case plain communication is used. In case the plugin is configured to use TLS then this option will not have any impact.
      See Also:

    • removeIrrelevantGroups

      public final boolean removeIrrelevantGroups
      If true, Jenkins ignores Active Directory groups that are not being used by the active Authorization Strategy. This can significantly improve performance in environments with a large number of groups but a small number of corresponding rules defined by the Authorization Strategy. Groups are considered as used if they are returned by AuthorizationStrategy.getGroups().

    • cache

      protected CacheConfiguration cache
      Cache of the Active Directory plugin

    • environmentProperties

      protected List<ActiveDirectorySecurityRealm.EnvironmentProperty> environmentProperties
      Ldap extra properties

    • tlsConfiguration

      @Deprecated protected transient TlsConfiguration tlsConfiguration
      Deprecated.
      Selects the SSL strategy to follow on the TLS connections

      Even if we are not using any of the TLS ports (3269/636) the plugin will try to establish a TLS channel using startTLS. Because of this, we need to be able to specify the SSL strategy on the plugin

      For the moment there are two possible values: trustAllCertificates and trustStore.

    • internalUsersDatabase

      protected ActiveDirectoryInternalUsersDatabase internalUsersDatabase
      The Jenkins internal user to fall back in case f NamingException

    • DOMAIN_CONTROLLERS

      public static String DOMAIN_CONTROLLERS
      Deprecated.
      as of 1.28 Use the UI field.
      If non-null, this value specifies the domain controllers and overrides all the lookups. The format is "host:port,host:port,..."

  • Constructor Details

  • Method Details

    • setEnvironmentProperties

      @DataBoundSetter public void setEnvironmentProperties(List<ActiveDirectorySecurityRealm.EnvironmentProperty> environmentProperties)

    • getCache

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public CacheConfiguration getCache()

    • getJenkinsInternalUser

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String getJenkinsInternalUser()

    • getInternalUsersDatabase

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public ActiveDirectoryInternalUsersDatabase getInternalUsersDatabase()

    • isStartTls

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public Boolean isStartTls()

    • getRequireTLS

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @NonNull public Boolean getRequireTLS()

    • isRequireTLSPersisted

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean isRequireTLSPersisted()

    • getSize

      public Integer getSize()

    • getTtl

      public Integer getTtl()

    • getEnvironmentProperties

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ActiveDirectorySecurityRealm.EnvironmentProperty> getEnvironmentProperties()

    • getCustomDomain

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean getCustomDomain()

    • getGroupLookupStrategy

      public GroupLookupStrategy getGroupLookupStrategy()

    • getTlsConfiguration

      @Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public TlsConfiguration getTlsConfiguration()
      Deprecated.

    • getDomains

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ActiveDirectoryDomain> getDomains()

    • getDomain

      public ActiveDirectoryDomain getDomain(String domain)
      Get the @link{ActiveDirectoryDomain} given the domain
      Parameters:
      domain - The name of the Active Directory domain
      Returns:
      the @link{ActiveDirectoryDomain} null if not exist.

    • getDescriptor

      public ActiveDirectorySecurityRealm.DescriptorImpl getDescriptor()
      Specified by:
      getDescriptor in interface Describable<SecurityRealm>
      Overrides:
      getDescriptor in class SecurityRealm

    • doAuthTest

      public void doAuthTest(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp, @QueryParameter String username, @QueryParameter String password) throws IOException, jakarta.servlet.ServletException
      Authentication test.
      Throws:
      IOException
      jakarta.servlet.ServletException

    • readResolve

      public Object readResolve() throws ObjectStreamException
      Throws:
      ObjectStreamException

    • loadGroupByGroupname2

      public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Overrides:
      loadGroupByGroupname2 in class AbstractPasswordBasedSecurityRealm
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException

    • loadUserByUsername2

      public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Overrides:
      loadUserByUsername2 in class AbstractPasswordBasedSecurityRealm
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException

    • authenticate2

      protected org.springframework.security.core.userdetails.UserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationException
      Overrides:
      authenticate2 in class AbstractPasswordBasedSecurityRealm
      Throws:
      org.springframework.security.core.AuthenticationException