Class HudsonPrivateSecurityRealm
- java.lang.Object
- 
- hudson.model.AbstractDescribableImpl<SecurityRealm>
- 
- hudson.security.SecurityRealm
- 
- hudson.security.AbstractPasswordBasedSecurityRealm
- 
- hudson.security.HudsonPrivateSecurityRealm
 
 
 
 
- 
- All Implemented Interfaces:
- ExtensionPoint,- Describable<SecurityRealm>,- ModelObject,- AccessControlled
 
 public class HudsonPrivateSecurityRealm extends AbstractPasswordBasedSecurityRealm implements ModelObject, AccessControlled SecurityRealmthat performs authentication by looking upUser.Implements AccessControlledto satisfy view rendering, but in reality the access control is done against theJenkinsobject.- Author:
- Kohsuke Kawaguchi
 
- 
- 
Nested Class SummaryNested Classes Modifier and Type Class Description static classHudsonPrivateSecurityRealm.DescriptorImplstatic classHudsonPrivateSecurityRealm.DetailsUserPropertythat provides theUserDetailsview of the User object.static classHudsonPrivateSecurityRealm.ManageUserLinksDisplays "manage users" link in the system config ifHudsonPrivateSecurityRealmis in effect.static classHudsonPrivateSecurityRealm.SignupInfo- 
Nested classes/interfaces inherited from class hudson.security.SecurityRealmSecurityRealm.SecurityComponents
 - 
Nested classes/interfaces inherited from interface hudson.ExtensionPointExtensionPoint.LegacyInstancesAreScopedToHudson
 
- 
 - 
Field SummaryFields Modifier and Type Field Description static hudson.security.HudsonPrivateSecurityRealm.MultiPasswordEncoderPASSWORD_ENCODER- 
Fields inherited from class hudson.security.SecurityRealmAUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
 
- 
 - 
Constructor SummaryConstructors Constructor Description HudsonPrivateSecurityRealm(boolean allowsSignup)Deprecated.HudsonPrivateSecurityRealm(boolean allowsSignup, boolean enableCaptcha, CaptchaSupport captchaSupport)
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanallowsSignup()Returns true if thisSecurityRealmallows online sign-up.protected org.springframework.security.core.userdetails.UserDetailsauthenticate2(String username, String password)Authenticate a login attempt.voidcheckPermission(Permission permission)Convenient short-cut forgetACL().checkPermission(permission)org.kohsuke.stapler.HttpResponsecommenceSignup(FederatedLoginService.FederatedIdentity identity)Show the sign up page with the data from the identity.UsercreateAccount(String userName, String password)Creates a new user account by registering a password to the user.UsercreateAccountByAdmin(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp, String addUserView, String successView)Creates a user account.UsercreateAccountFromSetupWizard(org.kohsuke.stapler.StaplerRequest req)Creates a user account.UsercreateAccountWithHashedPassword(String userName, String hashedPassword)Creates a new user account by registering a JBCrypt Hashed password with the user.UserdoCreateAccount(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)Creates an user account.voiddoCreateAccountByAdmin(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)Creates a user account.UserdoCreateAccountWithFederatedIdentity(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)Creates an account and associates that with the given identity.voiddoCreateFirstAccount(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)Creates a first admin user account.ACLgetACL()Obtains the ACL associated with this object.booleangetAllowsSignup()List<User>getAllUsers()All users who can login to the system.StringgetDisplayName()This is used primarily when the object is listed in the breadcrumb, in the user management screen.UsergetUser(String id)This is to map users under the security realm URL.booleanhasPermission(Permission permission)Convenient short-cut forgetACL().hasPermission(permission)booleanisEnableCaptcha()Checks if captcha is enabled on user signup.booleanisMailerPluginPresent()HudsonPrivateSecurityRealm.Detailsload(String username)GroupDetailsloadGroupByGroupname2(String groupname, boolean fetchMembers)This implementation doesn't support groups.org.springframework.security.core.userdetails.UserDetailsloadUserByUsername2(String username)Retrieves information about an user by its name.- 
Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealmauthenticate, createSecurityComponents, loadGroupByGroupname, loadUserByUsername
 - 
Methods inherited from class hudson.security.SecurityRealmall, canLogOut, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getLoginUrl, getPostLogOutUrl, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
 - 
Methods inherited from class java.lang.Objectclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 - 
Methods inherited from interface hudson.security.AccessControlledcheckAnyPermission, hasAnyPermission, hasPermission, hasPermission2
 
- 
 
- 
- 
- 
Constructor Detail- 
HudsonPrivateSecurityRealm@Deprecated public HudsonPrivateSecurityRealm(boolean allowsSignup) Deprecated.
 - 
HudsonPrivateSecurityRealm@DataBoundConstructor public HudsonPrivateSecurityRealm(boolean allowsSignup, boolean enableCaptcha, CaptchaSupport captchaSupport)
 
- 
 - 
Method Detail- 
allowsSignuppublic boolean allowsSignup() Description copied from class:SecurityRealmReturns true if thisSecurityRealmallows online sign-up. This creates a hyperlink that redirects users toCONTEXT_ROOT/signUp, which will be served by thesignup.jellyview of this class.If the implementation needs to redirect the user to a different URL for signing up, use the following jelly script as signup.jelly<xmp> <st:redirect url="http://www.sun.com/" xmlns:st="jelly:stapler"/> </xmp>- Overrides:
- allowsSignupin class- SecurityRealm
 
 - 
getAllowsSignup@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean getAllowsSignup() 
 - 
isEnableCaptchapublic boolean isEnableCaptcha() Checks if captcha is enabled on user signup.- Returns:
- true if captcha is enabled on signup.
 
 - 
loadGroupByGroupname2public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException This implementation doesn't support groups.- Overrides:
- loadGroupByGroupname2in class- AbstractPasswordBasedSecurityRealm
- Parameters:
- groupname- the name of the group to fetch
- fetchMembers- if- truethen try and fetch the members of the group if it exists. Trying does not imply that the members will be fetched and- GroupDetails.getMembers()may still return- null
- Throws:
- UserMayOrMayNotExistException2- if no conclusive result could be determined regarding the group existence.
- org.springframework.security.core.userdetails.UsernameNotFoundException- if the group does not exist.
 
 - 
loadUserByUsername2public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException Description copied from class:AbstractPasswordBasedSecurityRealmRetrieves information about an user by its name.This method is used, for example, to validate if the given token is a valid user name when the user is configuring an ACL. This is an optional method that improves the user experience. If your backend doesn't support a query like this, just always throw UsernameNotFoundException.- Overrides:
- loadUserByUsername2in class- AbstractPasswordBasedSecurityRealm
- Returns:
- never null.
- Throws:
- UserMayOrMayNotExistException2- If the security realm cannot even tell if the user exists or not.
- org.springframework.security.core.userdetails.UsernameNotFoundException
 
 - 
load@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public HudsonPrivateSecurityRealm.Details load(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException - Throws:
- org.springframework.security.core.userdetails.UsernameNotFoundException
 
 - 
authenticate2protected org.springframework.security.core.userdetails.UserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationException Description copied from class:AbstractPasswordBasedSecurityRealmAuthenticate a login attempt. This method is the heart of aAbstractPasswordBasedSecurityRealm.If the user name and the password pair matches, retrieve the information about this user and return it as a UserDetailsobject.Useris a convenient implementation to use, but if your backend offers additional data, you may want to use your own subtype so that the rest of Hudson can use those additional information (such as e-mail address --- see MailAddressResolver.)Properties like UserDetails.getPassword()make no sense, so just return an empty value from it. The only information that you need to pay real attention isUserDetails.getAuthorities(), which is a list of roles/groups that the user is in. At minimum, this must containSecurityRealm.AUTHENTICATED_AUTHORITY(which indicates that this user is authenticated and not anonymous), but if your backend supports a notion of groups, you should make sure that the authorities contain one entry per one group. This enables users to control authorization based on groups.If the user name and the password pair doesn't match, throw AuthenticationExceptionto reject the login attempt.- Overrides:
- authenticate2in class- AbstractPasswordBasedSecurityRealm
- Throws:
- org.springframework.security.core.AuthenticationException
 
 - 
commenceSignuppublic org.kohsuke.stapler.HttpResponse commenceSignup(FederatedLoginService.FederatedIdentity identity) Show the sign up page with the data from the identity.- Overrides:
- commenceSignupin class- SecurityRealm
 
 - 
doCreateAccountWithFederatedIdentitypublic User doCreateAccountWithFederatedIdentity(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException Creates an account and associates that with the given identity. Used in conjunction withcommenceSignup(hudson.security.FederatedLoginService.FederatedIdentity).- Throws:
- IOException
- javax.servlet.ServletException
 
 - 
doCreateAccountpublic User doCreateAccount(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException Creates an user account. Used for self-registration.- Throws:
- IOException
- javax.servlet.ServletException
 
 - 
doCreateAccountByAdminpublic void doCreateAccountByAdmin(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletExceptionCreates a user account. Used by admins. This version behaves differently fromdoCreateAccount(StaplerRequest, StaplerResponse)in that this is someone creating another user.- Throws:
- IOException
- javax.servlet.ServletException
 
 - 
createAccountByAdmin@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public User createAccountByAdmin(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp, String addUserView, String successView) throws IOException, javax.servlet.ServletException Creates a user account. RequiresJenkins.ADMINISTER- Throws:
- IOException
- javax.servlet.ServletException
 
 - 
createAccountFromSetupWizard@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public User createAccountFromSetupWizard(org.kohsuke.stapler.StaplerRequest req) throws IOException, AccountCreationFailedException Creates a user account. Intended to be called from the setup wizard. Note that this method does not check whether it is actually called from the setup wizard. This requires theJenkins.ADMINISTERpermission.- Parameters:
- req- the request to retrieve input data from
- Returns:
- the created user account, never null
- Throws:
- AccountCreationFailedException- if account creation failed due to invalid form input
- IOException
 
 - 
doCreateFirstAccountpublic void doCreateFirstAccount(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletExceptionCreates a first admin user account.This can be run by anyone, but only to create the very first user account. - Throws:
- IOException
- javax.servlet.ServletException
 
 - 
isMailerPluginPresent@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean isMailerPluginPresent() 
 - 
createAccountpublic User createAccount(String userName, String password) throws IOException Creates a new user account by registering a password to the user.- Throws:
- IOException
 
 - 
createAccountWithHashedPasswordpublic User createAccountWithHashedPassword(String userName, String hashedPassword) throws IOException Creates a new user account by registering a JBCrypt Hashed password with the user.- Parameters:
- userName- The user's name
- hashedPassword- A hashed password, must begin with- #jbcrypt:
- Throws:
- IOException
 
 - 
getDisplayNamepublic String getDisplayName() This is used primarily when the object is listed in the breadcrumb, in the user management screen.- Specified by:
- getDisplayNamein interface- ModelObject
 
 - 
getACLpublic ACL getACL() Description copied from interface:AccessControlledObtains the ACL associated with this object.- Specified by:
- getACLin interface- AccessControlled
- Returns:
- never null.
 
 - 
checkPermissionpublic void checkPermission(Permission permission) Description copied from interface:AccessControlledConvenient short-cut forgetACL().checkPermission(permission)- Specified by:
- checkPermissionin interface- AccessControlled
 
 - 
hasPermissionpublic boolean hasPermission(Permission permission) Description copied from interface:AccessControlledConvenient short-cut forgetACL().hasPermission(permission)- Specified by:
- hasPermissionin interface- AccessControlled
 
 
- 
 
-