public abstract class AbstractPasswordBasedSecurityRealm extends SecurityRealm
SecurityRealm
for username/password based authentication.
This is a convenience base class if all you are trying to do is to check the given username
and password with the information stored in somewhere else, and you don't want to do anything
with Spring Security.
This SecurityRealm
uses the standard login form (and a few other optional mechanisms like BASIC auth)
to gather the username/password information. Subtypes are responsible for authenticating this information.
SecurityRealm.SecurityComponents
ExtensionPoint.LegacyInstancesAreScopedToHudson
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
Constructor and Description |
---|
AbstractPasswordBasedSecurityRealm() |
Modifier and Type | Method and Description |
---|---|
protected UserDetails |
authenticate(String username,
String password)
Deprecated.
|
protected org.springframework.security.core.userdetails.UserDetails |
authenticate2(String username,
String password)
Authenticate a login attempt.
|
SecurityRealm.SecurityComponents |
createSecurityComponents()
Creates fully-configured
AuthenticationManager that performs authentication
against the user realm. |
GroupDetails |
loadGroupByGroupname(String groupname)
Deprecated.
|
GroupDetails |
loadGroupByGroupname2(String groupname,
boolean fetchMembers)
Retrieves information about a group by its name.
|
UserDetails |
loadUserByUsername(String username)
Deprecated.
|
org.springframework.security.core.userdetails.UserDetails |
loadUserByUsername2(String username)
Retrieves information about an user by its name.
|
all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getLoginUrl, getPostLogOutUrl, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
public SecurityRealm.SecurityComponents createSecurityComponents()
SecurityRealm
AuthenticationManager
that performs authentication
against the user realm. The implementation hides how such authentication manager
is configured.
AuthenticationManager
instantiation often depends on the user-specified parameters
(for example, if the authentication is based on LDAP, the user needs to specify
the host name of the LDAP server.) Such configuration is expected to be
presented to the user via config.jelly
and then
captured as instance variables inside the SecurityRealm
implementation.
Your SecurityRealm
may also wants to alter Filter
set up by
overriding SecurityRealm.createFilter(FilterConfig)
.
createSecurityComponents
in class SecurityRealm
protected org.springframework.security.core.userdetails.UserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationException
AbstractPasswordBasedSecurityRealm
.
If the user name and the password pair matches, retrieve the information about this user and
return it as a UserDetails
object. User
is a convenient
implementation to use, but if your backend offers additional data, you may want to use your own subtype
so that the rest of Hudson can use those additional information (such as e-mail address --- see
MailAddressResolver.)
Properties like UserDetails.getPassword()
make no sense, so just return an empty value from it.
The only information that you need to pay real attention is UserDetails.getAuthorities()
, which
is a list of roles/groups that the user is in. At minimum, this must contain SecurityRealm.AUTHENTICATED_AUTHORITY
(which indicates that this user is authenticated and not anonymous), but if your backend supports a notion
of groups, you should make sure that the authorities contain one entry per one group. This enables
users to control authorization based on groups.
If the user name and the password pair doesn't match, throw AuthenticationException
to reject the login
attempt.
org.springframework.security.core.AuthenticationException
@Deprecated protected UserDetails authenticate(String username, String password) throws AuthenticationException
authenticate2(java.lang.String, java.lang.String)
AuthenticationException
public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException
This method is used, for example, to validate if the given token is a valid user name when the user is configuring an ACL.
This is an optional method that improves the user experience. If your backend doesn't support
a query like this, just always throw UsernameNotFoundException
.
loadUserByUsername2
in class SecurityRealm
UserMayOrMayNotExistException2
- If the security realm cannot even tell if the user exists or not.org.springframework.security.core.userdetails.UsernameNotFoundException
@Deprecated public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException
loadUserByUsername2(java.lang.String)
loadUserByUsername
in class SecurityRealm
UsernameNotFoundException
DataAccessException
public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException
loadUserByUsername2(String)
.loadGroupByGroupname2
in class SecurityRealm
groupname
- the name of the group to fetchfetchMembers
- if true
then try and fetch the members of the group if it exists. Trying does not
imply that the members will be fetched and GroupDetails.getMembers()
may still return null
UserMayOrMayNotExistException2
- if no conclusive result could be determined regarding the group existence.org.springframework.security.core.userdetails.UsernameNotFoundException
- if the group does not exist.@Deprecated public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException
loadGroupByGroupname2(java.lang.String, boolean)
loadGroupByGroupname
in class SecurityRealm
UsernameNotFoundException
DataAccessException
Copyright © 2004–2022. All rights reserved.