- Direct Known Subclasses:
public abstract class AbstractPasswordBasedSecurityRealm extends SecurityRealmPartial implementation of
SecurityRealmfor username/password based authentication. This is a convenience base class if all you are trying to do is to check the given username and password with the information stored in somewhere else, and you don't want to do anything with Spring Security.
SecurityRealmuses the standard login form (and a few other optional mechanisms like BASIC auth) to gather the username/password information. Subtypes are responsible for authenticating this information.
- Kohsuke Kawaguchi
Constructors Constructor Description
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description
authenticate(String username, String password)Deprecated.
authenticate2(String username, String password)Authenticate a login attempt.
AuthenticationManagerthat performs authentication against the user realm.
loadGroupByGroupname2(String groupname, boolean fetchMembers)Retrieves information about a group by its name.
loadUserByUsername2(String username)Retrieves information about an user by its name.
Methods inherited from class hudson.security.SecurityRealm
all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getLoginUrl, getPostLogOutUrl, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
public SecurityRealm.SecurityComponents createSecurityComponents()Description copied from class:
AuthenticationManagerthat performs authentication against the user realm. The implementation hides how such authentication manager is configured.
AuthenticationManagerinstantiation often depends on the user-specified parameters (for example, if the authentication is based on LDAP, the user needs to specify the host name of the LDAP server.) Such configuration is expected to be presented to the user via
config.jellyand then captured as instance variables inside the
protected org.springframework.security.core.userdetails.UserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationExceptionAuthenticate a login attempt. This method is the heart of a
If the user name and the password pair matches, retrieve the information about this user and return it as a
Useris a convenient implementation to use, but if your backend offers additional data, you may want to use your own subtype so that the rest of Hudson can use those additional information (such as e-mail address --- see MailAddressResolver.)
UserDetails.getPassword()make no sense, so just return an empty value from it. The only information that you need to pay real attention is
UserDetails.getAuthorities(), which is a list of roles/groups that the user is in. At minimum, this must contain
SecurityRealm.AUTHENTICATED_AUTHORITY(which indicates that this user is authenticated and not anonymous), but if your backend supports a notion of groups, you should make sure that the authorities contain one entry per one group. This enables users to control authorization based on groups.
If the user name and the password pair doesn't match, throw
AuthenticationExceptionto reject the login attempt.
@Deprecated protected UserDetails authenticate(String username, String password) throws AuthenticationExceptionDeprecated.
public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundExceptionRetrieves information about an user by its name.
This method is used, for example, to validate if the given token is a valid user name when the user is configuring an ACL. This is an optional method that improves the user experience. If your backend doesn't support a query like this, just always throw
@Deprecated public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessExceptionDeprecated.
public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundExceptionRetrieves information about a group by its name. This method is the group version of the
groupname- the name of the group to fetch
truethen try and fetch the members of the group if it exists. Trying does not imply that the members will be fetched and
GroupDetails.getMembers()may still return
UserMayOrMayNotExistException2- if no conclusive result could be determined regarding the group existence.
org.springframework.security.core.userdetails.UsernameNotFoundException- if the group does not exist.