Class ActiveDirectorySecurityRealm
- java.lang.Object
-
- hudson.model.AbstractDescribableImpl<SecurityRealm>
-
- hudson.security.SecurityRealm
-
- hudson.security.AbstractPasswordBasedSecurityRealm
-
- hudson.plugins.active_directory.ActiveDirectorySecurityRealm
-
- All Implemented Interfaces:
ExtensionPoint
,Describable<SecurityRealm>
public class ActiveDirectorySecurityRealm extends AbstractPasswordBasedSecurityRealm
SecurityRealm
that talks to Active Directory.- Author:
- Kohsuke Kawaguchi
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
ActiveDirectorySecurityRealm.DescriptorImpl
static class
ActiveDirectorySecurityRealm.EnvironmentProperty
Store all the extra environment variable to be used on the LDAP Context-
Nested classes/interfaces inherited from class hudson.security.SecurityRealm
SecurityRealm.SecurityComponents
-
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
-
Field Summary
Fields Modifier and Type Field Description String
bindName
Represent the old NameSecret
bindPassword
Represent the old bindPasswordprotected CacheConfiguration
cache
Cache of the Active Directory pluginString
domain
Represent the old Active Directory Domainstatic String
DOMAIN_CONTROLLERS
Deprecated.as of 1.28 Use the UI field.List<ActiveDirectoryDomain>
domains
List ofActiveDirectoryDomain
protected List<ActiveDirectorySecurityRealm.EnvironmentProperty>
environmentProperties
Ldap extra propertiesprotected ActiveDirectoryInternalUsersDatabase
internalUsersDatabase
The Jenkins internal user to fall back in case fNamingException
boolean
removeIrrelevantGroups
If true, Jenkins ignores Active Directory groups that are not being used by the active Authorization Strategy.String
server
Represent the old Active Directory Domain ControllersString
site
Active directory site (which specifies the physical concentration of the servers), if any.Boolean
startTls
If true enable startTls in case plain communication is used.protected TlsConfiguration
tlsConfiguration
Deprecated.-
Fields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
-
-
Constructor Summary
Constructors Constructor Description ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server)
ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy)
ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups)
ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, CacheConfiguration cache)
ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls)
ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, ActiveDirectoryInternalUsersDatabase internalUsersDatabase)
Deprecated.ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, ActiveDirectoryInternalUsersDatabase internalUsersDatabase, boolean requireTLS)
ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, TlsConfiguration tlsConfiguration)
ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, TlsConfiguration tlsConfiguration, ActiveDirectoryInternalUsersDatabase internalUsersDatabase)
Deprecated.
-
Method Summary
-
Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm
authenticate2, createSecurityComponents, loadGroupByGroupname2, loadUserByUsername2
-
Methods inherited from class hudson.security.SecurityRealm
all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getFrom, getGroupIdStrategy, getLoginUrl, getPostLogOutUrl, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
-
-
-
-
Field Detail
-
domain
public transient String domain
Represent the old Active Directory DomainWe need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the newone.
This has been deprecated since
ActiveDirectoryDomain
-
server
public transient String server
Represent the old Active Directory Domain ControllersWe need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the newone.
This has been deprecated since
ActiveDirectoryDomain
-
domains
public List<ActiveDirectoryDomain> domains
List ofActiveDirectoryDomain
-
site
public final transient String site
Active directory site (which specifies the physical concentration of the servers), if any. If the value is non-null, we'll only contact servers in this site.On Windows, I'm assuming ADSI takes care of everything automatically.
We need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the newone.
-
bindName
public transient String bindName
Represent the old NameWe need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the new one.
This has been deprecated @since Jenkins 2.1
-
bindPassword
public transient Secret bindPassword
Represent the old bindPasswordWe need to keep this as transient in order to be able to use readResolve to migrate the old descriptor to the new one.
This has been deprecated @since Jenkins 2.1
-
startTls
public Boolean startTls
If true enable startTls in case plain communication is used. In case the plugin is configured to use TLS then this option will not have any impact.- See Also:
getRequireTLS()
-
removeIrrelevantGroups
public final boolean removeIrrelevantGroups
If true, Jenkins ignores Active Directory groups that are not being used by the active Authorization Strategy. This can significantly improve performance in environments with a large number of groups but a small number of corresponding rules defined by the Authorization Strategy. Groups are considered as used if they are returned byAuthorizationStrategy.getGroups()
.
-
cache
protected CacheConfiguration cache
Cache of the Active Directory plugin
-
environmentProperties
protected List<ActiveDirectorySecurityRealm.EnvironmentProperty> environmentProperties
Ldap extra properties
-
tlsConfiguration
@Deprecated protected transient TlsConfiguration tlsConfiguration
Deprecated.Selects the SSL strategy to follow on the TLS connectionsEven if we are not using any of the TLS ports (3269/636) the plugin will try to establish a TLS channel using startTLS. Because of this, we need to be able to specify the SSL strategy on the plugin
For the moment there are two possible values: trustAllCertificates and trustStore.
-
internalUsersDatabase
protected ActiveDirectoryInternalUsersDatabase internalUsersDatabase
The Jenkins internal user to fall back in case fNamingException
-
DOMAIN_CONTROLLERS
public static String DOMAIN_CONTROLLERS
Deprecated.as of 1.28 Use the UI field.If non-null, this value specifies the domain controllers and overrides all the lookups. The format is "host:port,host:port,..."
-
-
Constructor Detail
-
ActiveDirectorySecurityRealm
public ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server)
-
ActiveDirectorySecurityRealm
public ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy)
-
ActiveDirectorySecurityRealm
public ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups)
-
ActiveDirectorySecurityRealm
public ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, CacheConfiguration cache)
-
ActiveDirectorySecurityRealm
public ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls)
-
ActiveDirectorySecurityRealm
public ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, TlsConfiguration tlsConfiguration)
-
ActiveDirectorySecurityRealm
@Deprecated public ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, TlsConfiguration tlsConfiguration, ActiveDirectoryInternalUsersDatabase internalUsersDatabase)
Deprecated.
-
ActiveDirectorySecurityRealm
@Deprecated public ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, ActiveDirectoryInternalUsersDatabase internalUsersDatabase)
Deprecated.
-
ActiveDirectorySecurityRealm
@DataBoundConstructor public ActiveDirectorySecurityRealm(String domain, List<ActiveDirectoryDomain> domains, String site, String bindName, String bindPassword, String server, GroupLookupStrategy groupLookupStrategy, boolean removeIrrelevantGroups, Boolean customDomain, CacheConfiguration cache, Boolean startTls, ActiveDirectoryInternalUsersDatabase internalUsersDatabase, boolean requireTLS)
-
-
Method Detail
-
setEnvironmentProperties
@DataBoundSetter public void setEnvironmentProperties(List<ActiveDirectorySecurityRealm.EnvironmentProperty> environmentProperties)
-
getCache
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public CacheConfiguration getCache()
-
getJenkinsInternalUser
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String getJenkinsInternalUser()
-
getInternalUsersDatabase
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public ActiveDirectoryInternalUsersDatabase getInternalUsersDatabase()
-
isStartTls
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public Boolean isStartTls()
-
getRequireTLS
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @NonNull public Boolean getRequireTLS()
-
isRequireTLSPersisted
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean isRequireTLSPersisted()
-
getSize
public Integer getSize()
-
getTtl
public Integer getTtl()
-
getEnvironmentProperties
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ActiveDirectorySecurityRealm.EnvironmentProperty> getEnvironmentProperties()
-
getCustomDomain
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean getCustomDomain()
-
getGroupLookupStrategy
public GroupLookupStrategy getGroupLookupStrategy()
-
getTlsConfiguration
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public TlsConfiguration getTlsConfiguration()
Deprecated.
-
getDomains
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ActiveDirectoryDomain> getDomains()
-
getDomain
public ActiveDirectoryDomain getDomain(String domain)
Get the @link{ActiveDirectoryDomain} given the domain- Parameters:
domain
- The name of the Active Directory domain- Returns:
- the @link{ActiveDirectoryDomain} null if not exist.
-
readResolve
public Object readResolve() throws ObjectStreamException
- Throws:
ObjectStreamException
-
getDescriptor
public ActiveDirectorySecurityRealm.DescriptorImpl getDescriptor()
- Specified by:
getDescriptor
in interfaceDescribable<SecurityRealm>
- Overrides:
getDescriptor
in classSecurityRealm
-
doAuthTest
public void doAuthTest(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp, @QueryParameter String username, @QueryParameter String password) throws IOException, javax.servlet.ServletException
Authentication test.- Throws:
IOException
javax.servlet.ServletException
-
loadGroupByGroupname
public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException
- Overrides:
loadGroupByGroupname
in classAbstractPasswordBasedSecurityRealm
- Throws:
UsernameNotFoundException
DataAccessException
-
loadUserByUsername
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException
- Overrides:
loadUserByUsername
in classAbstractPasswordBasedSecurityRealm
- Throws:
UsernameNotFoundException
DataAccessException
-
authenticate
protected UserDetails authenticate(String username, String password) throws AuthenticationException
- Overrides:
authenticate
in classAbstractPasswordBasedSecurityRealm
- Throws:
AuthenticationException
-
-