Package org.jenkinsci.plugins.cas

Class CasSecurityRealm

java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
org.jenkinsci.plugins.cas.CasSecurityRealm
All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>
public class CasSecurityRealm extends SecurityRealm
CAS Single Sign-On security realm.
Author:
Fabien Crespel, J. David Beutel
See Also:

  • Field Details

    • DEFAULT_COMMENCE_LOGIN_URL

      public static final String DEFAULT_COMMENCE_LOGIN_URL
      See Also:

    • DEFAULT_FINISH_LOGIN_URL

      public static final String DEFAULT_FINISH_LOGIN_URL
      See Also:

    • DEFAULT_FAILED_LOGIN_URL

      public static final String DEFAULT_FAILED_LOGIN_URL
      See Also:

    • casServerUrl

      public final String casServerUrl

    • casProtocol

      public final CasProtocol casProtocol

    • forceRenewal

      public final Boolean forceRenewal

    • enableSingleSignOut

      public final Boolean enableSingleSignOut

    • enableRestApi

      public final Boolean enableRestApi

    • enableLogoutRedirect

      public final Boolean enableLogoutRedirect

  • Constructor Details

  • Method Details

    • getJenkinsUrl

      public static String getJenkinsUrl()
      Get the root Jenkins URL configured in global settings.
      Returns:
      Jenkins URL

    • getJenkinsUrl

      public static String getJenkinsUrl(jakarta.servlet.http.HttpServletRequest req)
      Get the root Jenkins URL configured in global settings, or construct it from the current HTTP request.
      Parameters:
      req - current HTTP request
      Returns:
      Jenkins URL

    • getFinishLoginUrl

      public static String getFinishLoginUrl()
      Get the callback URL after CAS authentication.
      Returns:
      finish login URL

    • getFailedLoginUrl

      public static String getFailedLoginUrl()
      Get the URL to redirect to in case of authentication failure.
      Returns:
      failed login URL

    • getServiceUrl

      public static String getServiceUrl(jakarta.servlet.http.HttpServletRequest req, org.springframework.security.cas.ServiceProperties serviceProperties)
      Get the full service URL for use with CAS.
      Parameters:
      req - current HTTP request
      serviceProperties - service properties
      Returns:
      full service URL

    • getApplicationContext

      protected org.springframework.context.ApplicationContext getApplicationContext()
      Create the Spring application context that will hold CAS filters.
      Returns:
      Spring application context

    • getLoginUrl

      public String getLoginUrl()
      Login begins with our doCommenceLogin(StaplerRequest2, StaplerResponse2) method.
      Overrides:
      getLoginUrl in class SecurityRealm
      Returns:
      Jenkins commenceLogin URL

    • getPostLogOutUrl2

      protected String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest2 req, org.springframework.security.core.Authentication auth)
      Logout redirects to CAS before coming back to Jenkins (unless disabled).
      Overrides:
      getPostLogOutUrl2 in class SecurityRealm
      Returns:
      CAS logout URL

    • createSecurityComponents

      public SecurityRealm.SecurityComponents createSecurityComponents()
      Build a authentication manager which uses the CAS REST API for username and password based authentication against the REST API. Browser authentication is handled by the CAS filter chain.
      Specified by:
      createSecurityComponents in class SecurityRealm
      Returns:
      SecurityComponents holder for the authentication manager

    • createFilter

      public jakarta.servlet.Filter createFilter(jakarta.servlet.FilterConfig filterConfig)
      Build the filter that will validate the service ticket returned by CAS. This filter will also wrap the original filter chain from Jenkins to preserve support for API token authentication (among other features).
      Overrides:
      createFilter in class SecurityRealm
      Returns:
      CAS filter

    • doLogout

      public void doLogout(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException
      Handles the logout processing.
      Overrides:
      doLogout in class SecurityRealm
      Parameters:
      req - request
      rsp - response
      Throws:
      IOException - I/O error
      jakarta.servlet.ServletException - Servlet error

    • doCommenceLogin

      public void doCommenceLogin(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException
      The login process starts from here, using the CasAuthenticationEntryPoint.
      Parameters:
      req - request
      rsp - response
      Throws:
      IOException - I/O error
      jakarta.servlet.ServletException - Servlet error

    • doFinishLogin

      public void doFinishLogin(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp)
      The login process finishes here, by firing the authenticated event.
      Parameters:
      req - request
      rsp - response