Package org.jenkinsci.plugins
Class GithubSecurityRealm
- java.lang.Object
-
- hudson.model.AbstractDescribableImpl<SecurityRealm>
-
- hudson.security.SecurityRealm
-
- hudson.security.AbstractPasswordBasedSecurityRealm
-
- org.jenkinsci.plugins.GithubSecurityRealm
-
- All Implemented Interfaces:
ExtensionPoint
,Describable<SecurityRealm>
,UserDetailsService
public class GithubSecurityRealm extends AbstractPasswordBasedSecurityRealm implements UserDetailsService
Implementation of the AbstractPasswordBasedSecurityRealm that uses github oauth to verify the user can login. This is based on the MySQLSecurityRealm from the mysql-auth-plugin written by Alex Ackerman.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
GithubSecurityRealm.ConverterImpl
static class
GithubSecurityRealm.DescriptorImpl
-
Nested classes/interfaces inherited from class hudson.security.SecurityRealm
SecurityRealm.SecurityComponents
-
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
-
Field Summary
-
Fields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
-
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description boolean
allowsSignup()
protected GithubOAuthUserDetails
authenticate(String username, String password)
SecurityRealm.SecurityComponents
createSecurityComponents()
org.kohsuke.stapler.HttpResponse
doCommenceLogin(org.kohsuke.stapler.StaplerRequest request, String from, String referer)
org.kohsuke.stapler.HttpResponse
doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
This is where the user comes back to at the end of the OAuth redirect ping-pong.boolean
equals(Object object)
Compare an object against this instance for equivalence.String
getClientID()
Secret
getClientSecret()
GithubSecurityRealm.DescriptorImpl
getDescriptor()
String
getGithubApiUri()
String
getGithubUri()
Deprecated.usegetGithubWebUri()
instead.String
getGithubWebUri()
String
getLoginUrl()
String
getOauthScopes()
protected String
getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req, Authentication auth)
int
hashCode()
boolean
hasScope(String scope)
Checks the security realm for a GitHub OAuth scope.GroupDetails
loadGroupByGroupname(String groupName)
UserDetails
loadUserByUsername(String username)
-
Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm
authenticate2, loadGroupByGroupname2, loadUserByUsername2
-
Methods inherited from class hudson.security.SecurityRealm
all, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getFrom, getGroupIdStrategy, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.acegisecurity.userdetails.UserDetailsService
toSpring
-
-
-
-
Constructor Detail
-
GithubSecurityRealm
@DataBoundConstructor public GithubSecurityRealm(String githubWebUri, String githubApiUri, String clientID, String clientSecret, String oauthScopes)
- Parameters:
githubWebUri
- The URI to the root of the web UI for GitHub or GitHub Enterprise, including the protocol (e.g. https).githubApiUri
- The URI to the root of the API for GitHub or GitHub Enterprise, including the protocol (e.g. https).clientID
- The client ID for the created OAuth Application.clientSecret
- The client secret for the created GitHub OAuth Application.oauthScopes
- A comma separated list of OAuth Scopes to request access to.
-
-
Method Detail
-
hasScope
public boolean hasScope(String scope)
Checks the security realm for a GitHub OAuth scope.- Parameters:
scope
- A scope to check for in the security realm.- Returns:
- true if security realm has the scope or false if it does not.
-
getGithubApiUri
public String getGithubApiUri()
- Returns:
- the URI to the API root of GitHub or GitHub Enterprise.
-
getGithubWebUri
public String getGithubWebUri()
- Returns:
- the uri to the web root of Github (varies for Github Enterprise Edition)
-
getGithubUri
@Deprecated public String getGithubUri()
Deprecated.usegetGithubWebUri()
instead.- Returns:
- the uri to the web root of Github (varies for Github Enterprise Edition)
-
getClientID
public String getClientID()
- Returns:
- the clientID
-
getClientSecret
public Secret getClientSecret()
- Returns:
- the clientSecret
-
getOauthScopes
public String getOauthScopes()
- Returns:
- the oauthScopes
-
doCommenceLogin
public org.kohsuke.stapler.HttpResponse doCommenceLogin(org.kohsuke.stapler.StaplerRequest request, @QueryParameter String from, @Header("Referer") String referer) throws IOException
- Throws:
IOException
-
doFinishLogin
public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request) throws IOException
This is where the user comes back to at the end of the OAuth redirect ping-pong.- Throws:
IOException
-
allowsSignup
public boolean allowsSignup()
- Overrides:
allowsSignup
in classSecurityRealm
-
createSecurityComponents
public SecurityRealm.SecurityComponents createSecurityComponents()
- Overrides:
createSecurityComponents
in classAbstractPasswordBasedSecurityRealm
-
authenticate
protected GithubOAuthUserDetails authenticate(String username, String password) throws AuthenticationException
- Overrides:
authenticate
in classAbstractPasswordBasedSecurityRealm
- Throws:
AuthenticationException
-
getLoginUrl
public String getLoginUrl()
- Overrides:
getLoginUrl
in classSecurityRealm
-
getPostLogOutUrl
protected String getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req, Authentication auth)
- Overrides:
getPostLogOutUrl
in classSecurityRealm
-
getDescriptor
public GithubSecurityRealm.DescriptorImpl getDescriptor()
- Specified by:
getDescriptor
in interfaceDescribable<SecurityRealm>
- Overrides:
getDescriptor
in classSecurityRealm
-
loadUserByUsername
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException
- Specified by:
loadUserByUsername
in interfaceUserDetailsService
- Overrides:
loadUserByUsername
in classAbstractPasswordBasedSecurityRealm
- Parameters:
username
- username to lookup- Returns:
- userDetails
- Throws:
UsernameNotFoundException
DataAccessException
-
equals
public boolean equals(Object object)
Compare an object against this instance for equivalence.
-
loadGroupByGroupname
public GroupDetails loadGroupByGroupname(String groupName) throws UsernameNotFoundException, DataAccessException
- Overrides:
loadGroupByGroupname
in classAbstractPasswordBasedSecurityRealm
- Parameters:
groupName
- groupName to look up- Returns:
- groupDetails
- Throws:
UsernameNotFoundException
DataAccessException
-
-