Class GithubSecurityRealm

All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>

public class GithubSecurityRealm extends AbstractPasswordBasedSecurityRealm
Implementation of the AbstractPasswordBasedSecurityRealm that uses github oauth to verify the user can login. This is based on the MySQLSecurityRealm from the mysql-auth-plugin written by Alex Ackerman.
  • Constructor Details

    • GithubSecurityRealm

      @DataBoundConstructor public GithubSecurityRealm(String githubWebUri, String githubApiUri, String clientID, String clientSecret, String oauthScopes)
      Parameters:
      githubWebUri - The URI to the root of the web UI for GitHub or GitHub Enterprise, including the protocol (e.g. https).
      githubApiUri - The URI to the root of the API for GitHub or GitHub Enterprise, including the protocol (e.g. https).
      clientID - The client ID for the created OAuth Application.
      clientSecret - The client secret for the created GitHub OAuth Application.
      oauthScopes - A comma separated list of OAuth Scopes to request access to.
  • Method Details

    • hasScope

      public boolean hasScope(String scope)
      Checks the security realm for a GitHub OAuth scope.
      Parameters:
      scope - A scope to check for in the security realm.
      Returns:
      true if security realm has the scope or false if it does not.
    • getGithubApiUri

      public String getGithubApiUri()
      Returns:
      the URI to the API root of GitHub or GitHub Enterprise.
    • getGithubWebUri

      public String getGithubWebUri()
      Returns:
      the uri to the web root of Github (varies for Github Enterprise Edition)
    • getGithubUri

      @Deprecated public String getGithubUri()
      Deprecated.
      use getGithubWebUri() instead.
      Returns:
      the uri to the web root of Github (varies for Github Enterprise Edition)
    • getClientID

      public String getClientID()
      Returns:
      the clientID
    • getClientSecret

      public Secret getClientSecret()
      Returns:
      the clientSecret
    • getOauthScopes

      public String getOauthScopes()
      Returns:
      the oauthScopes
    • doCommenceLogin

      public org.kohsuke.stapler.HttpResponse doCommenceLogin(org.kohsuke.stapler.StaplerRequest2 request, @QueryParameter String from, @Header("Referer") String referer) throws IOException
      Throws:
      IOException
    • doFinishLogin

      public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest2 request) throws IOException
      This is where the user comes back to at the end of the OAuth redirect ping-pong.
      Throws:
      IOException
    • allowsSignup

      public boolean allowsSignup()
      Overrides:
      allowsSignup in class SecurityRealm
    • createSecurityComponents

      public SecurityRealm.SecurityComponents createSecurityComponents()
      Overrides:
      createSecurityComponents in class AbstractPasswordBasedSecurityRealm
    • authenticate2

      protected GithubOAuthUserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationException
      Overrides:
      authenticate2 in class AbstractPasswordBasedSecurityRealm
      Throws:
      org.springframework.security.core.AuthenticationException
    • getLoginUrl

      public String getLoginUrl()
      Overrides:
      getLoginUrl in class SecurityRealm
    • getPostLogOutUrl2

      protected String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest2 req, org.springframework.security.core.Authentication auth)
      Overrides:
      getPostLogOutUrl2 in class SecurityRealm
    • getDescriptor

      public GithubSecurityRealm.DescriptorImpl getDescriptor()
      Specified by:
      getDescriptor in interface Describable<SecurityRealm>
      Overrides:
      getDescriptor in class SecurityRealm
    • loadUserByUsername2

      public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Overrides:
      loadUserByUsername2 in class AbstractPasswordBasedSecurityRealm
      Parameters:
      username - username to lookup
      Returns:
      userDetails
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException
    • equals

      public boolean equals(Object object)
      Compare an object against this instance for equivalence.
      Overrides:
      equals in class Object
      Parameters:
      object - An object to campare this instance to.
      Returns:
      true if the objects are the same instance and configuration.
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • loadGroupByGroupname2

      public GroupDetails loadGroupByGroupname2(String groupName, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Overrides:
      loadGroupByGroupname2 in class AbstractPasswordBasedSecurityRealm
      Parameters:
      groupName - groupName to look up
      Returns:
      groupDetails
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException