Package org.jenkinsci.plugins
Class GithubSecurityRealm
java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
hudson.security.AbstractPasswordBasedSecurityRealm
org.jenkinsci.plugins.GithubSecurityRealm
- All Implemented Interfaces:
ExtensionPoint
,Describable<SecurityRealm>
Implementation of the AbstractPasswordBasedSecurityRealm that uses github
oauth to verify the user can login.
This is based on the MySQLSecurityRealm from the mysql-auth-plugin written by
Alex Ackerman.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final class
static final class
Nested classes/interfaces inherited from class hudson.security.SecurityRealm
SecurityRealm.SecurityComponents
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
Field Summary
Fields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
protected GithubOAuthUserDetails
authenticate2
(String username, String password) org.kohsuke.stapler.HttpResponse
doCommenceLogin
(org.kohsuke.stapler.StaplerRequest2 request, String from, String referer) org.kohsuke.stapler.HttpResponse
doFinishLogin
(org.kohsuke.stapler.StaplerRequest2 request) This is where the user comes back to at the end of the OAuth redirect ping-pong.boolean
Compare an object against this instance for equivalence.Deprecated.protected String
getPostLogOutUrl2
(org.kohsuke.stapler.StaplerRequest2 req, org.springframework.security.core.Authentication auth) int
hashCode()
boolean
Checks the security realm for a GitHub OAuth scope.loadGroupByGroupname2
(String groupName, boolean fetchMembers) org.springframework.security.core.userdetails.UserDetails
loadUserByUsername2
(String username) Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm
authenticate, authenticateByPassword, loadGroupByGroupname, loadUserByUsername
Methods inherited from class hudson.security.SecurityRealm
all, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, createFilter, doCaptcha, doLogout, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getFrom, getGroupIdStrategy, getPostLogOutUrl, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
-
Constructor Details
-
GithubSecurityRealm
@DataBoundConstructor public GithubSecurityRealm(String githubWebUri, String githubApiUri, String clientID, String clientSecret, String oauthScopes) - Parameters:
githubWebUri
- The URI to the root of the web UI for GitHub or GitHub Enterprise, including the protocol (e.g. https).githubApiUri
- The URI to the root of the API for GitHub or GitHub Enterprise, including the protocol (e.g. https).clientID
- The client ID for the created OAuth Application.clientSecret
- The client secret for the created GitHub OAuth Application.oauthScopes
- A comma separated list of OAuth Scopes to request access to.
-
-
Method Details
-
hasScope
Checks the security realm for a GitHub OAuth scope.- Parameters:
scope
- A scope to check for in the security realm.- Returns:
- true if security realm has the scope or false if it does not.
-
getGithubApiUri
- Returns:
- the URI to the API root of GitHub or GitHub Enterprise.
-
getGithubWebUri
- Returns:
- the uri to the web root of Github (varies for Github Enterprise Edition)
-
getGithubUri
Deprecated.usegetGithubWebUri()
instead.- Returns:
- the uri to the web root of Github (varies for Github Enterprise Edition)
-
getClientID
- Returns:
- the clientID
-
getClientSecret
- Returns:
- the clientSecret
-
getOauthScopes
- Returns:
- the oauthScopes
-
doCommenceLogin
public org.kohsuke.stapler.HttpResponse doCommenceLogin(org.kohsuke.stapler.StaplerRequest2 request, @QueryParameter String from, @Header("Referer") String referer) throws IOException - Throws:
IOException
-
doFinishLogin
public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest2 request) throws IOException This is where the user comes back to at the end of the OAuth redirect ping-pong.- Throws:
IOException
-
allowsSignup
public boolean allowsSignup()- Overrides:
allowsSignup
in classSecurityRealm
-
createSecurityComponents
- Overrides:
createSecurityComponents
in classAbstractPasswordBasedSecurityRealm
-
authenticate2
protected GithubOAuthUserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationException - Overrides:
authenticate2
in classAbstractPasswordBasedSecurityRealm
- Throws:
org.springframework.security.core.AuthenticationException
-
getLoginUrl
- Overrides:
getLoginUrl
in classSecurityRealm
-
getPostLogOutUrl2
protected String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest2 req, org.springframework.security.core.Authentication auth) - Overrides:
getPostLogOutUrl2
in classSecurityRealm
-
getDescriptor
- Specified by:
getDescriptor
in interfaceDescribable<SecurityRealm>
- Overrides:
getDescriptor
in classSecurityRealm
-
loadUserByUsername2
public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException - Overrides:
loadUserByUsername2
in classAbstractPasswordBasedSecurityRealm
- Parameters:
username
- username to lookup- Returns:
- userDetails
- Throws:
org.springframework.security.core.userdetails.UsernameNotFoundException
-
equals
Compare an object against this instance for equivalence. -
hashCode
public int hashCode() -
loadGroupByGroupname2
public GroupDetails loadGroupByGroupname2(String groupName, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException - Overrides:
loadGroupByGroupname2
in classAbstractPasswordBasedSecurityRealm
- Parameters:
groupName
- groupName to look up- Returns:
- groupDetails
- Throws:
org.springframework.security.core.userdetails.UsernameNotFoundException
-
getGithubWebUri()
instead.