Package org.jenkinsci.plugins

Class GithubSecurityRealm

java.lang.Object

hudson.model.AbstractDescribableImpl<SecurityRealm>

hudson.security.SecurityRealm

hudson.security.AbstractPasswordBasedSecurityRealm

org.jenkinsci.plugins.GithubSecurityRealm

All Implemented Interfaces:

ExtensionPoint, Describable<SecurityRealm>, UserDetailsService

public class GithubSecurityRealm
extends AbstractPasswordBasedSecurityRealm
implements UserDetailsService

Implementation of the AbstractPasswordBasedSecurityRealm that uses github oauth to verify the user can login. This is based on the MySQLSecurityRealm from the mysql-auth-plugin written by Alex Ackerman.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	GithubSecurityRealm.ConverterImpl
static class	GithubSecurityRealm.DescriptorImpl

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

SecurityRealm.SecurityComponents

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields inherited from class hudson.security.SecurityRealm

AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors

Constructor	Description
GithubSecurityRealm(String githubWebUri, String githubApiUri, String clientID, String clientSecret, String oauthScopes)

Method Summary

Modifier and Type	Method	Description
boolean	allowsSignup()
protected GithubOAuthUserDetails	authenticate(String username, String password)
SecurityRealm.SecurityComponents	createSecurityComponents()
org.kohsuke.stapler.HttpResponse	doCommenceLogin(org.kohsuke.stapler.StaplerRequest request, String from, String referer)
org.kohsuke.stapler.HttpResponse	doFinishLogin(org.kohsuke.stapler.StaplerRequest request)	This is where the user comes back to at the end of the OAuth redirect ping-pong.
boolean	equals(Object object)	Compare an object against this instance for equivalence.
String	getClientID()
Secret	getClientSecret()
GithubSecurityRealm.DescriptorImpl	getDescriptor()
String	getGithubApiUri()
String	getGithubUri()	Deprecated. use getGithubWebUri() instead.
String	getGithubWebUri()
String	getLoginUrl()
String	getOauthScopes()
protected String	getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req, Authentication auth)
int	hashCode()
boolean	hasScope(String scope)	Checks the security realm for a GitHub OAuth scope.
GroupDetails	loadGroupByGroupname(String groupName)
UserDetails	loadUserByUsername(String username)

Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm

authenticate2, loadGroupByGroupname2, loadUserByUsername2

Methods inherited from class hudson.security.SecurityRealm

all, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getFrom, getGroupIdStrategy, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, setCaptchaSupport, validateCaptcha

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.acegisecurity.userdetails.UserDetailsService

toSpring

Constructor Detail

GithubSecurityRealm

@DataBoundConstructor
public GithubSecurityRealm(String githubWebUri,
                           String githubApiUri,
                           String clientID,
                           String clientSecret,
                           String oauthScopes)

Parameters:

githubWebUri - The URI to the root of the web UI for GitHub or GitHub Enterprise, including the protocol (e.g. https).

githubApiUri - The URI to the root of the API for GitHub or GitHub Enterprise, including the protocol (e.g. https).

clientID - The client ID for the created OAuth Application.

clientSecret - The client secret for the created GitHub OAuth Application.

oauthScopes - A comma separated list of OAuth Scopes to request access to.

Method Detail

hasScope

public boolean hasScope(String scope)

Checks the security realm for a GitHub OAuth scope.

Parameters:

scope - A scope to check for in the security realm.

Returns:

true if security realm has the scope or false if it does not.

getGithubApiUri

public String getGithubApiUri()

Returns:

the URI to the API root of GitHub or GitHub Enterprise.

getGithubWebUri

public String getGithubWebUri()

Returns:

the uri to the web root of Github (varies for Github Enterprise Edition)

getGithubUri

@Deprecated
public String getGithubUri()

Deprecated.

use getGithubWebUri() instead.

Returns:

the uri to the web root of Github (varies for Github Enterprise Edition)

getClientID

public String getClientID()

Returns:

the clientID

getClientSecret

public Secret getClientSecret()

Returns:

the clientSecret

getOauthScopes

public String getOauthScopes()

Returns:

the oauthScopes

doCommenceLogin

public org.kohsuke.stapler.HttpResponse doCommenceLogin(org.kohsuke.stapler.StaplerRequest request,
                                                        @QueryParameter
                                                        String from,
                                                        @Header("Referer")
                                                        String referer)
                                                 throws IOException

Throws:

IOException

doFinishLogin

public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
                                               throws IOException

This is where the user comes back to at the end of the OAuth redirect ping-pong.

Throws:

IOException

allowsSignup

public boolean allowsSignup()

Overrides:

allowsSignup in class SecurityRealm

createSecurityComponents

public SecurityRealm.SecurityComponents createSecurityComponents()

Overrides:

createSecurityComponents in class AbstractPasswordBasedSecurityRealm

authenticate

protected GithubOAuthUserDetails authenticate(String username,
                                              String password)
                                       throws AuthenticationException

Overrides:

authenticate in class AbstractPasswordBasedSecurityRealm

Throws:

AuthenticationException

getLoginUrl

public String getLoginUrl()

Overrides:

getLoginUrl in class SecurityRealm

getPostLogOutUrl

protected String getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req,
                                  Authentication auth)

Overrides:

getPostLogOutUrl in class SecurityRealm

getDescriptor

public GithubSecurityRealm.DescriptorImpl getDescriptor()

Specified by:

getDescriptor in interface Describable<SecurityRealm>

Overrides:

getDescriptor in class SecurityRealm

loadUserByUsername

public UserDetails loadUserByUsername(String username)
                               throws UsernameNotFoundException,
                                      DataAccessException

Specified by:

loadUserByUsername in interface UserDetailsService

Overrides:

loadUserByUsername in class AbstractPasswordBasedSecurityRealm

Parameters:

username - username to lookup

Returns:

userDetails

Throws:

UsernameNotFoundException

DataAccessException

equals

public boolean equals(Object object)

Compare an object against this instance for equivalence.

Overrides:

equals in class Object

Parameters:

object - An object to campare this instance to.

Returns:

true if the objects are the same instance and configuration.

hashCode

public int hashCode()

Overrides:

hashCode in class Object

loadGroupByGroupname

public GroupDetails loadGroupByGroupname(String groupName)
                                  throws UsernameNotFoundException,
                                         DataAccessException

Overrides:

loadGroupByGroupname in class AbstractPasswordBasedSecurityRealm

Parameters:

groupName - groupName to look up

Returns:

groupDetails

Throws:

UsernameNotFoundException

DataAccessException