Package hudson.security
Class LDAPSecurityRealm
- java.lang.Object
-
- hudson.model.AbstractDescribableImpl<SecurityRealm>
-
- hudson.security.SecurityRealm
-
- hudson.security.AbstractPasswordBasedSecurityRealm
-
- hudson.security.LDAPSecurityRealm
-
- All Implemented Interfaces:
ExtensionPoint
,Describable<SecurityRealm>
public class LDAPSecurityRealm extends AbstractPasswordBasedSecurityRealm
SecurityRealm
implementation that uses LDAP for authentication.Key Object Classes
Group Membership
Two object classes seem to be relevant. These are in RFC 2256 and core.schema. These use DN for membership, so it can create a group of anything. I don't know what the difference between these two are.
attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ) attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
This one is from nis.schema, and appears to model POSIX group/user thing more closely.
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) ) attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'An integer uniquely identifying a user in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Active Directory specific schemas (from here).
objectclass ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST (groupType ) MAY (member $ nTGroupMembers $ operatorCount $ adminCount $ groupAttributes $ groupMembershipSAM $ controlAccessRights $ desktopProfile $ nonSecurityMember $ managedBy $ primaryGroupToken $ mail ) ) objectclass ( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY (userCertificate $ networkAddress $ userAccountControl $ badPwdCount $ codePage $ homeDirectory $ homeDrive $ badPasswordTime $ lastLogoff $ lastLogon $ dBCSPwd $ localeID $ scriptPath $ logonHours $ logonWorkstation $ maxStorage $ userWorkstations $ unicodePwd $ otherLoginWorkstations $ ntPwdHistory $ pwdLastSet $ preferredOU $ primaryGroupID $ userParameters $ profilePath $ operatorCount $ adminCount $ accountExpires $ lmPwdHistory $ groupMembershipSAM $ logonCount $ controlAccessRights $ defaultClassStore $ groupsToIgnore $ groupPriority $ desktopProfile $ dynamicLDAPServer $ userPrincipalName $ lockoutTime $ userSharedFolder $ userSharedFolderOther $ servicePrincipalName $ aCSPolicyName $ terminalServer $ mSMQSignCertificates $ mSMQDigests $ mSMQDigestsMig $ mSMQSignCertificatesMig $ msNPAllowDialin $ msNPCallingStationID $ msNPSavedCallingStationID $ msRADIUSCallbackNumber $ msRADIUSFramedIPAddress $ msRADIUSFramedRoute $ msRADIUSServiceType $ msRASSavedCallbackNumber $ msRASSavedFramedIPAddress $ msRASSavedFramedRoute $ mS-DS-CreatorSID ) )
References
- Standard Schemas
- The downloadable distribution contains schemas that define the structure of LDAP entries. Because this is a standard, we expect most LDAP servers out there to use it, although there are different objectClasses that can be used for similar purposes, and apparently many deployments choose to use different objectClasses.
- RFC 2256
- Defines the meaning of several key datatypes used in the schemas with some explanations.
- Active Directory schema
- More navigable schema list, including core and MS extensions specific to Active Directory.
- Since:
- 1.166
- Author:
- Kohsuke Kawaguchi
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
LDAPSecurityRealm.AuthoritiesPopulatorImpl
LdapAuthoritiesPopulator
that adds the automatic 'authenticated' role.static class
LDAPSecurityRealm.CacheConfiguration
static class
LDAPSecurityRealm.DescriptorImpl
static class
LDAPSecurityRealm.EnvironmentProperty
static class
LDAPSecurityRealm.LdapAuthenticationProviderImpl
static class
LDAPSecurityRealm.LDAPUserDetailsService
-
Nested classes/interfaces inherited from class hudson.security.SecurityRealm
SecurityRealm.SecurityComponents
-
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
-
Field Summary
Fields Modifier and Type Field Description boolean
disableMailAddressResolver
static String
GROUP_SEARCH
LDAP filter to look for groups by their names.String
groupMembershipFilter
Deprecated.LDAPGroupMembershipStrategy
groupMembershipStrategy
Deprecated.String
groupSearchBase
Deprecated.String
groupSearchFilter
Deprecated.boolean
inhibitInferRootDN
Deprecated.static Logger
LOGGER
String
managerDN
Deprecated.String
rootDN
Deprecated.String
server
Deprecated.String
userSearch
Deprecated.String
userSearchBase
Deprecated.-
Fields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
-
-
Constructor Summary
Constructors Constructor Description LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName, IdStrategy userIdStrategy, IdStrategy groupIdStrategy)
Deprecated.retained for backwards binary compatibility.LDAPSecurityRealm(List<LDAPConfiguration> configurations, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, IdStrategy userIdStrategy, IdStrategy groupIdStrategy)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected org.springframework.security.core.userdetails.UserDetails
authenticate2(String username, String password)
SecurityRealm.SecurityComponents
createSecurityComponents()
LDAPSecurityRealm.CacheConfiguration
getCache()
Integer
getCacheSize()
Integer
getCacheTTL()
LDAPConfiguration
getConfigurationFor(String configurationId)
LDAPConfiguration
getConfigurationFor(org.springframework.security.ldap.userdetails.LdapUserDetails d)
List<LDAPConfiguration>
getConfigurations()
LDAPSecurityRealm.DescriptorImpl
getDescriptor()
String
getDisplayNameAttributeName()
Deprecated.LDAPSecurityRealm.EnvironmentProperty[]
getEnvironmentProperties()
Deprecated.Map<String,String>
getExtraEnvVars()
Deprecated.IdStrategy
getGroupIdStrategy()
String
getGroupMembershipFilter()
Deprecated.LDAPGroupMembershipStrategy
getGroupMembershipStrategy()
Deprecated.String
getGroupSearchFilter()
Deprecated.String
getLDAPURL()
Deprecated.String
getMailAddressAttributeName()
Deprecated.String
getManagerPassword()
Deprecated.Secret
getManagerPasswordSecret()
Deprecated.String
getServerUrl()
Deprecated.IdStrategy
getUserIdStrategy()
boolean
hasMultiConfiguration()
boolean
isDisableRolePrefixing()
GroupDetails
loadGroupByGroupname2(String groupname, boolean fetchMembers)
org.springframework.security.core.userdetails.UserDetails
loadUserByUsername2(String username)
void
setDisableRolePrefixing(boolean disableRolePrefixing)
static String
toProviderUrl(String serverUrl, String rootDN)
org.springframework.security.core.Authentication
updateUserDetails(org.springframework.security.core.Authentication authentication, org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
org.springframework.security.core.userdetails.UserDetails
updateUserDetails(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
hudson.security.LDAPSecurityRealm.DelegatedLdapUserDetails
updateUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails d, org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
-
Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm
authenticate, loadGroupByGroupname, loadUserByUsername
-
Methods inherited from class hudson.security.SecurityRealm
all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getFrom, getLoginUrl, getPostLogOutUrl, getPostLogOutUrl2, getSecurityComponents, loadGroupByGroupname, setCaptchaSupport, validateCaptcha
-
-
-
-
Field Detail
-
server
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String server
Deprecated.LDAP server name(s) separated by spaces, optionally with TCP port number, like "ldap.acme.org" or "ldap.acme.org:389" and/or with protocol, like "ldap://ldap.acme.org".
-
rootDN
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String rootDN
Deprecated.The root DN to connect to. Normally something like "dc=sun,dc=com" How do I infer this?
-
inhibitInferRootDN
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient boolean inhibitInferRootDN
Deprecated.Allow the rootDN to be inferred? Default is false. If true, allow rootDN to be blank.
-
userSearchBase
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String userSearchBase
Deprecated.Specifies the relative DN fromthe root DN
. This is used to narrow down the search space when doing user search. Something like "ou=people" but can be empty.
-
userSearch
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String userSearch
Deprecated.Query to locate an entry that identifies the user, given the user name string. Normally "uid={0}"- See Also:
FilterBasedLdapUserSearch
-
groupSearchBase
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String groupSearchBase
Deprecated.This defines the organizational unit that contains groups. Normally "" to indicate the full LDAP search, but can be often narrowed down to something like "ou=groups"- See Also:
FilterBasedLdapUserSearch
-
groupSearchFilter
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String groupSearchFilter
Deprecated.Query to locate an entry that identifies the group, given the group name string. If non-null it will override the default specified byGROUP_SEARCH
- Since:
- 1.5
-
groupMembershipFilter
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String groupMembershipFilter
Deprecated.Query to locate the group entries that a user belongs to, given the user object.{0}
is the user's full DN while {1} is the username. If non-null it will override the default- Since:
- 1.5
-
groupMembershipStrategy
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient LDAPGroupMembershipStrategy groupMembershipStrategy
Deprecated.- Since:
- 2.0
-
managerDN
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public transient String managerDN
Deprecated.If non-null, we use this andmanagerPasswordSecret
when binding to LDAP. This is necessary when LDAP doesn't support anonymous access.
-
disableMailAddressResolver
public final boolean disableMailAddressResolver
- Since:
- 1.2
-
LOGGER
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final Logger LOGGER
-
GROUP_SEARCH
public static final String GROUP_SEARCH
LDAP filter to look for groups by their names. "{0}" is the group name as given by the user. See http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx for the syntax by example. WANTED: The specification of the syntax.
-
-
Constructor Detail
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@Deprecated public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, LDAPSecurityRealm.EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName, IdStrategy userIdStrategy, IdStrategy groupIdStrategy)
Deprecated.retained for backwards binary compatibility.
-
LDAPSecurityRealm
@DataBoundConstructor public LDAPSecurityRealm(List<LDAPConfiguration> configurations, boolean disableMailAddressResolver, LDAPSecurityRealm.CacheConfiguration cache, IdStrategy userIdStrategy, IdStrategy groupIdStrategy)
-
-
Method Detail
-
getConfigurations
public List<LDAPConfiguration> getConfigurations()
-
isDisableRolePrefixing
public boolean isDisableRolePrefixing()
-
setDisableRolePrefixing
@DataBoundSetter public void setDisableRolePrefixing(boolean disableRolePrefixing)
-
getServerUrl
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getServerUrl()
Deprecated.
-
getUserIdStrategy
public IdStrategy getUserIdStrategy()
- Overrides:
getUserIdStrategy
in classSecurityRealm
-
getGroupIdStrategy
public IdStrategy getGroupIdStrategy()
- Overrides:
getGroupIdStrategy
in classSecurityRealm
-
getCache
public LDAPSecurityRealm.CacheConfiguration getCache()
-
getCacheSize
public Integer getCacheSize()
-
getCacheTTL
public Integer getCacheTTL()
-
getGroupMembershipFilter
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getGroupMembershipFilter()
Deprecated.
-
getGroupMembershipStrategy
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public LDAPGroupMembershipStrategy getGroupMembershipStrategy()
Deprecated.
-
getGroupSearchFilter
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getGroupSearchFilter()
Deprecated.
-
getExtraEnvVars
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public Map<String,String> getExtraEnvVars()
Deprecated.
-
getEnvironmentProperties
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public LDAPSecurityRealm.EnvironmentProperty[] getEnvironmentProperties()
Deprecated.
-
getManagerPassword
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getManagerPassword()
Deprecated.
-
getManagerPasswordSecret
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public Secret getManagerPasswordSecret()
Deprecated.
-
getLDAPURL
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getLDAPURL()
Deprecated.
-
getDisplayNameAttributeName
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getDisplayNameAttributeName()
Deprecated.
-
getMailAddressAttributeName
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public String getMailAddressAttributeName()
Deprecated.
-
getConfigurationFor
@CheckForNull @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public LDAPConfiguration getConfigurationFor(org.springframework.security.ldap.userdetails.LdapUserDetails d)
-
hasMultiConfiguration
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasMultiConfiguration()
-
getConfigurationFor
@CheckForNull @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public LDAPConfiguration getConfigurationFor(String configurationId)
-
toProviderUrl
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static String toProviderUrl(String serverUrl, String rootDN)
-
createSecurityComponents
@NonNull public SecurityRealm.SecurityComponents createSecurityComponents()
- Overrides:
createSecurityComponents
in classAbstractPasswordBasedSecurityRealm
-
authenticate2
protected org.springframework.security.core.userdetails.UserDetails authenticate2(String username, String password) throws org.springframework.security.core.AuthenticationException
- Overrides:
authenticate2
in classAbstractPasswordBasedSecurityRealm
- Throws:
org.springframework.security.core.AuthenticationException
-
loadUserByUsername2
public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException
- Overrides:
loadUserByUsername2
in classAbstractPasswordBasedSecurityRealm
- Throws:
org.springframework.security.core.userdetails.UsernameNotFoundException
-
updateUserDetails
public org.springframework.security.core.Authentication updateUserDetails(org.springframework.security.core.Authentication authentication, @CheckForNull org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
-
updateUserDetails
public org.springframework.security.core.userdetails.UserDetails updateUserDetails(org.springframework.security.core.userdetails.UserDetails userDetails, @CheckForNull org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
-
updateUserDetails
public hudson.security.LDAPSecurityRealm.DelegatedLdapUserDetails updateUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails d, @CheckForNull org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)
-
loadGroupByGroupname2
public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException
- Overrides:
loadGroupByGroupname2
in classAbstractPasswordBasedSecurityRealm
- Throws:
org.springframework.security.core.userdetails.UsernameNotFoundException
-
getDescriptor
public LDAPSecurityRealm.DescriptorImpl getDescriptor()
- Specified by:
getDescriptor
in interfaceDescribable<SecurityRealm>
- Overrides:
getDescriptor
in classSecurityRealm
-
-