Package org.jenkinsci.plugins.oic
Class OicSecurityRealm
- java.lang.Object
-
- hudson.model.AbstractDescribableImpl<SecurityRealm>
-
- hudson.security.SecurityRealm
-
- org.jenkinsci.plugins.oic.OicSecurityRealm
-
- All Implemented Interfaces:
ExtensionPoint
,Describable<SecurityRealm>
,Serializable
public class OicSecurityRealm extends SecurityRealm implements Serializable
Login with OpenID Connect / OAuth 2- Author:
- Michael Bischoff, Steve Arch
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
OicSecurityRealm.DescriptorImpl
static class
OicSecurityRealm.TokenAuthMethod
-
Nested classes/interfaces inherited from class hudson.security.SecurityRealm
SecurityRealm.SecurityComponents
-
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
-
Field Summary
-
Fields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
-
-
Constructor Summary
Constructors Constructor Description OicSecurityRealm(String clientId, String clientSecret, String authorizationServerUrl, String tokenServerUrl, String jwksServerUrl, String tokenAuthMethod, String userInfoServerUrl, String endSessionEndpoint, String scopes, String automanualconfigure, Boolean disableSslVerification)
OicSecurityRealm(String clientId, String clientSecret, String wellKnownOpenIDConfigurationUrl, String tokenServerUrl, String jwksServerUrl, String tokenAuthMethod, String authorizationServerUrl, String userInfoServerUrl, String userNameField, String tokenFieldToCheckKey, String tokenFieldToCheckValue, String fullNameFieldName, String emailFieldName, String scopes, String groupsFieldName, Boolean disableSslVerification, Boolean logoutFromOpenidProvider, String endSessionEndpoint, String postLogoutRedirectUrl, Boolean escapeHatchEnabled, String escapeHatchUsername, String escapeHatchSecret, String escapeHatchGroup, String automanualconfigure)
Deprecated.retained for backwards binary compatibility.
-
Method Summary
-
Methods inherited from class hudson.security.SecurityRealm
all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getPostLogOutUrl, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, loadGroupByGroupname, loadGroupByGroupname2, loadUserByUsername, loadUserByUsername2, setCaptchaSupport, validateCaptcha
-
-
-
-
Constructor Detail
-
OicSecurityRealm
@Deprecated public OicSecurityRealm(String clientId, String clientSecret, String wellKnownOpenIDConfigurationUrl, String tokenServerUrl, String jwksServerUrl, String tokenAuthMethod, String authorizationServerUrl, String userInfoServerUrl, String userNameField, String tokenFieldToCheckKey, String tokenFieldToCheckValue, String fullNameFieldName, String emailFieldName, String scopes, String groupsFieldName, Boolean disableSslVerification, Boolean logoutFromOpenidProvider, String endSessionEndpoint, String postLogoutRedirectUrl, Boolean escapeHatchEnabled, String escapeHatchUsername, String escapeHatchSecret, String escapeHatchGroup, String automanualconfigure) throws IOException
Deprecated.retained for backwards binary compatibility.- Throws:
IOException
-
OicSecurityRealm
@DataBoundConstructor public OicSecurityRealm(String clientId, String clientSecret, String authorizationServerUrl, String tokenServerUrl, String jwksServerUrl, String tokenAuthMethod, String userInfoServerUrl, String endSessionEndpoint, String scopes, String automanualconfigure, Boolean disableSslVerification) throws IOException
- Throws:
IOException
-
-
Method Detail
-
readResolve
protected Object readResolve()
-
getClientId
public String getClientId()
-
getClientSecret
public Secret getClientSecret()
-
getWellKnownOpenIDConfigurationUrl
public String getWellKnownOpenIDConfigurationUrl()
-
getTokenServerUrl
public String getTokenServerUrl()
-
getJwksServerUrl
public String getJwksServerUrl()
-
getTokenAuthMethod
public OicSecurityRealm.TokenAuthMethod getTokenAuthMethod()
-
getAuthorizationServerUrl
public String getAuthorizationServerUrl()
-
getUserInfoServerUrl
public String getUserInfoServerUrl()
-
getUserNameField
public String getUserNameField()
-
getTokenFieldToCheckKey
public String getTokenFieldToCheckKey()
-
getTokenFieldToCheckValue
public String getTokenFieldToCheckValue()
-
getFullNameFieldName
public String getFullNameFieldName()
-
getEmailFieldName
public String getEmailFieldName()
-
getGroupsFieldName
public String getGroupsFieldName()
-
getScopes
public String getScopes()
-
isDisableSslVerification
public boolean isDisableSslVerification()
-
isLogoutFromOpenidProvider
public boolean isLogoutFromOpenidProvider()
-
getEndSessionEndpoint
public String getEndSessionEndpoint()
-
getPostLogoutRedirectUrl
public String getPostLogoutRedirectUrl()
-
isEscapeHatchEnabled
public boolean isEscapeHatchEnabled()
-
getEscapeHatchUsername
public String getEscapeHatchUsername()
-
getEscapeHatchSecret
public Secret getEscapeHatchSecret()
-
getEscapeHatchGroup
public String getEscapeHatchGroup()
-
getAutomanualconfigure
public String getAutomanualconfigure()
-
isOverrideScopesDefined
public boolean isOverrideScopesDefined()
-
getOverrideScopes
public String getOverrideScopes()
-
isRootURLFromRequest
public boolean isRootURLFromRequest()
-
isSendScopesInTokenRequest
public boolean isSendScopesInTokenRequest()
-
isPkceEnabled
public boolean isPkceEnabled()
-
isDisableTokenVerification
public boolean isDisableTokenVerification()
-
isNonceDisabled
public boolean isNonceDisabled()
-
isAutoConfigure
public boolean isAutoConfigure()
-
setWellKnownOpenIDConfigurationUrl
@DataBoundSetter public void setWellKnownOpenIDConfigurationUrl(String wellKnownOpenIDConfigurationUrl)
-
setUserNameField
@DataBoundSetter public void setUserNameField(String userNameField)
-
setTokenFieldToCheckKey
@DataBoundSetter public void setTokenFieldToCheckKey(String tokenFieldToCheckKey)
-
setTokenFieldToCheckValue
@DataBoundSetter public void setTokenFieldToCheckValue(String tokenFieldToCheckValue)
-
setFullNameFieldName
@DataBoundSetter public void setFullNameFieldName(String fullNameFieldName)
-
setEmailFieldName
@DataBoundSetter public void setEmailFieldName(String emailFieldName)
-
compileJMESPath
protected static io.burt.jmespath.Expression<Object> compileJMESPath(String str, String logComment)
-
setGroupsFieldName
@DataBoundSetter public void setGroupsFieldName(String groupsFieldName)
-
setScopes
public void setScopes(String scopes)
-
setLogoutFromOpenidProvider
@DataBoundSetter public void setLogoutFromOpenidProvider(boolean logoutFromOpenidProvider)
-
setPostLogoutRedirectUrl
@DataBoundSetter public void setPostLogoutRedirectUrl(String postLogoutRedirectUrl)
-
setEscapeHatchEnabled
@DataBoundSetter public void setEscapeHatchEnabled(boolean escapeHatchEnabled)
-
setEscapeHatchUsername
@DataBoundSetter public void setEscapeHatchUsername(String escapeHatchUsername)
-
setEscapeHatchSecret
@DataBoundSetter public void setEscapeHatchSecret(Secret escapeHatchSecret)
-
setEscapeHatchGroup
@DataBoundSetter public void setEscapeHatchGroup(String escapeHatchGroup)
-
setOverrideScopesDefined
@DataBoundSetter public void setOverrideScopesDefined(boolean overrideScopesDefined)
-
setOverrideScopes
@DataBoundSetter public void setOverrideScopes(String overrideScopes)
-
setRootURLFromRequest
@DataBoundSetter public void setRootURLFromRequest(boolean rootURLFromRequest)
-
setSendScopesInTokenRequest
@DataBoundSetter public void setSendScopesInTokenRequest(boolean sendScopesInTokenRequest)
-
setPkceEnabled
@DataBoundSetter public void setPkceEnabled(boolean pkceEnabled)
-
setDisableTokenVerification
@DataBoundSetter public void setDisableTokenVerification(boolean disableTokenVerification)
-
setNonceDisabled
@DataBoundSetter public void setNonceDisabled(boolean nonceDisabled)
-
getLoginUrl
public String getLoginUrl()
- Overrides:
getLoginUrl
in classSecurityRealm
-
getAuthenticationGatewayUrl
public String getAuthenticationGatewayUrl()
- Overrides:
getAuthenticationGatewayUrl
in classSecurityRealm
-
createSecurityComponents
public SecurityRealm.SecurityComponents createSecurityComponents()
- Specified by:
createSecurityComponents
in classSecurityRealm
-
buildAuthorizationCodeFlow
protected com.google.api.client.auth.oauth2.AuthorizationCodeFlow buildAuthorizationCodeFlow()
Build authorization code flow
-
doCommenceLogin
@Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter String from, @Header("Referer") String referer)
Handles the the securityRealm/commenceLogin resource and sends the user off to the IdP- Parameters:
from
- the relative URL to the page that the user has just come fromreferer
- the HTTP referer header (where to redirect the user back to after login has finished)- Returns:
- an
HttpResponse
object
-
getStringField
protected String getStringField(Object object, io.burt.jmespath.Expression<Object> fieldExpr)
-
doLogout
@Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public void doLogout(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException
- Overrides:
doLogout
in classSecurityRealm
- Throws:
IOException
javax.servlet.ServletException
-
getPostLogOutUrl2
public String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest req, org.springframework.security.core.Authentication auth)
- Overrides:
getPostLogOutUrl2
in classSecurityRealm
-
doFinishLogin
public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request) throws IOException
This is where the user comes back to at the end of the OpenID redirect ping-pong.- Parameters:
request
- The user's request- Returns:
- an HttpResponse
- Throws:
IOException
-
-