Package org.jenkinsci.plugins.oic

Class OicSecurityRealm

java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
org.jenkinsci.plugins.oic.OicSecurityRealm
All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>
public class OicSecurityRealm extends SecurityRealm
Login with OpenID Connect / OAuth 2
Author:
Michael Bischoff, Steve Arch

  • Constructor Details

  • Method Details

    • readResolve

      protected Object readResolve() throws ObjectStreamException
      Throws:
      ObjectStreamException

    • getClientId

      public String getClientId()

    • getClientSecret

      public Secret getClientSecret()

    • getServerConfiguration

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public OicServerConfiguration getServerConfiguration()

    • getUserNameField

      public String getUserNameField()

    • isMissingIdStrategy

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean isMissingIdStrategy()

    • getUserIdStrategy

      public IdStrategy getUserIdStrategy()
      Overrides:
      getUserIdStrategy in class SecurityRealm

    • getTokenFieldToCheckKey

      public String getTokenFieldToCheckKey()

    • getTokenFieldToCheckValue

      public String getTokenFieldToCheckValue()

    • getFullNameFieldName

      public String getFullNameFieldName()

    • getEmailFieldName

      public String getEmailFieldName()

    • getGroupsFieldName

      public String getGroupsFieldName()

    • getGroupIdStrategy

      public IdStrategy getGroupIdStrategy()
      Overrides:
      getGroupIdStrategy in class SecurityRealm

    • isDisableSslVerification

      public boolean isDisableSslVerification()

    • isLogoutFromOpenidProvider

      public boolean isLogoutFromOpenidProvider()

    • getPostLogoutRedirectUrl

      public String getPostLogoutRedirectUrl()

    • isRootURLFromRequest

      public boolean isRootURLFromRequest()

    • isSendScopesInTokenRequest

      public boolean isSendScopesInTokenRequest()

    • isTokenExpirationCheckDisabled

      public boolean isTokenExpirationCheckDisabled()

    • isAllowTokenAccessWithoutOicSession

      public boolean isAllowTokenAccessWithoutOicSession()

    • getProperties

      public DescribableList<OidcProperty,OidcPropertyDescriptor> getProperties()

    • setProperties

      @DataBoundSetter public void setProperties(List<OidcProperty> properties) throws IOException
      Throws:
      IOException

    • createProxyAwareResourceRetriver

      @PostConstruct @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public void createProxyAwareResourceRetriver()

    • buildOidcClient

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) protected org.pac4j.oidc.client.OidcClient buildOidcClient()

    • setUserNameField

      @DataBoundSetter public void setUserNameField(String userNameField)

    • setTokenFieldToCheckKey

      @DataBoundSetter public void setTokenFieldToCheckKey(String tokenFieldToCheckKey)

    • setTokenFieldToCheckValue

      @DataBoundSetter public void setTokenFieldToCheckValue(String tokenFieldToCheckValue)

    • setFullNameFieldName

      @DataBoundSetter public void setFullNameFieldName(String fullNameFieldName)

    • setEmailFieldName

      @DataBoundSetter public void setEmailFieldName(String emailFieldName)

    • compileJMESPath

      protected static io.burt.jmespath.Expression<Object> compileJMESPath(String str, String logComment)

    • setGroupsFieldName

      @DataBoundSetter public void setGroupsFieldName(String groupsFieldName)

    • setLogoutFromOpenidProvider

      @DataBoundSetter public void setLogoutFromOpenidProvider(boolean logoutFromOpenidProvider)

    • setPostLogoutRedirectUrl

      @DataBoundSetter public void setPostLogoutRedirectUrl(String postLogoutRedirectUrl)

    • setEscapeHatchSecret

      @DataBoundSetter public void setEscapeHatchSecret(Secret escapeHatchSecret)

    • setRootURLFromRequest

      @DataBoundSetter public void setRootURLFromRequest(boolean rootURLFromRequest)

    • setSendScopesInTokenRequest

      @DataBoundSetter public void setSendScopesInTokenRequest(boolean sendScopesInTokenRequest)

    • setTokenExpirationCheckDisabled

      @DataBoundSetter public void setTokenExpirationCheckDisabled(boolean tokenExpirationCheckDisabled)

    • setAllowTokenAccessWithoutOicSession

      @DataBoundSetter public void setAllowTokenAccessWithoutOicSession(boolean allowTokenAccessWithoutOicSession)

    • getLoginUrl

      public String getLoginUrl()
      Overrides:
      getLoginUrl in class SecurityRealm

    • getAuthenticationGatewayUrl

      public String getAuthenticationGatewayUrl()
      Overrides:
      getAuthenticationGatewayUrl in class SecurityRealm

    • createFilter

      public jakarta.servlet.Filter createFilter(jakarta.servlet.FilterConfig filterConfig)
      Overrides:
      createFilter in class SecurityRealm

    • createSecurityComponents

      public SecurityRealm.SecurityComponents createSecurityComponents()
      Specified by:
      createSecurityComponents in class SecurityRealm

    • getValidRedirectUrl

      protected String getValidRedirectUrl(String url)
      Validate post-login redirect URL For security reasons, the login must not redirect outside Jenkins realm. For usability reason, the logout page should redirect to root url.

    • doCommenceLogin

      @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public void doCommenceLogin(@QueryParameter String from, @Header("Referer") String referer) throws URISyntaxException
      Handles the securityRealm/commenceLogin resource and sends the user off to the IdP
      Parameters:
      from - the relative URL to the page that the user has just come from
      referer - the HTTP referer header (where to redirect the user back to after login has finished)
      Throws:
      URISyntaxException - if the provided data is invalid

    • getStringField

      protected String getStringField(Object object, io.burt.jmespath.Expression<Object> fieldExpr)

    • doLogout

      @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class) public void doLogout(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException
      Overrides:
      doLogout in class SecurityRealm
      Throws:
      IOException
      jakarta.servlet.ServletException

    • getPostLogOutUrl2

      public String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest2 req, org.springframework.security.core.Authentication auth)
      Overrides:
      getPostLogOutUrl2 in class SecurityRealm

    • doFinishLogin

      public void doFinishLogin(org.kohsuke.stapler.StaplerRequest2 request, org.kohsuke.stapler.StaplerResponse2 response) throws IOException, ParseException
      This is where the user comes back to at the end of the OpenID redirect ping-pong.
      Parameters:
      request - The user's request
      Throws:
      ParseException - if the JWT (or other response) could not be parsed.
      IOException

    • handleTokenExpiration

      public boolean handleTokenExpiration(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) throws IOException
      Handles Token Expiration.
      Throws:
      IOException - a low level exception

    • isExpired

      public boolean isExpired(OicCredentials credentials)