Package org.jenkinsci.plugins.oic

Class OicSecurityRealm

java.lang.Object

hudson.model.AbstractDescribableImpl<SecurityRealm>

hudson.security.SecurityRealm

org.jenkinsci.plugins.oic.OicSecurityRealm

All Implemented Interfaces:

ExtensionPoint, Describable<SecurityRealm>, Serializable

public class OicSecurityRealm
extends SecurityRealm
implements Serializable

Login with OpenID Connect / OAuth 2

Author:

Michael Bischoff, Steve Arch

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OicSecurityRealm.DescriptorImpl
static class	OicSecurityRealm.TokenAuthMethod

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

SecurityRealm.SecurityComponents

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields inherited from class hudson.security.SecurityRealm

AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors

Constructor	Description
OicSecurityRealm(String clientId, String clientSecret, String authorizationServerUrl, String tokenServerUrl, String jwksServerUrl, String tokenAuthMethod, String userInfoServerUrl, String endSessionEndpoint, String scopes, String automanualconfigure, Boolean disableSslVerification)
OicSecurityRealm(String clientId, String clientSecret, String wellKnownOpenIDConfigurationUrl, String tokenServerUrl, String jwksServerUrl, String tokenAuthMethod, String authorizationServerUrl, String userInfoServerUrl, String userNameField, String tokenFieldToCheckKey, String tokenFieldToCheckValue, String fullNameFieldName, String emailFieldName, String scopes, String groupsFieldName, Boolean disableSslVerification, Boolean logoutFromOpenidProvider, String endSessionEndpoint, String postLogoutRedirectUrl, Boolean escapeHatchEnabled, String escapeHatchUsername, String escapeHatchSecret, String escapeHatchGroup, String automanualconfigure)	Deprecated. retained for backwards binary compatibility.

Method Summary

Modifier and Type	Method	Description
protected com.google.api.client.auth.oauth2.AuthorizationCodeFlow	buildAuthorizationCodeFlow()	Build authorization code flow
protected boolean	checkEscapeHatch(String username, String password)
protected static io.burt.jmespath.Expression<Object>	compileJMESPath(String str, String logComment)
SecurityRealm.SecurityComponents	createSecurityComponents()
org.kohsuke.stapler.HttpResponse	doCommenceLogin(String from, String referer)	Handles the the securityRealm/commenceLogin resource and sends the user off to the IdP
org.kohsuke.stapler.HttpResponse	doFinishLogin(org.kohsuke.stapler.StaplerRequest request)	This is where the user comes back to at the end of the OpenID redirect ping-pong.
void	doLogout(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)
String	getAuthenticationGatewayUrl()
String	getAuthorizationServerUrl()
String	getAutomanualconfigure()
String	getClientId()
Secret	getClientSecret()
String	getEmailFieldName()
String	getEndSessionEndpoint()
String	getEscapeHatchGroup()
Secret	getEscapeHatchSecret()
String	getEscapeHatchUsername()
String	getFullNameFieldName()
String	getGroupsFieldName()
String	getJwksServerUrl()
String	getLoginUrl()
String	getOverrideScopes()
String	getPostLogoutRedirectUrl()
String	getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest req, org.springframework.security.core.Authentication auth)
String	getScopes()
protected String	getStringField(Object object, io.burt.jmespath.Expression<Object> fieldExpr)
OicSecurityRealm.TokenAuthMethod	getTokenAuthMethod()
String	getTokenFieldToCheckKey()
String	getTokenFieldToCheckValue()
String	getTokenServerUrl()
String	getUserInfoServerUrl()
String	getUserNameField()
protected String	getValidRedirectUrl(String url)
String	getWellKnownOpenIDConfigurationUrl()
boolean	isAutoConfigure()
boolean	isDisableSslVerification()
boolean	isDisableTokenVerification()
boolean	isEscapeHatchEnabled()
boolean	isLogoutFromOpenidProvider()
boolean	isNonceDisabled()
boolean	isOverrideScopesDefined()
boolean	isPkceEnabled()
boolean	isRootURLFromRequest()
boolean	isSendScopesInTokenRequest()
protected Object	readResolve()
void	setDisableTokenVerification(boolean disableTokenVerification)
void	setEmailFieldName(String emailFieldName)
void	setEscapeHatchEnabled(boolean escapeHatchEnabled)
void	setEscapeHatchGroup(String escapeHatchGroup)
void	setEscapeHatchSecret(Secret escapeHatchSecret)
void	setEscapeHatchUsername(String escapeHatchUsername)
void	setFullNameFieldName(String fullNameFieldName)
void	setGroupsFieldName(String groupsFieldName)
void	setLogoutFromOpenidProvider(boolean logoutFromOpenidProvider)
void	setNonceDisabled(boolean nonceDisabled)
void	setOverrideScopes(String overrideScopes)
void	setOverrideScopesDefined(boolean overrideScopesDefined)
void	setPkceEnabled(boolean pkceEnabled)
void	setPostLogoutRedirectUrl(String postLogoutRedirectUrl)
void	setRootURLFromRequest(boolean rootURLFromRequest)
void	setScopes(String scopes)
void	setSendScopesInTokenRequest(boolean sendScopesInTokenRequest)
void	setTokenFieldToCheckKey(String tokenFieldToCheckKey)
void	setTokenFieldToCheckValue(String tokenFieldToCheckValue)
void	setUserNameField(String userNameField)
void	setWellKnownOpenIDConfigurationUrl(String wellKnownOpenIDConfigurationUrl)

Methods inherited from class hudson.security.SecurityRealm

all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, doCaptcha, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getPostLogOutUrl, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, loadGroupByGroupname, loadGroupByGroupname2, loadUserByUsername, loadUserByUsername2, setCaptchaSupport, validateCaptcha

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OicSecurityRealm

@Deprecated
public OicSecurityRealm(String clientId,
                        String clientSecret,
                        String wellKnownOpenIDConfigurationUrl,
                        String tokenServerUrl,
                        String jwksServerUrl,
                        String tokenAuthMethod,
                        String authorizationServerUrl,
                        String userInfoServerUrl,
                        String userNameField,
                        String tokenFieldToCheckKey,
                        String tokenFieldToCheckValue,
                        String fullNameFieldName,
                        String emailFieldName,
                        String scopes,
                        String groupsFieldName,
                        Boolean disableSslVerification,
                        Boolean logoutFromOpenidProvider,
                        String endSessionEndpoint,
                        String postLogoutRedirectUrl,
                        Boolean escapeHatchEnabled,
                        String escapeHatchUsername,
                        String escapeHatchSecret,
                        String escapeHatchGroup,
                        String automanualconfigure)
                 throws IOException

Deprecated.

retained for backwards binary compatibility.

Throws:

IOException

OicSecurityRealm

@DataBoundConstructor
public OicSecurityRealm(String clientId,
                        String clientSecret,
                        String authorizationServerUrl,
                        String tokenServerUrl,
                        String jwksServerUrl,
                        String tokenAuthMethod,
                        String userInfoServerUrl,
                        String endSessionEndpoint,
                        String scopes,
                        String automanualconfigure,
                        Boolean disableSslVerification)
                 throws IOException

Throws:

IOException

Method Detail

readResolve

protected Object readResolve()

getClientId

public String getClientId()

getClientSecret

public Secret getClientSecret()

getWellKnownOpenIDConfigurationUrl

public String getWellKnownOpenIDConfigurationUrl()

getTokenServerUrl

public String getTokenServerUrl()

getJwksServerUrl

public String getJwksServerUrl()

getTokenAuthMethod

public OicSecurityRealm.TokenAuthMethod getTokenAuthMethod()

getAuthorizationServerUrl

public String getAuthorizationServerUrl()

getUserInfoServerUrl

public String getUserInfoServerUrl()

getUserNameField

public String getUserNameField()

getTokenFieldToCheckKey

public String getTokenFieldToCheckKey()

getTokenFieldToCheckValue

public String getTokenFieldToCheckValue()

getFullNameFieldName

public String getFullNameFieldName()

getEmailFieldName

public String getEmailFieldName()

getGroupsFieldName

public String getGroupsFieldName()

getScopes

public String getScopes()

isDisableSslVerification

public boolean isDisableSslVerification()

isLogoutFromOpenidProvider

public boolean isLogoutFromOpenidProvider()

getEndSessionEndpoint

public String getEndSessionEndpoint()

getPostLogoutRedirectUrl

public String getPostLogoutRedirectUrl()

isEscapeHatchEnabled

public boolean isEscapeHatchEnabled()

getEscapeHatchUsername

public String getEscapeHatchUsername()

getEscapeHatchSecret

public Secret getEscapeHatchSecret()

getEscapeHatchGroup

public String getEscapeHatchGroup()

getAutomanualconfigure

public String getAutomanualconfigure()

isOverrideScopesDefined

public boolean isOverrideScopesDefined()

getOverrideScopes

public String getOverrideScopes()

isRootURLFromRequest

public boolean isRootURLFromRequest()

isSendScopesInTokenRequest

public boolean isSendScopesInTokenRequest()

isPkceEnabled

public boolean isPkceEnabled()

isDisableTokenVerification

public boolean isDisableTokenVerification()

isNonceDisabled

public boolean isNonceDisabled()

isAutoConfigure

public boolean isAutoConfigure()

setWellKnownOpenIDConfigurationUrl

@DataBoundSetter
public void setWellKnownOpenIDConfigurationUrl(String wellKnownOpenIDConfigurationUrl)

setUserNameField

@DataBoundSetter
public void setUserNameField(String userNameField)

setTokenFieldToCheckKey

@DataBoundSetter
public void setTokenFieldToCheckKey(String tokenFieldToCheckKey)

setTokenFieldToCheckValue

@DataBoundSetter
public void setTokenFieldToCheckValue(String tokenFieldToCheckValue)

setFullNameFieldName

@DataBoundSetter
public void setFullNameFieldName(String fullNameFieldName)

setEmailFieldName

@DataBoundSetter
public void setEmailFieldName(String emailFieldName)

compileJMESPath

protected static io.burt.jmespath.Expression<Object> compileJMESPath(String str,
                                                                     String logComment)

setGroupsFieldName

@DataBoundSetter
public void setGroupsFieldName(String groupsFieldName)

setScopes

public void setScopes(String scopes)

setLogoutFromOpenidProvider

@DataBoundSetter
public void setLogoutFromOpenidProvider(boolean logoutFromOpenidProvider)

setPostLogoutRedirectUrl

@DataBoundSetter
public void setPostLogoutRedirectUrl(String postLogoutRedirectUrl)

setEscapeHatchEnabled

@DataBoundSetter
public void setEscapeHatchEnabled(boolean escapeHatchEnabled)

setEscapeHatchUsername

@DataBoundSetter
public void setEscapeHatchUsername(String escapeHatchUsername)

setEscapeHatchSecret

@DataBoundSetter
public void setEscapeHatchSecret(Secret escapeHatchSecret)

checkEscapeHatch

protected boolean checkEscapeHatch(String username,
                                   String password)

setEscapeHatchGroup

@DataBoundSetter
public void setEscapeHatchGroup(String escapeHatchGroup)

setOverrideScopesDefined

@DataBoundSetter
public void setOverrideScopesDefined(boolean overrideScopesDefined)

setOverrideScopes

@DataBoundSetter
public void setOverrideScopes(String overrideScopes)

setRootURLFromRequest

@DataBoundSetter
public void setRootURLFromRequest(boolean rootURLFromRequest)

setSendScopesInTokenRequest

@DataBoundSetter
public void setSendScopesInTokenRequest(boolean sendScopesInTokenRequest)

setPkceEnabled

@DataBoundSetter
public void setPkceEnabled(boolean pkceEnabled)

setDisableTokenVerification

@DataBoundSetter
public void setDisableTokenVerification(boolean disableTokenVerification)

setNonceDisabled

@DataBoundSetter
public void setNonceDisabled(boolean nonceDisabled)

getLoginUrl

public String getLoginUrl()

Overrides:

getLoginUrl in class SecurityRealm

getAuthenticationGatewayUrl

public String getAuthenticationGatewayUrl()

Overrides:

getAuthenticationGatewayUrl in class SecurityRealm

createSecurityComponents

public SecurityRealm.SecurityComponents createSecurityComponents()

Specified by:

createSecurityComponents in class SecurityRealm

buildAuthorizationCodeFlow

protected com.google.api.client.auth.oauth2.AuthorizationCodeFlow buildAuthorizationCodeFlow()

Build authorization code flow

getValidRedirectUrl

protected String getValidRedirectUrl(String url)

doCommenceLogin

@Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class)
public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter
                                                        String from,
                                                        @Header("Referer")
                                                        String referer)

Handles the the securityRealm/commenceLogin resource and sends the user off to the IdP

Parameters:

from - the relative URL to the page that the user has just come from

referer - the HTTP referer header (where to redirect the user back to after login has finished)

Returns:

an HttpResponse object

getStringField

protected String getStringField(Object object,
                                io.burt.jmespath.Expression<Object> fieldExpr)

doLogout

@Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class)
public void doLogout(org.kohsuke.stapler.StaplerRequest req,
                     org.kohsuke.stapler.StaplerResponse rsp)
              throws IOException,
                     javax.servlet.ServletException

Overrides:

doLogout in class SecurityRealm

Throws:

IOException

javax.servlet.ServletException

getPostLogOutUrl2

public String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest req,
                                org.springframework.security.core.Authentication auth)

Overrides:

getPostLogOutUrl2 in class SecurityRealm

doFinishLogin

public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
                                               throws IOException

This is where the user comes back to at the end of the OpenID redirect ping-pong.

Parameters:

request - The user's request

Returns:

an HttpResponse

Throws:

IOException