Class OpenShiftOAuth2SecurityRealm
java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm
- All Implemented Interfaces:
ExtensionPoint
,Describable<SecurityRealm>
,Serializable
Login with OpenShift using OpenID Connect / OAuth 2
- See Also:
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class hudson.security.SecurityRealm
SecurityRealm.SecurityComponents
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
Field Summary
FieldsFields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbuildOAuthRedirectUrl
(String redirect) Acegi has this notion that first anAuthentication
object is created by collecting user information and then the act of authentication is done later (byAuthenticationManager
) to verify it.protected void
deleteOauthAccessToken
(String oAuthAccessToken) org.kohsuke.stapler.HttpResponse
doCommenceLogin
(String from, String referer) The login process starts from here.org.kohsuke.stapler.HttpResponse
doFinishLogin
(org.kohsuke.stapler.StaplerRequest request) This is where the user comes back to at the end of the OpenID redirect ping-pong.void
doLogout
(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse resp) Login begins with ourdoCommenceLogin(String,String)
method.protected String
getPostLogOutUrl
(org.kohsuke.stapler.StaplerRequest req, Authentication auth) org.kohsuke.stapler.HttpResponse
the method pointed by LOGGED_OUT.protected OAuthSession
newOAuthSession
(String from, String redirectOnFinish) static String
tokenToObjectName
(String code) updateAuthorizationStrategy
(com.google.api.client.auth.oauth2.Credential credential) Methods inherited from class hudson.security.SecurityRealm
all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getPostLogOutUrl2, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, loadGroupByGroupname, loadGroupByGroupname2, loadUserByUsername, loadUserByUsername2, setCaptchaSupport, validateCaptcha
-
Field Details
-
OAUTH_ACCESS_TOKEN_NAME
- See Also:
-
SECURITY_REALM_FINISH_LOGIN
- See Also:
-
DEFAULT_SVC_ACCT_DIR
- See Also:
-
-
Constructor Details
-
OpenShiftOAuth2SecurityRealm
@DataBoundConstructor public OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory, String serviceAccountName, String serverPrefix, String clientId, String clientSecret, String redirectURL) throws IOException, GeneralSecurityException - Throws:
IOException
GeneralSecurityException
-
-
Method Details
-
getServiceAccountDirectory
-
getDefaultedServiceAccountDirectory
-
getServiceAccountName
-
getDefaultedServiceAccountName
-
getServerPrefix
-
getDefaultedServerPrefix
-
getRedirectURL
-
getDefaultedRedirectURL
-
getClientId
-
getDefaultedClientId
-
getClientSecret
-
getDefaultedClientSecret
-
getDefaultedNamespace
-
getLoginUrl
Login begins with ourdoCommenceLogin(String,String)
method.- Overrides:
getLoginUrl
in classSecurityRealm
-
createSecurityComponents
Acegi has this notion that first anAuthentication
object is created by collecting user information and then the act of authentication is done later (byAuthenticationManager
) to verify it. But in case of OpenID, we create anAuthentication
only after we verified the user identity, soAuthenticationManager
becomes no-op.- Specified by:
createSecurityComponents
in classSecurityRealm
-
newOAuthSession
protected OAuthSession newOAuthSession(String from, String redirectOnFinish) throws MalformedURLException - Throws:
MalformedURLException
-
updateAuthorizationStrategy
public UsernamePasswordAuthenticationToken updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential) throws IOException, GeneralSecurityException - Throws:
IOException
GeneralSecurityException
-
loggedOut
public org.kohsuke.stapler.HttpResponse loggedOut(@QueryParameter String from, @Header("Referer") String referer) the method pointed by LOGGED_OUT. -
doCommenceLogin
public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter String from, @Header("Referer") String referer) throws IOException The login process starts from here.- Throws:
IOException
-
buildOAuthRedirectUrl
- Throws:
MalformedURLException
-
doFinishLogin
public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request) throws IOException This is where the user comes back to at the end of the OpenID redirect ping-pong.- Throws:
IOException
-
doLogout
public void doLogout(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse resp) throws IOException, javax.servlet.ServletException - Overrides:
doLogout
in classSecurityRealm
- Throws:
IOException
javax.servlet.ServletException
-
getPostLogOutUrl
- Overrides:
getPostLogOutUrl
in classSecurityRealm
-
tokenToObjectName
- Parameters:
code
-- Returns:
- the computed access token name on the openshift side
-
deleteOauthAccessToken
-