java.lang.Object
- hudson.model.AbstractDescribableImpl<SecurityRealm>
- - hudson.security.SecurityRealm
  - - org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm

All Implemented Interfaces:

ExtensionPoint, Describable<SecurityRealm>, Serializable
```
public class OpenShiftOAuth2SecurityRealm
extends SecurityRealm
implements Serializable
```
Login with OpenShift using OpenID Connect / OAuth 2

See Also:

Serialized Form

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class OpenShiftOAuth2SecurityRealm.DescriptorImpl
- Nested classes/interfaces inherited from class hudson.security.SecurityRealm
  SecurityRealm.SecurityComponents
- Nested classes/interfaces inherited from interface hudson.ExtensionPoint
  ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields
Modifier and Type Field Description

static String DEFAULT_SVC_ACCT_DIR

static String OAUTH_ACCESS_TOKEN_NAME

static String SECURITY_REALM_FINISH_LOGIN
- Fields inherited from class hudson.security.SecurityRealm
  AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors
Constructor	Description
`OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory, String serviceAccountName, String serverPrefix, String clientId, String clientSecret, String redirectURL)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`String`	`buildOAuthRedirectUrl(String redirect)`
`SecurityRealm.SecurityComponents`	`createSecurityComponents()`	Acegi has this notion that first an `Authentication` object is created by collecting user information and then the act of authentication is done later (by `AuthenticationManager`) to verify it.
`protected void`	`deleteOauthAccessToken(String oAuthAccessToken)`
`org.kohsuke.stapler.HttpResponse`	`doCommenceLogin(String from, String referer)`	The login process starts from here.
`org.kohsuke.stapler.HttpResponse`	`doFinishLogin(org.kohsuke.stapler.StaplerRequest request)`	This is where the user comes back to at the end of the OpenID redirect ping-pong.
`void`	`doLogout(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse resp)`
`String`	`getClientId()`
`Secret`	`getClientSecret()`
`String`	`getDefaultedClientId()`
`Secret`	`getDefaultedClientSecret()`
`String`	`getDefaultedNamespace()`
`String`	`getDefaultedRedirectURL()`
`String`	`getDefaultedServerPrefix()`
`String`	`getDefaultedServiceAccountDirectory()`
`String`	`getDefaultedServiceAccountName()`
`String`	`getLoginUrl()`	Login begins with our `doCommenceLogin(String,String)` method.
`protected String`	`getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req, Authentication auth)`
`String`	`getRedirectURL()`
`String`	`getServerPrefix()`
`String`	`getServiceAccountDirectory()`
`String`	`getServiceAccountName()`
`org.kohsuke.stapler.HttpResponse`	`loggedOut(String from, String referer)`	the method pointed by LOGGED_OUT.
`protected OAuthSession`	`newOAuthSession(String from, String redirectOnFinish)`
`static String`	`tokenToObjectName(String code)`
`UsernamePasswordAuthenticationToken`	`updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- OAUTH_ACCESS_TOKEN_NAME
```
public static final String OAUTH_ACCESS_TOKEN_NAME
```
  See Also:
  
  Constant Field Values
- SECURITY_REALM_FINISH_LOGIN
```
public static final String SECURITY_REALM_FINISH_LOGIN
```
  See Also:
  
  Constant Field Values
- DEFAULT_SVC_ACCT_DIR
```
public static final String DEFAULT_SVC_ACCT_DIR
```
  See Also:
  
  Constant Field Values

Constructor Detail

OpenShiftOAuth2SecurityRealm

@DataBoundConstructor
public OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory,
                                    String serviceAccountName,
                                    String serverPrefix,
                                    String clientId,
                                    String clientSecret,
                                    String redirectURL)
                             throws IOException,
                                    GeneralSecurityException

Throws:: IOException; GeneralSecurityException

Method Detail

getServiceAccountDirectory

public String getServiceAccountDirectory()

getDefaultedServiceAccountDirectory

public String getDefaultedServiceAccountDirectory()

getServiceAccountName
```
public String getServiceAccountName()
```

getDefaultedServiceAccountName

public String getDefaultedServiceAccountName()

getServerPrefix
```
public String getServerPrefix()
```

getDefaultedServerPrefix

public String getDefaultedServerPrefix()

getRedirectURL
```
public String getRedirectURL()
```

getDefaultedRedirectURL

public String getDefaultedRedirectURL()

getClientId
```
public String getClientId()
```

getDefaultedClientId
```
public String getDefaultedClientId()
```

getClientSecret
```
public Secret getClientSecret()
```

getDefaultedClientSecret

public Secret getDefaultedClientSecret()

getDefaultedNamespace
```
public String getDefaultedNamespace()
```

getLoginUrl
```
public String getLoginUrl()
```
Login begins with our doCommenceLogin(String,String) method.

Overrides:

getLoginUrl in class SecurityRealm

createSecurityComponents
```
public SecurityRealm.SecurityComponents createSecurityComponents()
```
Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it. But in case of OpenID, we create an Authentication only after we verified the user identity, so AuthenticationManager becomes no-op.

Specified by:

createSecurityComponents in class SecurityRealm

newOAuthSession

protected OAuthSession newOAuthSession(String from,
                                       String redirectOnFinish)
                                throws MalformedURLException

Throws:: MalformedURLException

updateAuthorizationStrategy

public UsernamePasswordAuthenticationToken updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential)
                                                                throws IOException,
                                                                       GeneralSecurityException

Throws:: IOException; GeneralSecurityException

loggedOut

public org.kohsuke.stapler.HttpResponse loggedOut(@QueryParameter
                                                  String from,
                                                  @Header("Referer")
                                                  String referer)

the method pointed by LOGGED_OUT.

doCommenceLogin

public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter
                                                        String from,
                                                        @Header("Referer")
                                                        String referer)
                                                 throws IOException

The login process starts from here.

Throws:: IOException

buildOAuthRedirectUrl

public String buildOAuthRedirectUrl(String redirect)
                             throws MalformedURLException

Throws:: MalformedURLException

doFinishLogin

public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
                                               throws IOException

This is where the user comes back to at the end of the OpenID redirect ping-pong.

Throws:: IOException

doLogout

public void doLogout(org.kohsuke.stapler.StaplerRequest req,
                     org.kohsuke.stapler.StaplerResponse resp)
              throws IOException,
                     javax.servlet.ServletException

Overrides:: doLogout in class SecurityRealm
Throws:: IOException; javax.servlet.ServletException

getPostLogOutUrl

protected String getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req,
                                  Authentication auth)

Overrides:: getPostLogOutUrl in class SecurityRealm

tokenToObjectName
```
public static String tokenToObjectName(String code)
```
Parameters:

code -

Returns:

the computed access token name on the openshift side

deleteOauthAccessToken

protected void deleteOauthAccessToken(String oAuthAccessToken)

Modifier and Type	Field	Description
`static String`	`DEFAULT_SVC_ACCT_DIR`
`static String`	`OAUTH_ACCESS_TOKEN_NAME`
`static String`	`SECURITY_REALM_FINISH_LOGIN`

Class OpenShiftOAuth2SecurityRealm

Nested Class Summary

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

Field Summary

Fields inherited from class hudson.security.SecurityRealm

Constructor Summary

Method Summary

Methods inherited from class hudson.security.SecurityRealm

Methods inherited from class java.lang.Object

Field Detail

OAUTH_ACCESS_TOKEN_NAME

SECURITY_REALM_FINISH_LOGIN

DEFAULT_SVC_ACCT_DIR

Constructor Detail

OpenShiftOAuth2SecurityRealm

Method Detail

getServiceAccountDirectory

getDefaultedServiceAccountDirectory

getServiceAccountName

getDefaultedServiceAccountName

getServerPrefix

getDefaultedServerPrefix

getRedirectURL

getDefaultedRedirectURL

getClientId

getDefaultedClientId

getClientSecret

getDefaultedClientSecret

getDefaultedNamespace

getLoginUrl

createSecurityComponents

newOAuthSession

updateAuthorizationStrategy

loggedOut

doCommenceLogin

buildOAuthRedirectUrl

doFinishLogin

doLogout

getPostLogOutUrl

tokenToObjectName

deleteOauthAccessToken