Package org.openshift.jenkins.plugins.openshiftlogin

Class OpenShiftOAuth2SecurityRealm

java.lang.Object

hudson.model.AbstractDescribableImpl<SecurityRealm>

hudson.security.SecurityRealm

org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm

All Implemented Interfaces:

ExtensionPoint, Describable<SecurityRealm>, Serializable

public class OpenShiftOAuth2SecurityRealm
extends SecurityRealm
implements Serializable

Login with OpenShift using OpenID Connect / OAuth 2

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	OpenShiftOAuth2SecurityRealm.DescriptorImpl

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

SecurityRealm.SecurityComponents

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_SVC_ACCT_DIR
static final String	OAUTH_ACCESS_TOKEN_NAME
static final String	SECURITY_REALM_FINISH_LOGIN

Fields inherited from class hudson.security.SecurityRealm

AUTHENTICATED_AUTHORITY, AUTHENTICATED_AUTHORITY2, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors

Constructor	Description
OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory, String serviceAccountName, String serverPrefix, String clientId, String clientSecret, String redirectURL)

Method Summary

Modifier and Type	Method	Description
String	buildOAuthRedirectUrl(String redirect)
SecurityRealm.SecurityComponents	createSecurityComponents()	Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it.
protected void	deleteOauthAccessToken(String oAuthAccessToken)
org.kohsuke.stapler.HttpResponse	doCommenceLogin(String from, String referer)	The login process starts from here.
org.kohsuke.stapler.HttpResponse	doFinishLogin(org.kohsuke.stapler.StaplerRequest request)	This is where the user comes back to at the end of the OpenID redirect ping-pong.
void	doLogout(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse resp)
String	getClientId()
Secret	getClientSecret()
String	getDefaultedClientId()
Secret	getDefaultedClientSecret()
String	getDefaultedNamespace()
String	getDefaultedRedirectURL()
String	getDefaultedServerPrefix()
String	getDefaultedServiceAccountDirectory()
String	getDefaultedServiceAccountName()
String	getLoginUrl()	Login begins with our doCommenceLogin(String,String) method.
protected String	getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req, Authentication auth)
String	getRedirectURL()
String	getServerPrefix()
String	getServiceAccountDirectory()
String	getServiceAccountName()
org.kohsuke.stapler.HttpResponse	loggedOut(String from, String referer)	the method pointed by LOGGED_OUT.
protected OAuthSession	newOAuthSession(String from, String redirectOnFinish)
static String	tokenToObjectName(String code)
UsernamePasswordAuthenticationToken	updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential)

Methods inherited from class hudson.security.SecurityRealm

all, allowsSignup, canLogOut, commenceSignup, commonFilters, createCliAuthenticator, createFilter, createFilter, doCaptcha, doLogout, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getFrom, getGroupIdStrategy, getPostLogOutUrl2, getPostLogOutUrl2, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, loadGroupByGroupname, loadGroupByGroupname2, loadUserByUsername, loadUserByUsername2, setCaptchaSupport, validateCaptcha

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

OAUTH_ACCESS_TOKEN_NAME

public static final String OAUTH_ACCESS_TOKEN_NAME

See Also:

• Constant Field Values

SECURITY_REALM_FINISH_LOGIN

public static final String SECURITY_REALM_FINISH_LOGIN

See Also:

• Constant Field Values

DEFAULT_SVC_ACCT_DIR

public static final String DEFAULT_SVC_ACCT_DIR

See Also:

• Constant Field Values

Constructor Details

OpenShiftOAuth2SecurityRealm

@DataBoundConstructor
public OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory,
 String serviceAccountName,
 String serverPrefix,
 String clientId,
 String clientSecret,
 String redirectURL)
                             throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

Method Details

getServiceAccountDirectory

public String getServiceAccountDirectory()

getDefaultedServiceAccountDirectory

public String getDefaultedServiceAccountDirectory()

getServiceAccountName

public String getServiceAccountName()

getDefaultedServiceAccountName

public String getDefaultedServiceAccountName()

getServerPrefix

public String getServerPrefix()

getDefaultedServerPrefix

public String getDefaultedServerPrefix()

getRedirectURL

public String getRedirectURL()

getDefaultedRedirectURL

public String getDefaultedRedirectURL()

getClientId

public String getClientId()

getDefaultedClientId

public String getDefaultedClientId()

getClientSecret

public Secret getClientSecret()

getDefaultedClientSecret

public Secret getDefaultedClientSecret()

getDefaultedNamespace

public String getDefaultedNamespace()

getLoginUrl

public String getLoginUrl()

Login begins with our doCommenceLogin(String,String) method.

Overrides:

getLoginUrl in class SecurityRealm

createSecurityComponents

public SecurityRealm.SecurityComponents createSecurityComponents()

Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it. But in case of OpenID, we create an Authentication only after we verified the user identity, so AuthenticationManager becomes no-op.

Specified by:

createSecurityComponents in class SecurityRealm

newOAuthSession

protected OAuthSession newOAuthSession(String from,
 String redirectOnFinish)
                                throws MalformedURLException

Throws:

MalformedURLException

updateAuthorizationStrategy

public UsernamePasswordAuthenticationToken updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential)
                                                                throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

loggedOut

public org.kohsuke.stapler.HttpResponse loggedOut(@QueryParameter
 String from,
 @Header("Referer")
 String referer)

the method pointed by LOGGED_OUT.

doCommenceLogin

public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter
 String from,
 @Header("Referer")
 String referer)
                                                 throws IOException

The login process starts from here.

Throws:

IOException

buildOAuthRedirectUrl

public String buildOAuthRedirectUrl(String redirect)
                             throws MalformedURLException

Throws:

MalformedURLException

doFinishLogin

public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
                                               throws IOException

This is where the user comes back to at the end of the OpenID redirect ping-pong.

Throws:

IOException

doLogout

public void doLogout(org.kohsuke.stapler.StaplerRequest req,
 org.kohsuke.stapler.StaplerResponse resp)
              throws IOException,
javax.servlet.ServletException

Overrides:

doLogout in class SecurityRealm

Throws:

IOException

javax.servlet.ServletException

getPostLogOutUrl

protected String getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req,
 Authentication auth)

Overrides:

getPostLogOutUrl in class SecurityRealm

tokenToObjectName

public static String tokenToObjectName(String code)

Parameters:

code -

Returns:

the computed access token name on the openshift side

deleteOauthAccessToken

protected void deleteOauthAccessToken(String oAuthAccessToken)