Package org.jenkinsci.plugins.reverse_proxy_auth

Class ReverseProxySecurityRealm

java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm
All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>
public class ReverseProxySecurityRealm extends SecurityRealm
Author:
Kohsuke Kawaguchi

  • Field Details

    • forwardedEmail

      public final String forwardedEmail
      The name of the header which the email has to be extracted from.

    • forwardedDisplayName

      public final String forwardedDisplayName
      The name of the header which the display name has to be extracted from.

    • server

      public final String server
      LDAP server name(s) separated by spaces, optionally with TCP port number, like "ldap.acme.org" or "ldap.acme.org:389" and/or with protcol, like "ldap://ldap.acme.org".

    • rootDN

      public final String rootDN
      The root DN to connect to. Normally something like "dc=sun,dc=com"

      How do I infer this?

    • inhibitInferRootDN

      public final boolean inhibitInferRootDN
      Allow the rootDN to be inferred? Default is false. If true, allow rootDN to be blank.

    • userSearchBase

      public final String userSearchBase
      Specifies the relative DN from the root DN. This is used to narrow down the search space when doing user search.

      Something like "ou=people" but can be empty.

    • userSearch

      public final String userSearch
      Query to locate an entry that identifies the user, given the user name string.

      Normally "uid={0}"

      See Also:
      • FilterBasedLdapUserSearch

    • groupSearchBase

      public final String groupSearchBase
      This defines the organizational unit that contains groups.

      Normally "" to indicate the full LDAP search, but can be often narrowed down to something like "ou=groups"

      See Also:
      • FilterBasedLdapUserSearch

    • groupSearchFilter

      public final String groupSearchFilter
      Query to locate an entry that identifies the group, given the group name string. If non-null it will override the default specified by GROUP_SEARCH
      Since:
      1.5

    • groupMembershipFilter

      public final String groupMembershipFilter
      Query to locate the group entries that a user belongs to, given the user object. {0} is the user's full DN while {1} is the username.

    • groupNameAttribute

      public String groupNameAttribute
      Attribute that should be used instead of CN as name to match a users group name to the groupSearchFilter name. When groupSearchFilter is set to search for a field other than CN e.g. GroupDisplayName={0} here you can configure that this ( GroupDisplayName) or another field should be used when looking for a users groups.

    • managerDN

      public final String managerDN
      If non-null, we use this and managerPasswordSecret when binding to LDAP.

      This is necessary when LDAP doesn't support anonymous access.

    • updateInterval

      public final int updateInterval
      Sets an interval for updating the LDAP authorities. The interval is specified in minutes.

    • authorities

      public transient Collection<? extends org.springframework.security.core.GrantedAuthority> authorities
      The authorities that are granted to the authenticated user. It is not necessary, that the authorities will be stored in the config.xml, they blow up the config.xml

    • forwardedUser

      @CheckForNull public final String forwardedUser
      The name of the header which the username has to be extracted from.

    • retrievedUser

      public String retrievedUser
      The username retrieved from the header field, which is represented by the forwardedUser attribute.

    • headerGroups

      public final String headerGroups
      Header name of the groups field.

    • headerGroupsDelimiter

      public final String headerGroupsDelimiter
      Header name of the groups delimiter field.

    • disableLdapEmailResolver

      public final boolean disableLdapEmailResolver

    • customLogInUrl

      public final String customLogInUrl
      Custom post logout url

    • customLogOutUrl

      public final String customLogOutUrl

  • Constructor Details

    • ReverseProxySecurityRealm

      @DataBoundConstructor public ReverseProxySecurityRealm(String forwardedUser, String forwardedEmail, String forwardedDisplayName, String headerGroups, String headerGroupsDelimiter, String customLogInUrl, String customLogOutUrl, String server, String rootDN, boolean inhibitInferRootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String groupNameAttribute, String managerDN, Secret managerPassword, Integer updateInterval, boolean disableLdapEmailResolver, String displayNameLdapAttribute, String emailAddressLdapAttribute)

  • Method Details

    • getForwardedUser

      public String getForwardedUser()
      Name of the HTTP header to look at.

    • getHeaderGroups

      public String getHeaderGroups()

    • getHeaderGroupsDelimiter

      public String getHeaderGroupsDelimiter()

    • getServerUrl

      @CheckForNull public String getServerUrl()

    • getGroupSearchFilter

      public String getGroupSearchFilter()

    • getGroupMembershipFilter

      public String getGroupMembershipFilter()

    • getGroupNameAttribute

      public String getGroupNameAttribute()

    • setGroupNameAttribute

      public void setGroupNameAttribute(String groupNameAttribute)

    • getDisplayNameLdapAttribute

      public String getDisplayNameLdapAttribute()

    • getEmailAddressLdapAttribute

      public String getEmailAddressLdapAttribute()

    • readResolve

      protected Object readResolve()

    • toProviderUrl

      @Nullable public static String toProviderUrl(@CheckForNull String serverUrl, @CheckForNull String rootDN)

    • getManagerPassword

      public Secret getManagerPassword()

    • getUpdateInterval

      public int getUpdateInterval()

    • getLDAPURL

      public String getLDAPURL()

    • createFilter

      public jakarta.servlet.Filter createFilter(jakarta.servlet.FilterConfig filterConfig)
      Overrides:
      createFilter in class SecurityRealm

    • canLogOut

      public boolean canLogOut()
      Overrides:
      canLogOut in class SecurityRealm

    • getPostLogOutUrl2

      public String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest2 req, org.springframework.security.core.Authentication auth)
      Overrides:
      getPostLogOutUrl2 in class SecurityRealm

    • createSecurityComponents

      public SecurityRealm.SecurityComponents createSecurityComponents() throws DataAccessException
      Specified by:
      createSecurityComponents in class SecurityRealm
      Throws:
      DataAccessException

    • loadUserByUsername2

      public org.springframework.security.core.userdetails.UserDetails loadUserByUsername2(String username) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Overrides:
      loadUserByUsername2 in class SecurityRealm
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException

    • updateLdapUserDetails

      public org.springframework.security.ldap.userdetails.LdapUserDetails updateLdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails d, @CheckForNull org.springframework.security.ldap.search.LdapUserSearch ldapUserSearch)

    • loadGroupByGroupname2

      public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      Overrides:
      loadGroupByGroupname2 in class SecurityRealm
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException