@Override protected UserDetails authenticate(String username, String password) throws AuthenticationException { try { Set<String> grps = NativeUtils.getInstance().pamAuthenticate(serviceName, username, password); List<GrantedAuthority> groups = new ArrayList<GrantedAuthority>(); for (String g : grps) { groups.add(new GrantedAuthorityImpl(g)); } groups.add(AUTHENTICATED_AUTHORITY); EnvVars.setHudsonUserEnvVar(username); return new User(username, "", true, true, true, true, groups); } catch (NativeAccessException exc) { throw new BadCredentialsException(exc.getMessage(), exc); } }
/** * Authenticate a login attempt. * This method is the heart of a {@link AbstractPasswordBasedSecurityRealm}. * <p/> * <p/> * If the user name and the password pair matches, retrieve the information about this user and * return it as a {@link UserDetails} object. {@link org.acegisecurity.userdetails.User} is a convenient * implementation to use, but if your backend offers additional data, you may want to use your own subtype * so that the rest of Hudson can use those additional information (such as e-mail address --- see * {@link MailAddressResolver}.) * <p/> * <p/> * Properties like {@link UserDetails#getPassword()} make no sense, so just return an empty value from it. * The only information that you need to pay real attention is {@link UserDetails#getAuthorities()}, which * is a list of roles/groups that the user is in. At minimum, this must contain {@link #AUTHENTICATED_AUTHORITY} * (which indicates that this user is authenticated and not anonymous), but if your backend supports a notion * of groups, you should make sure that the authorities contain one entry per one group. This enables * users to control authorization based on groups. * <p/> * <p/> * If the user name and the password pair doesn't match, throw {@link AuthenticationException} to reject the login * attempt. * If authentication was successful - HUDSON_USER environment variable will be set * <a href='http://issues.hudson-ci.org/browse/HUDSON-4463'>HUDSON-4463</a> */ protected UserDetails doAuthenticate(String username, String password) throws AuthenticationException { UserDetails userDetails = authenticate(username, password); EnvVars.setHudsonUserEnvVar(userDetails.getUsername()); return userDetails; }
/** * Authenticate a login attempt. * This method is the heart of a {@link AbstractPasswordBasedSecurityRealm}. * <p/> * <p/> * If the user name and the password pair matches, retrieve the information about this user and * return it as a {@link UserDetails} object. {@link org.acegisecurity.userdetails.User} is a convenient * implementation to use, but if your backend offers additional data, you may want to use your own subtype * so that the rest of Hudson can use those additional information (such as e-mail address --- see * {@link MailAddressResolver}.) * <p/> * <p/> * Properties like {@link UserDetails#getPassword()} make no sense, so just return an empty value from it. * The only information that you need to pay real attention is {@link UserDetails#getAuthorities()}, which * is a list of roles/groups that the user is in. At minimum, this must contain {@link #AUTHENTICATED_AUTHORITY} * (which indicates that this user is authenticated and not anonymous), but if your backend supports a notion * of groups, you should make sure that the authorities contain one entry per one group. This enables * users to control authorization based on groups. * <p/> * <p/> * If the user name and the password pair doesn't match, throw {@link AuthenticationException} to reject the login * attempt. * If authentication was successful - HUDSON_USER environment variable will be set * <a href='http://issues.hudson-ci.org/browse/HUDSON-4463'>HUDSON-4463</a> */ protected UserDetails doAuthenticate(String username, String password) throws AuthenticationException { UserDetails userDetails = authenticate(username, password); EnvVars.setHudsonUserEnvVar(userDetails.getUsername()); return userDetails; }
/** * Authenticate a login attempt. * This method is the heart of a {@link AbstractPasswordBasedSecurityRealm}. * <p/> * <p/> * If the user name and the password pair matches, retrieve the information about this user and * return it as a {@link UserDetails} object. {@link org.springframework.security.userdetails.User} is a convenient * implementation to use, but if your backend offers additional data, you may want to use your own subtype * so that the rest of Hudson can use those additional information (such as e-mail address --- see * {@link MailAddressResolver}.) * <p/> * <p/> * Properties like {@link UserDetails#getPassword()} make no sense, so just return an empty value from it. * The only information that you need to pay real attention is {@link UserDetails#getAuthorities()}, which * is a list of roles/groups that the user is in. At minimum, this must contain {@link #AUTHENTICATED_AUTHORITY} * (which indicates that this user is authenticated and not anonymous), but if your backend supports a notion * of groups, you should make sure that the authorities contain one entry per one group. This enables * users to control authorization based on groups. * <p/> * <p/> * If the user name and the password pair doesn't match, throw {@link AuthenticationException} to reject the login * attempt. * If authentication was successful - HUDSON_USER environment variable will be set * <a href='http://issues.hudson-ci.org/browse/HUDSON-4463'>HUDSON-4463</a> */ protected UserDetails doAuthenticate(String username, String password) throws AuthenticationException { UserDetails userDetails = authenticate(username, password); EnvVars.setHudsonUserEnvVar(userDetails.getUsername()); return userDetails; }
EnvVars.setHudsonUserEnvVar(userDetails.getUsername()); return userDetails;
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { Set<String> grps = NativeUtils.getInstance().pamAuthenticate(serviceName, username, password); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i = 0; for (String g : grps) { groups[i++] = new GrantedAuthorityImpl(g); } EnvVars.setHudsonUserEnvVar(username); // I never understood why Spring Security insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (NativeAccessException exc) { throw new BadCredentialsException(exc.getMessage(), exc); } }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { UnixUser u = new PAM(serviceName).authenticate(username, password); Set<String> grps = u.getGroups(); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i=0; for (String g : grps) groups[i++] = new GrantedAuthorityImpl(g); EnvVars.setHudsonUserEnvVar(username); // I never understood why Acegi insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (PAMException e) { throw new BadCredentialsException(e.getMessage(),e); } }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); try { UnixUser u = new PAM(serviceName).authenticate(username, password); Set<String> grps = u.getGroups(); GrantedAuthority[] groups = new GrantedAuthority[grps.size()]; int i=0; for (String g : grps) groups[i++] = new GrantedAuthorityImpl(g); EnvVars.setHudsonUserEnvVar(username); // I never understood why Acegi insists on keeping the password... return new UsernamePasswordAuthenticationToken(username, password, groups); } catch (PAMException e) { throw new BadCredentialsException(e.getMessage(),e); } }