@Override public boolean isEnabled() { // this feature is only when HudsonPrivateSecurityRealm is enabled return Jenkins.getInstance().getSecurityRealm() instanceof HudsonPrivateSecurityRealm; }
public String getIconFileName() { if(Jenkins.getInstance().getSecurityRealm() instanceof HudsonPrivateSecurityRealm) return "user.png"; else return null; // not applicable now }
private boolean needsToCreateFirstUser() { return !hasSomeUser() && Jenkins.getInstance().getSecurityRealm() instanceof HudsonPrivateSecurityRealm; }
/** * Sign up for the user account. */ public void doSignup( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { if (getSecurityRealm().allowsSignup()) { req.getView(getSecurityRealm(), "signup.jelly").forward(req, rsp); return; } req.getView(SecurityRealm.class, "signup.jelly").forward(req, rsp); }
@Override public UserDetails call() throws Exception { try { Jenkins jenkins = Jenkins.getInstance(); UserDetails userDetails = jenkins.getSecurityRealm().loadUserByUsername(idOrFullName); if (userDetails == null) { existenceCache.put(this.idOrFullName, Boolean.FALSE); throw new NullPointerException("hudson.security.SecurityRealm should never return null. " + jenkins.getSecurityRealm() + " returned null for idOrFullName='" + idOrFullName + "'"); } existenceCache.put(this.idOrFullName, Boolean.TRUE); return userDetails; } catch (UsernameNotFoundException e) { existenceCache.put(this.idOrFullName, Boolean.FALSE); throw e; } catch (DataAccessException e) { existenceCache.invalidate(this.idOrFullName); throw e; } } }
public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; // this is how we make us available to the rest of Hudson. filterConfig.getServletContext().setAttribute(HudsonFilter.class.getName(),this); try { Jenkins hudson = Jenkins.getInstanceOrNull(); if (hudson != null) { // looks like we are initialized after Hudson came into being. initialize it now. See #3069 LOGGER.fine("Security wasn't initialized; Initializing it..."); SecurityRealm securityRealm = hudson.getSecurityRealm(); reset(securityRealm); LOGGER.fine("securityRealm is " + securityRealm); LOGGER.fine("Security initialized"); } } catch (ExceptionInInitializerError e) { // see HUDSON-4592. In some containers this happens before // WebAppMain.contextInitialized kicks in, which makes // the whole thing fail hard before a nicer error check // in WebAppMain.contextInitialized. So for now, // just report it here, and let the WebAppMain handle the failure gracefully. LOGGER.log(SEVERE, "Failed to initialize Jenkins",e); } }
/** * Returns the {@link jenkins.model.IdStrategy} for use with {@link User} instances. See * {@link hudson.security.SecurityRealm#getUserIdStrategy()} * * @return the {@link jenkins.model.IdStrategy} for use with {@link User} instances. * @since 1.566 */ @Nonnull public static IdStrategy idStrategy() { Jenkins j = Jenkins.get(); SecurityRealm realm = j.getSecurityRealm(); if (realm == null) { return IdStrategy.CASE_INSENSITIVE; } return realm.getUserIdStrategy(); }
private Authentication getUserAuthIfValidMac(String username, String mac, String fullValueStored) { if (!MAC.checkMac(username, mac)) { LOGGER.log(Level.FINE, "Ignoring stored CLI authentication due to MAC mismatch: {0}", fullValueStored); return Jenkins.ANONYMOUS; } try { UserDetails u = Jenkins.get().getSecurityRealm().loadUserByUsername(username); LOGGER.log(Level.FINER, "Loaded stored CLI authentication for {0}", username); return new UsernamePasswordAuthenticationToken(u.getUsername(), "", u.getAuthorities()); } catch (AuthenticationException | DataAccessException e) { //TODO there is no check to be consistent with User.ALLOW_NON_EXISTENT_USER_TO_LOGIN LOGGER.log(Level.FINE, "Stored CLI authentication did not correspond to a valid user: " + username, e); return Jenkins.ANONYMOUS; } }
UserDetails getUserDetailsForImpersonation() throws UsernameNotFoundException { ImpersonatingUserDetailsService userDetailsService = new ImpersonatingUserDetailsService( Jenkins.get().getSecurityRealm().getSecurityComponents().userDetails );
/** * Determines if the security settings seem to match the defaults. Here, we only * really care about and test for HudsonPrivateSecurityRealm and the user setup. * Other settings are irrelevant. */ /*package*/ boolean isUsingSecurityDefaults() { Jenkins j = Jenkins.get(); if (j.getSecurityRealm() instanceof HudsonPrivateSecurityRealm) { HudsonPrivateSecurityRealm securityRealm = (HudsonPrivateSecurityRealm)j.getSecurityRealm(); try { if(securityRealm.getAllUsers().size() == 1) { HudsonPrivateSecurityRealm.Details details = securityRealm.loadUserByUsername(SetupWizard.initialSetupAdminUserName); FilePath iapf = getInitialAdminPasswordFile(); if (iapf.exists()) { if (details.isPasswordCorrect(iapf.readToString().trim())) { return true; } } } } catch(UsernameNotFoundException | IOException | InterruptedException e) { return false; // Not initial security setup if no transitional admin user / password found } } return false; }
public void generateResponse(StaplerRequest req, StaplerResponse rsp, Object node) throws IOException, ServletException { SecurityRealm sr = Jenkins.getInstance().getSecurityRealm(); if (sr.allowsSignup()) { try { sr.commenceSignup(identity).generateResponse(req,rsp,node); return; } catch (UnsupportedOperationException e) { // fall through } } // this security realm doesn't support user registration. // just report an error req.getView(this,"error").forward(req,rsp); } }
@Override public Authentication authenticate(HttpServletRequest req, HttpServletResponse rsp, String username, String password) throws IOException, ServletException { if (DISABLE) return null; UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); authRequest.setDetails(authenticationDetailsSource.buildDetails(req)); try { Authentication a = Jenkins.getInstance().getSecurityRealm().getSecurityComponents().manager.authenticate(authRequest); // Authentication success LOGGER.log(FINER, "Authentication success: {0}", a); return a; } catch (AuthenticationException failed) { // Authentication failed LOGGER.log(FINER, "Authentication request for user: {0} failed: {1}", new Object[]{username,failed}); return null; } }
try { CliAuthenticator authenticator = Jenkins.get().getSecurityRealm().createCliAuthenticator(this); new ClassParser().parse(authenticator, parser);
old = sc.getAuthentication(); CliAuthenticator authenticator = Jenkins.getActiveInstance().getSecurityRealm().createCliAuthenticator(this); sc.setAuthentication(getTransportAuthentication()); new ClassParser().parse(authenticator,p);
if(jenkins.getSecurityRealm() == null || jenkins.getSecurityRealm() == SecurityRealm.NO_AUTHENTICATION) { // this seems very fragile try (BulkChange bc = new BulkChange(jenkins)) { HudsonPrivateSecurityRealm securityRealm = new HudsonPrivateSecurityRealm(false, false, null);
UserDetails u = h.getSecurityRealm().loadUserByUsername(a.getName()); String username = u.getUsername();
/** * Call this method to authenticate the user when you confirmed (via your protocol specific work) that * the current HTTP request indeed owns this identifier. * * <p> * This method will locate the user who owns this identifier, associate the credential with * the current session. IOW, it signs in the user. * * @throws UnclaimedIdentityException * If this identifier is not claimed by anyone. If you just let this exception propagate * to the caller of your "doXyz" method, it will either render an error page or initiate * a user registration session (provided that {@link SecurityRealm} supports that.) */ @SuppressWarnings("ACL.impersonate") @Nonnull public User signin() throws UnclaimedIdentityException { User u = locateUser(); if (u!=null) { // login as this user UserDetails d = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(u.getId()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(d,"",d.getAuthorities()); token.setDetails(d); SecurityContextHolder.getContext().setAuthentication(token); return u; } else { // Unassociated identity. throw new UnclaimedIdentityException(this); } }
HudsonPrivateSecurityRealm securityRealm = (HudsonPrivateSecurityRealm) j.getSecurityRealm();
@Test @ConfiguredWithCode("HeteroDescribable.yml") public void jenkins_abstract_describable_attributes() throws Exception { final Jenkins jenkins = Jenkins.getInstance(); assertTrue(jenkins.getSecurityRealm() instanceof HudsonPrivateSecurityRealm); assertTrue(jenkins.getAuthorizationStrategy() instanceof FullControlOnceLoggedInAuthorizationStrategy); assertFalse(((FullControlOnceLoggedInAuthorizationStrategy) jenkins.getAuthorizationStrategy()).isAllowAnonymousRead()); }
@Test @ConfiguredWithCode("HudsonPrivateSecurityRealmConfiguratorTest.yml") public void configure_local_security_and_admin_user() throws Exception { final Jenkins jenkins = Jenkins.getInstance(); final HudsonPrivateSecurityRealm securityRealm = (HudsonPrivateSecurityRealm) jenkins.getSecurityRealm(); assertFalse(securityRealm.allowsSignup()); final User admin = User.getById("admin", false); assertNotNull(admin); final HudsonPrivateSecurityRealm.Details details = admin.getProperty(HudsonPrivateSecurityRealm.Details.class); assertTrue(details.isPasswordCorrect("1234")); final FullControlOnceLoggedInAuthorizationStrategy authorizationStrategy = (FullControlOnceLoggedInAuthorizationStrategy) jenkins.getAuthorizationStrategy(); assertTrue(authorizationStrategy.isAllowAnonymousRead()); ConfiguratorRegistry registry = ConfiguratorRegistry.get(); ConfigurationContext context = new ConfigurationContext(registry); final Configurator c = context.lookupOrFail(HudsonPrivateSecurityRealm.class); final CNode node = c.describe(securityRealm, context); final Mapping user = node.asMapping().get("users").asSequence().get(0).asMapping(); assertEquals("admin", user.getScalarValue("id")); } }