/** * Returns a secret key that survives across container start/stop. * <p> * This value is useful for implementing some of the security features. */ public String getSecretKey() { return getSecurityManager().getSecretKey(); }
private static RememberMeServices createRememberMeService(UserDetailsService uds) { // create our default TokenBasedRememberMeServices, which depends on the availability of the secret key TokenBasedRememberMeServices2 rms = new TokenBasedRememberMeServices2(); rms.setUserDetailsService(uds); rms.setKey(HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecretKey()); rms.setParameter("remember_me"); // this is the form field name in login.jelly return rms; } }
@Override public SecurityComponents createSecurityComponents() { // this does all the hard work Authenticator authenticator = new Authenticator(); // these providers apply everywhere RememberMeAuthenticationProvider rememberMeAuthenticationProvider = new RememberMeAuthenticationProvider(); rememberMeAuthenticationProvider.setKey(HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecretKey()); // this doesn't mean we allow anonymous access. // we just authenticate anonymous users as such, // so that later authorization can reject them if so configured AnonymousAuthenticationProvider anonymousAuthenticationProvider = new AnonymousAuthenticationProvider(); anonymousAuthenticationProvider.setKey("anonymous"); AuthenticationProvider[] authenticationProvider = { authenticator, rememberMeAuthenticationProvider, anonymousAuthenticationProvider }; ProviderManager providerManager = new ProviderManager(); providerManager.setProviders(Arrays.asList(authenticationProvider)); return new SecurityComponents(providerManager, this); }
rememberMeAuthenticationProvider.setKey(HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecretKey());