org.openshift.jenkins.plugins.openshiftlogin

Class OpenShiftOAuth2SecurityRealm

java.lang.Object

hudson.model.AbstractDescribableImpl<hudson.security.SecurityRealm>

hudson.security.SecurityRealm

org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm

All Implemented Interfaces:

hudson.ExtensionPoint, hudson.model.Describable<hudson.security.SecurityRealm>

public class OpenShiftOAuth2SecurityRealm
extends hudson.security.SecurityRealm

Login with OpenShift using OpenID Connect / OAuth 2

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OpenShiftOAuth2SecurityRealm.DescriptorImpl

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

hudson.security.SecurityRealm.SecurityComponents

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

hudson.ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field and Description
static String	SECURITY_REALM_FINISH_LOGIN

Fields inherited from class hudson.security.SecurityRealm

AUTHENTICATED_AUTHORITY, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors

Constructor and Description
OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory, String serviceAccountName, String serverPrefix, String clientId, String clientSecret, String redirectURL)

Method Summary

Modifier and Type	Method and Description
String	buildOAuthRedirectUrl(String redirect)
hudson.security.SecurityRealm.SecurityComponents	createSecurityComponents() Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it.
org.kohsuke.stapler.HttpResponse	doCommenceLogin(String from, String referer) The login process starts from here.
org.kohsuke.stapler.HttpResponse	doFinishLogin(org.kohsuke.stapler.StaplerRequest request) This is where the user comes back to at the end of the OpenID redirect ping-pong.
String	getClientId()
hudson.util.Secret	getClientSecret()
String	getDefaultedClientId()
hudson.util.Secret	getDefaultedClientSecret()
String	getDefaultedNamespace()
String	getDefaultedRedirectURL()
String	getDefaultedServerPrefix()
String	getDefaultedServiceAccountDirectory()
String	getDefaultedServiceAccountName()
String	getLoginUrl() Login begins with our doCommenceLogin(String,String) method.
protected String	getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req, org.acegisecurity.Authentication auth)
String	getRedirectURL()
String	getServerPrefix()
String	getServiceAccountDirectory()
String	getServiceAccountName()
protected OAuthSession	newOAuthSession(String from, String redirectOnFinish)
org.acegisecurity.providers.UsernamePasswordAuthenticationToken	updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential)

Methods inherited from class hudson.security.SecurityRealm

all, allowsSignup, canLogOut, commenceSignup, createCliAuthenticator, createFilter, doCaptcha, doLogout, findBean, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getGroupIdStrategy, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, loadGroupByGroupname, loadUserByUsername, setCaptchaSupport, validateCaptcha

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SECURITY_REALM_FINISH_LOGIN

public static final String SECURITY_REALM_FINISH_LOGIN

See Also:

Constant Field Values

Constructor Detail

OpenShiftOAuth2SecurityRealm

@DataBoundConstructor
public OpenShiftOAuth2SecurityRealm(String serviceAccountDirectory,
                                                          String serviceAccountName,
                                                          String serverPrefix,
                                                          String clientId,
                                                          String clientSecret,
                                                          String redirectURL)
                                                   throws IOException,
                                                          GeneralSecurityException

Throws:

IOException

GeneralSecurityException

Method Detail

getServiceAccountDirectory

public String getServiceAccountDirectory()

getDefaultedServiceAccountDirectory

public String getDefaultedServiceAccountDirectory()

getServiceAccountName

public String getServiceAccountName()

getDefaultedServiceAccountName

public String getDefaultedServiceAccountName()

getServerPrefix

public String getServerPrefix()

getDefaultedServerPrefix

public String getDefaultedServerPrefix()

getRedirectURL

public String getRedirectURL()

getDefaultedRedirectURL

public String getDefaultedRedirectURL()

getClientId

public String getClientId()

getDefaultedClientId

public String getDefaultedClientId()

getClientSecret

public hudson.util.Secret getClientSecret()

getDefaultedClientSecret

public hudson.util.Secret getDefaultedClientSecret()

getDefaultedNamespace

public String getDefaultedNamespace()

getLoginUrl

public String getLoginUrl()

Login begins with our doCommenceLogin(String,String) method.

Overrides:

getLoginUrl in class hudson.security.SecurityRealm

createSecurityComponents

public hudson.security.SecurityRealm.SecurityComponents createSecurityComponents()

Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it. But in case of OpenID, we create an Authentication only after we verified the user identity, so AuthenticationManager becomes no-op.

Specified by:

createSecurityComponents in class hudson.security.SecurityRealm

newOAuthSession

protected OAuthSession newOAuthSession(String from,
                                       String redirectOnFinish)
                                throws MalformedURLException

Throws:

MalformedURLException

updateAuthorizationStrategy

public org.acegisecurity.providers.UsernamePasswordAuthenticationToken updateAuthorizationStrategy(com.google.api.client.auth.oauth2.Credential credential)
                                                                                            throws IOException,
                                                                                                   GeneralSecurityException

Throws:

IOException

GeneralSecurityException

doCommenceLogin

public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter
                                                        String from,
                                                        @Header(value="Referer")
                                                        String referer)
                                                 throws IOException

The login process starts from here.

Throws:

IOException

buildOAuthRedirectUrl

public String buildOAuthRedirectUrl(String redirect)
                             throws MalformedURLException

Throws:

MalformedURLException

doFinishLogin

public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
                                               throws IOException

This is where the user comes back to at the end of the OpenID redirect ping-pong.

Throws:

IOException

getPostLogOutUrl

protected String getPostLogOutUrl(org.kohsuke.stapler.StaplerRequest req,
                                  org.acegisecurity.Authentication auth)

Overrides:

getPostLogOutUrl in class hudson.security.SecurityRealm