LegacySecurityRealm.java example

Explorer
hudson.core-master
/*******************************************************************************
 *
 * Copyright (c) 2004-2009 Oracle Corporation.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *
 *  Kohsuke Kawaguchi, Seiji Sogabe, Winston Prakash
 *
 *******************************************************************************/ 

package hudson.security;

import org.kohsuke.stapler.StaplerRequest;
import hudson.model.Descriptor;
import hudson.Extension;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import net.sf.json.JSONObject;

import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/**
 * {@link SecurityRealm} that accepts {@link ContainerAuthentication} object
 * without any check (that is, by assuming that the such token is already
 * authenticated by the container.)
 *
 * @author Kohsuke Kawaguchi
 */
public final class LegacySecurityRealm extends SecurityRealm implements AuthenticationManager {

    public SecurityComponents createSecurityComponents() {
        return new SecurityComponents(this);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (authentication instanceof ContainerAuthentication) {
            return authentication;
        } else {
            return null;
        }
    }

    /**
     * To have the username/password authenticated by the container, submit the
     * form to the URL defined by the servlet spec.
     */
    @Override
    public String getAuthenticationGatewayUrl() {
        return "j_security_check";
    }

    @Override
    public String getLoginUrl() {
        return "loginEntry";
    }

    /**
     * Filter to run for the LegacySecurityRealm is the ChainServletFilter
     */
    @Override
    public Filter createFilter(FilterConfig filterConfig) {

        // this filter set up is used to emulate the legacy Hudson behavior
        // of container authentication before 1.160 

        // when using container-authentication we can't hit /login directly.
        // we first have to hit protected /loginEntry, then let the container
        // trap that into /login.

        List<Filter> filters = new ArrayList<Filter>();
        BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter();
        filters.add(basicAuthenticationFilter);

        filters.addAll(Arrays.asList(getCommonFilters()));

        return new ChainedServletFilter(filters);

    }
    @Extension
    public static final Descriptor<SecurityRealm> DESCRIPTOR = new Descriptor<SecurityRealm>() {
        public SecurityRealm newInstance(StaplerRequest req, JSONObject formData) throws FormException {
            return new LegacySecurityRealm();
        }

        public String getDisplayName() {
            return Messages.LegacySecurityRealm_Displayname();
        }

        public String getHelpFile() {
            return "/help/security/container-realm.html";
        }
    };
}