JavaNetSecurityRealm.java

package hudson.plugins.javanet_realm;

import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.User;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.jnt.JavaNet;
import org.kohsuke.jnt.JavaNetRealm;
import org.kohsuke.jnt.ProcessingException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.springframework.dao.DataAccessException;

import java.io.File;
import java.io.IOException;

/**
 * {@link SecurityRealm} that talks to java.net.
 *
 * @author Kohsuke Kawaguchi
 */
public class JavaNetSecurityRealm extends AbstractPasswordBasedSecurityRealm {
    public final String project;

    private transient JavaNetRealm realm;

    @DataBoundConstructor
    public JavaNetSecurityRealm(String project) {
        this.project = Util.fixEmpty(project);
        readResolve();  // initialize
    }

    private Object readResolve() {
        realm = new JavaNetRealm(new File(Hudson.getInstance().getRootDir(),"java.net-realm/"+ project)) {
            @Override
            protected boolean authenticateConnection(JavaNet con) throws ProcessingException {
                if (project==null)  return true;
                return con.getMyself().getMyProjects().contains(con.getProject(project));
            }
        };
        return this;
    }

    @Override
    protected UserDetails authenticate(String username, String password) throws AuthenticationException {
        try {
            if (realm.authenticate(username,password))
                return loadUserByUsername(username);
            else
            if (project==null)
                throw new BadCredentialsException("Not a valid user");
            else
                throw new BadCredentialsException("Either not a valid user or you are not a "+project+" committer");
        } catch (IOException e) {
            throw new AuthenticationServiceException("Failed to authenticate",e);
        }
    }

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
        return new User(userName,"",true,true,true,true,new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
    }

    @Override
    public GroupDetails loadGroupByGroupname(String groupName) throws UsernameNotFoundException, DataAccessException {
        throw new UsernameNotFoundException(groupName);
    }

    @Extension
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        @Override
        public String getDisplayName() {
            return "Authenticate java.net users";
        }
    }
}