Skip to content
Permalink
Browse files
[JENKINS-11643] RememberMe doesn't work with AD in certain mode.
  • Loading branch information
kohsuke committed Nov 8, 2011
1 parent 87c69c3 commit 00d5f5259c73555192a2808110d66abe73b56eea
Showing 4 changed files with 34 additions and 2 deletions.
@@ -14,6 +14,11 @@
public abstract class AbstractActiveDirectoryAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserDetailsService, GroupDetailsService {
protected abstract UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException;

/**
* Returns true if we can retrieve user just from the name without supplying any credential.
*/
protected abstract boolean canRetrieveUserByName();

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
return retrieveUser(username,null);
}
@@ -103,6 +103,11 @@ protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticati
).updateUserInfo();
}

@Override
protected boolean canRetrieveUserByName() {
return true;
}

private String getTelehoneNumber(IADsUser usr) {
try {
Object t = usr.telephoneNumber();
@@ -12,6 +12,7 @@
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.TokenBasedRememberMeServices2;
import hudson.util.FormValidation;
import hudson.util.Secret;
import hudson.util.spring.BeanBuilder;
@@ -39,11 +40,13 @@
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
@@ -125,7 +128,21 @@ public SecurityComponents createSecurityComponents() {
binding.setVariable("realm", this);
builder.parse(getClass().getResourceAsStream("ActiveDirectory.groovy"), binding);
WebApplicationContext context = builder.createApplicationContext();
return new SecurityComponents(findBean(AuthenticationManager.class, context), findBean(UserDetailsService.class, context));

final AbstractActiveDirectoryAuthenticationProvider adp = findBean(AbstractActiveDirectoryAuthenticationProvider.class, context);

return new SecurityComponents(
findBean(AuthenticationManager.class, context),
findBean(UserDetailsService.class, context),
new TokenBasedRememberMeServices2() {
public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
// no supporting auto-login unless we can do retrieveUser. See JENKINS-11643.
if (adp.canRetrieveUserByName())
return super.autoLogin(request,response);
else
return null;
}
});
}

@Override
@@ -73,6 +73,11 @@ protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticati
return userDetails;
}

@Override
protected boolean canRetrieveUserByName() {
return bindName!=null;
}

private UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication, String domainName) throws AuthenticationException {
// when we use custom socket factory below, every LDAP operations result
// in a classloading via context classloader, so we need it to resolve.

0 comments on commit 00d5f52

Please sign in to comment.