Skip to content
Permalink
Browse files
[FIXED JENKINS-21852] Added http proxy configuration.
[FIXED JENKINS-18791] Session validation interval saved from ui.
[FIXED JENKINS-13279] Don't use ssoTokenHelper, work with Embedded Crowd in Jira.
[JENKINS-16703] More options for connection configuration.
  • Loading branch information
KostyaSha committed Apr 16, 2014
1 parent 744eaa8 commit 7039baf8288687ee20590011dbd03b85020d2009
Showing with 360 additions and 234 deletions.
  1. +67 −21 src/main/java/de/theit/jenkins/crowd/CrowdConfigurationService.java
  2. +11 −21 src/main/java/de/theit/jenkins/crowd/CrowdRememberMeServices.java
  3. +120 −115 src/main/java/de/theit/jenkins/crowd/CrowdSecurityRealm.java
  4. +4 −5 src/main/java/de/theit/jenkins/crowd/CrowdServletFilter.java
  5. +1 −2 src/main/java/de/theit/jenkins/crowd/ErrorMessages.java
  6. +0 −11 src/main/resources/crowd.properties
  7. +81 −53 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/config.jelly
  8. +3 −1 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-applicationName.html
  9. +8 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-cookieDomain.html
  10. +6 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-cookieTokenkey.html
  11. +6 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpMaxConnections.html
  12. +5 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyHost.html
  13. +5 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyPassword.html
  14. +5 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyPort.html
  15. +5 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyUsername.html
  16. +7 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpTimeout.html
  17. +5 −2 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-password.html
  18. +2 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-sessionValidationInterval.html
  19. +1 −1 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-url.html
  20. +3 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-useProxy.html
  21. +2 −0 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-useSSO.html
  22. +6 −2 src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help.html
  23. +7 −0 src/main/resources/de/theit/jenkins/crowd/help-socketTimeout.html
@@ -31,15 +31,11 @@
import static de.theit.jenkins.crowd.ErrorMessages.operationFailed;
import static de.theit.jenkins.crowd.ErrorMessages.userNotFound;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.TreeSet;
import java.util.*;
import java.util.logging.Level;
import java.util.logging.Logger;

import jenkins.model.Jenkins;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;

@@ -65,8 +61,7 @@
*/
public class CrowdConfigurationService {
/** Used for logging purposes. */
private static final Logger LOG = Logger
.getLogger(CrowdConfigurationService.class.getName());
private static final Logger LOG = Logger.getLogger(CrowdConfigurationService.class.getName());

/**
* The maximum number of groups that can be fetched from the Crowd server
@@ -95,22 +90,21 @@
/** Specifies whether nested groups may be used. */
private boolean nestedGroups;

boolean useSSO;
public boolean useSSO;

/**
* Creates a new Crowd configuration object.
*
* @param pGroupNames
* The group names to use when authenticating Crowd users. May
* not be <code>null</code>.
* @param pNestedGroups
* Specifies whether nested groups should be used when validating
* users against a group name.
*/
/**
* Creates a new Crowd configuration object.
*
* @param pGroupNames
* The group names to use when authenticating Crowd users. May
* not be <code>null</code>.
* @param pNestedGroups
* Specifies whether nested groups should be used when validating
* users against a group name.
*/
public CrowdConfigurationService(String pGroupNames, boolean pNestedGroups) {
if (LOG.isLoggable(Level.INFO)) {
LOG.info("Groups given for Crowd configuration service: "
+ pGroupNames);
LOG.info("Groups given for Crowd configuration service: " + pGroupNames);
}
this.allowedGroupNames = new ArrayList<String>();
for (String group : pGroupNames.split(",")) {
@@ -353,4 +347,56 @@ public int compare(GrantedAuthority ga1,

return authorities;
}

static public Properties getProperties(String url, String applicationName, String password,
int sessionValidationInterval, boolean useSSO,
String cookieDomain, String cookieTokenkey, Boolean useProxy,
String httpProxyHost, String httpProxyPort, String httpProxyUsername,
String httpProxyPassword, String socketTimeout,
String httpTimeout, String httpMaxConnections){
// for https://docs.atlassian.com/crowd/2.7.1/com/atlassian/crowd/service/client/ClientPropertiesImpl.html
Properties props = new Properties();

String crowdUrl = url;
if (!crowdUrl.endsWith("/")) {
crowdUrl += "/";
}
props.setProperty("application.name", applicationName);
props.setProperty("application.password", password);
props.setProperty("crowd.base.url", crowdUrl);
props.setProperty("application.login.url", crowdUrl + "console/");
props.setProperty("crowd.server.url", crowdUrl + "services/");
props.setProperty("session.validationinterval", String.valueOf(sessionValidationInterval));
//TODO move other values to jenkins web configuration
props.setProperty("session.isauthenticated", "session.isauthenticated");
props.setProperty("session.tokenkey", "session.tokenkey");
props.setProperty("session.lastvalidation","session.lastvalidation");

if (useSSO) {
if (cookieDomain != null && !cookieDomain.equals(""))
props.setProperty("cookie.domain", cookieDomain);
if (cookieTokenkey != null && !cookieTokenkey.equals(""))
props.setProperty("cookie.tokenkey", cookieTokenkey);
}

if (useProxy != null && useProxy){
if (httpProxyHost != null && !httpProxyHost.equals(""))
props.setProperty("http.proxy.host", httpProxyHost);
if (httpProxyPort != null && !httpProxyPort.equals(""))
props.setProperty("http.proxy.port", httpProxyPort);
if (httpProxyUsername != null && !httpProxyUsername.equals(""))
props.setProperty("http.proxy.username", httpProxyUsername);
if (httpProxyPassword != null && !httpProxyPassword.equals(""))
props.setProperty("http.proxy.password", httpProxyPassword);
}

if (socketTimeout != null && !socketTimeout.equals(""))
props.setProperty("socket.timeout", socketTimeout);
if (httpMaxConnections != null && !httpMaxConnections.equals(""))
props.setProperty("http.max.connections", httpMaxConnections);
if (httpTimeout != null && !httpTimeout.equals(""))
props.setProperty("http.timeout", httpTimeout);

return props;
}
}
@@ -64,8 +64,7 @@
*/
public class CrowdRememberMeServices implements RememberMeServices {
/** Used for logging purposes. */
private static final Logger LOG = Logger
.getLogger(CrowdRememberMeServices.class.getName());
private static final Logger LOG = Logger.getLogger(CrowdRememberMeServices.class.getName());

/**
* The configuration data necessary for accessing the services on the remote
@@ -134,11 +133,8 @@ public Authentication autoLogin(HttpServletRequest request,
// process
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
authorities.addAll(this.configuration
.getAuthoritiesForUser(user.getName()));

result = new CrowdAuthenticationToken(user.getName(), null,
authorities, ssoToken);
authorities.addAll(this.configuration.getAuthoritiesForUser(user.getName()));
result = new CrowdAuthenticationToken(user.getName(), null, authorities, ssoToken);
}
} catch (InvalidTokenException ex) {
// LOG.log(Level.INFO, invalidToken(), ex);
@@ -186,16 +182,15 @@ public void loginFail(HttpServletRequest request,
*/
@Override
public void loginSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication successfulAuthentication) {
HttpServletResponse response,
Authentication successfulAuthentication) {
if (!(successfulAuthentication instanceof CrowdAuthenticationToken)) {
// authentication token doesn't belong to us...
return;
}
CrowdAuthenticationToken crowdAuthenticationToken = (CrowdAuthenticationToken) successfulAuthentication;

List<ValidationFactor> validationFactors = this.configuration.tokenHelper
.getValidationFactorExtractor().getValidationFactors(request);
List<ValidationFactor> validationFactors = this.configuration.tokenHelper.getValidationFactorExtractor().getValidationFactors(request);

// check if there's already a SSO token in the authentication object
String ssoToken = crowdAuthenticationToken.getSSOToken();
@@ -216,10 +211,8 @@ public void loginSuccess(HttpServletRequest request,
if (LOG.isLoggable(Level.FINER)) {
LOG.finer("Retrieve SSO token...");
}
ssoToken = this.configuration.tokenHelper
.getCrowdToken(request,
this.configuration.clientProperties
.getCookieTokenKey());
ssoToken = this.configuration.tokenHelper.getCrowdToken(request,
this.configuration.clientProperties.getCookieTokenKey());
}

if (null == ssoToken) {
@@ -233,8 +226,7 @@ public void loginSuccess(HttpServletRequest request,
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Validate the SSO authentication...");
}
this.configuration.crowdClient.validateSSOAuthentication(ssoToken,
validationFactors);
this.configuration.crowdClient.validateSSOAuthentication(ssoToken, validationFactors);

// alright, we're successfully authenticated via SSO
if (LOG.isLoggable(Level.FINE)) {
@@ -247,13 +239,11 @@ public void loginSuccess(HttpServletRequest request,
} catch (InvalidAuthenticationException ex) {
LOG.warning(invalidAuthentication());
} catch (ExpiredCredentialException ex) {
LOG.warning(expiredCredentials(crowdAuthenticationToken
.getPrincipal()));
LOG.warning(expiredCredentials(crowdAuthenticationToken.getPrincipal()));
} catch (InactiveAccountException ex) {
LOG.warning(accountExpired(crowdAuthenticationToken.getPrincipal()));
} catch (ApplicationAccessDeniedException ex) {
LOG.warning(applicationAccessDenied(crowdAuthenticationToken
.getPrincipal()));
LOG.warning(applicationAccessDenied(crowdAuthenticationToken.getPrincipal()));
} catch (OperationFailedException ex) {
LOG.log(Level.SEVERE, operationFailed(), ex);
}

0 comments on commit 7039baf

Please sign in to comment.