{"payload":{"allShortcutsEnabled":false,"fileTree":{"core/src/main/java/hudson/security":{"items":[{"name":"captcha","path":"core/src/main/java/hudson/security/captcha","contentType":"directory"},{"name":"csrf","path":"core/src/main/java/hudson/security/csrf","contentType":"directory"},{"name":"ACL.java","path":"core/src/main/java/hudson/security/ACL.java","contentType":"file"},{"name":"ACLContext.java","path":"core/src/main/java/hudson/security/ACLContext.java","contentType":"file"},{"name":"AbstractPasswordBasedSecurityRealm.java","path":"core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java","contentType":"file"},{"name":"AccessControlled.java","path":"core/src/main/java/hudson/security/AccessControlled.java","contentType":"file"},{"name":"AccessDeniedException2.java","path":"core/src/main/java/hudson/security/AccessDeniedException2.java","contentType":"file"},{"name":"AccessDeniedHandlerImpl.java","path":"core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java","contentType":"file"},{"name":"AuthenticationManagerProxy.java","path":"core/src/main/java/hudson/security/AuthenticationManagerProxy.java","contentType":"file"},{"name":"AuthenticationProcessingFilter2.java","path":"core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java","contentType":"file"},{"name":"AuthorizationStrategy.java","path":"core/src/main/java/hudson/security/AuthorizationStrategy.java","contentType":"file"},{"name":"BCrypt.java","path":"core/src/main/java/hudson/security/BCrypt.java","contentType":"file"},{"name":"BasicAuthenticationFilter.java","path":"core/src/main/java/hudson/security/BasicAuthenticationFilter.java","contentType":"file"},{"name":"ChainedServletFilter.java","path":"core/src/main/java/hudson/security/ChainedServletFilter.java","contentType":"file"},{"name":"CliAuthenticator.java","path":"core/src/main/java/hudson/security/CliAuthenticator.java","contentType":"file"},{"name":"ContainerAuthentication.java","path":"core/src/main/java/hudson/security/ContainerAuthentication.java","contentType":"file"},{"name":"DeferredCreationLdapAuthoritiesPopulator.java","path":"core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java","contentType":"file"},{"name":"FederatedLoginService.java","path":"core/src/main/java/hudson/security/FederatedLoginService.java","contentType":"file"},{"name":"FederatedLoginServiceUserProperty.java","path":"core/src/main/java/hudson/security/FederatedLoginServiceUserProperty.java","contentType":"file"},{"name":"FullControlOnceLoggedInAuthorizationStrategy.java","path":"core/src/main/java/hudson/security/FullControlOnceLoggedInAuthorizationStrategy.java","contentType":"file"},{"name":"GlobalSecurityConfiguration.java","path":"core/src/main/java/hudson/security/GlobalSecurityConfiguration.java","contentType":"file"},{"name":"GroupDetails.java","path":"core/src/main/java/hudson/security/GroupDetails.java","contentType":"file"},{"name":"HttpSessionContextIntegrationFilter2.java","path":"core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java","contentType":"file"},{"name":"HudsonAuthenticationEntryPoint.java","path":"core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java","contentType":"file"},{"name":"HudsonFilter.java","path":"core/src/main/java/hudson/security/HudsonFilter.java","contentType":"file"},{"name":"HudsonPrivateSecurityRealm.java","path":"core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java","contentType":"file"},{"name":"InvalidatableUserDetails.java","path":"core/src/main/java/hudson/security/InvalidatableUserDetails.java","contentType":"file"},{"name":"LegacyAuthorizationStrategy.java","path":"core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java","contentType":"file"},{"name":"LegacySecurityRealm.java","path":"core/src/main/java/hudson/security/LegacySecurityRealm.java","contentType":"file"},{"name":"NoopFilter.java","path":"core/src/main/java/hudson/security/NoopFilter.java","contentType":"file"},{"name":"NotSerilizableSecurityContext.java","path":"core/src/main/java/hudson/security/NotSerilizableSecurityContext.java","contentType":"file"},{"name":"Permission.java","path":"core/src/main/java/hudson/security/Permission.java","contentType":"file"},{"name":"PermissionAdder.java","path":"core/src/main/java/hudson/security/PermissionAdder.java","contentType":"file"},{"name":"PermissionGroup.java","path":"core/src/main/java/hudson/security/PermissionGroup.java","contentType":"file"},{"name":"PermissionScope.java","path":"core/src/main/java/hudson/security/PermissionScope.java","contentType":"file"},{"name":"RememberMeServicesProxy.java","path":"core/src/main/java/hudson/security/RememberMeServicesProxy.java","contentType":"file"},{"name":"SecurityMode.java","path":"core/src/main/java/hudson/security/SecurityMode.java","contentType":"file"},{"name":"SecurityRealm.java","path":"core/src/main/java/hudson/security/SecurityRealm.java","contentType":"file"},{"name":"SidACL.java","path":"core/src/main/java/hudson/security/SidACL.java","contentType":"file"},{"name":"SparseACL.java","path":"core/src/main/java/hudson/security/SparseACL.java","contentType":"file"},{"name":"TokenBasedRememberMeServices2.java","path":"core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java","contentType":"file"},{"name":"UnwrapSecurityExceptionFilter.java","path":"core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java","contentType":"file"},{"name":"UserDetailsServiceProxy.java","path":"core/src/main/java/hudson/security/UserDetailsServiceProxy.java","contentType":"file"},{"name":"UserMayOrMayNotExistException.java","path":"core/src/main/java/hudson/security/UserMayOrMayNotExistException.java","contentType":"file"},{"name":"WhoAmI.java","path":"core/src/main/java/hudson/security/WhoAmI.java","contentType":"file"},{"name":"package.html","path":"core/src/main/java/hudson/security/package.html","contentType":"file"}],"totalCount":46},"core/src/main/java/hudson":{"items":[{"name":"cli","path":"core/src/main/java/hudson/cli","contentType":"directory"},{"name":"console","path":"core/src/main/java/hudson/console","contentType":"directory"},{"name":"diagnosis","path":"core/src/main/java/hudson/diagnosis","contentType":"directory"},{"name":"fsp","path":"core/src/main/java/hudson/fsp","contentType":"directory"},{"name":"init","path":"core/src/main/java/hudson/init","contentType":"directory"},{"name":"lifecycle","path":"core/src/main/java/hudson/lifecycle","contentType":"directory"},{"name":"logging","path":"core/src/main/java/hudson/logging","contentType":"directory"},{"name":"markup","path":"core/src/main/java/hudson/markup","contentType":"directory"},{"name":"model","path":"core/src/main/java/hudson/model","contentType":"directory"},{"name":"node_monitors","path":"core/src/main/java/hudson/node_monitors","contentType":"directory"},{"name":"org","path":"core/src/main/java/hudson/org","contentType":"directory"},{"name":"os","path":"core/src/main/java/hudson/os","contentType":"directory"},{"name":"scheduler","path":"core/src/main/java/hudson/scheduler","contentType":"directory"},{"name":"scm","path":"core/src/main/java/hudson/scm","contentType":"directory"},{"name":"search","path":"core/src/main/java/hudson/search","contentType":"directory"},{"name":"security","path":"core/src/main/java/hudson/security","contentType":"directory"},{"name":"slaves","path":"core/src/main/java/hudson/slaves","contentType":"directory"},{"name":"tasks","path":"core/src/main/java/hudson/tasks","contentType":"directory"},{"name":"tools","path":"core/src/main/java/hudson/tools","contentType":"directory"},{"name":"triggers","path":"core/src/main/java/hudson/triggers","contentType":"directory"},{"name":"util","path":"core/src/main/java/hudson/util","contentType":"directory"},{"name":"views","path":"core/src/main/java/hudson/views","contentType":"directory"},{"name":"widgets","path":"core/src/main/java/hudson/widgets","contentType":"directory"},{"name":"AbortException.java","path":"core/src/main/java/hudson/AbortException.java","contentType":"file"},{"name":"AboutJenkins.java","path":"core/src/main/java/hudson/AboutJenkins.java","contentType":"file"},{"name":"AbstractMarkupText.java","path":"core/src/main/java/hudson/AbstractMarkupText.java","contentType":"file"},{"name":"BulkChange.java","path":"core/src/main/java/hudson/BulkChange.java","contentType":"file"},{"name":"ClassicPluginStrategy.java","path":"core/src/main/java/hudson/ClassicPluginStrategy.java","contentType":"file"},{"name":"CloseProofOutputStream.java","path":"core/src/main/java/hudson/CloseProofOutputStream.java","contentType":"file"},{"name":"CopyOnWrite.java","path":"core/src/main/java/hudson/CopyOnWrite.java","contentType":"file"},{"name":"DNSMultiCast.java","path":"core/src/main/java/hudson/DNSMultiCast.java","contentType":"file"},{"name":"DependencyRunner.java","path":"core/src/main/java/hudson/DependencyRunner.java","contentType":"file"},{"name":"DescriptorExtensionList.java","path":"core/src/main/java/hudson/DescriptorExtensionList.java","contentType":"file"},{"name":"EnvVars.java","path":"core/src/main/java/hudson/EnvVars.java","contentType":"file"},{"name":"ExpressionFactory2.java","path":"core/src/main/java/hudson/ExpressionFactory2.java","contentType":"file"},{"name":"Extension.java","path":"core/src/main/java/hudson/Extension.java","contentType":"file"},{"name":"ExtensionComponent.java","path":"core/src/main/java/hudson/ExtensionComponent.java","contentType":"file"},{"name":"ExtensionFinder.java","path":"core/src/main/java/hudson/ExtensionFinder.java","contentType":"file"},{"name":"ExtensionList.java","path":"core/src/main/java/hudson/ExtensionList.java","contentType":"file"},{"name":"ExtensionListListener.java","path":"core/src/main/java/hudson/ExtensionListListener.java","contentType":"file"},{"name":"ExtensionListView.java","path":"core/src/main/java/hudson/ExtensionListView.java","contentType":"file"},{"name":"ExtensionPoint.java","path":"core/src/main/java/hudson/ExtensionPoint.java","contentType":"file"},{"name":"FeedAdapter.java","path":"core/src/main/java/hudson/FeedAdapter.java","contentType":"file"},{"name":"FilePath.java","path":"core/src/main/java/hudson/FilePath.java","contentType":"file"},{"name":"FileSystemProvisioner.java","path":"core/src/main/java/hudson/FileSystemProvisioner.java","contentType":"file"},{"name":"FileSystemProvisionerDescriptor.java","path":"core/src/main/java/hudson/FileSystemProvisionerDescriptor.java","contentType":"file"},{"name":"Functions.java","path":"core/src/main/java/hudson/Functions.java","contentType":"file"},{"name":"Indenter.java","path":"core/src/main/java/hudson/Indenter.java","contentType":"file"},{"name":"Launcher.java","path":"core/src/main/java/hudson/Launcher.java","contentType":"file"},{"name":"LauncherDecorator.java","path":"core/src/main/java/hudson/LauncherDecorator.java","contentType":"file"},{"name":"LocalPluginManager.java","path":"core/src/main/java/hudson/LocalPluginManager.java","contentType":"file"},{"name":"Lookup.java","path":"core/src/main/java/hudson/Lookup.java","contentType":"file"},{"name":"Main.java","path":"core/src/main/java/hudson/Main.java","contentType":"file"},{"name":"MarkupText.java","path":"core/src/main/java/hudson/MarkupText.java","contentType":"file"},{"name":"PermalinkList.java","path":"core/src/main/java/hudson/PermalinkList.java","contentType":"file"},{"name":"Platform.java","path":"core/src/main/java/hudson/Platform.java","contentType":"file"},{"name":"Plugin.java","path":"core/src/main/java/hudson/Plugin.java","contentType":"file"},{"name":"PluginFirstClassLoader.java","path":"core/src/main/java/hudson/PluginFirstClassLoader.java","contentType":"file"},{"name":"PluginManager.java","path":"core/src/main/java/hudson/PluginManager.java","contentType":"file"},{"name":"PluginManagerStaplerOverride.java","path":"core/src/main/java/hudson/PluginManagerStaplerOverride.java","contentType":"file"},{"name":"PluginStrategy.java","path":"core/src/main/java/hudson/PluginStrategy.java","contentType":"file"},{"name":"PluginWrapper.java","path":"core/src/main/java/hudson/PluginWrapper.java","contentType":"file"},{"name":"Proc.java","path":"core/src/main/java/hudson/Proc.java","contentType":"file"},{"name":"ProxyConfiguration.java","path":"core/src/main/java/hudson/ProxyConfiguration.java","contentType":"file"},{"name":"RelativePath.java","path":"core/src/main/java/hudson/RelativePath.java","contentType":"file"},{"name":"ResponseHeaderFilter.java","path":"core/src/main/java/hudson/ResponseHeaderFilter.java","contentType":"file"},{"name":"RestrictedSince.java","path":"core/src/main/java/hudson/RestrictedSince.java","contentType":"file"},{"name":"StructuredForm.java","path":"core/src/main/java/hudson/StructuredForm.java","contentType":"file"},{"name":"TcpSlaveAgentListener.java","path":"core/src/main/java/hudson/TcpSlaveAgentListener.java","contentType":"file"},{"name":"UDPBroadcastFragment.java","path":"core/src/main/java/hudson/UDPBroadcastFragment.java","contentType":"file"},{"name":"UDPBroadcastThread.java","path":"core/src/main/java/hudson/UDPBroadcastThread.java","contentType":"file"},{"name":"URLConnectionDecorator.java","path":"core/src/main/java/hudson/URLConnectionDecorator.java","contentType":"file"},{"name":"Util.java","path":"core/src/main/java/hudson/Util.java","contentType":"file"},{"name":"WebAppMain.java","path":"core/src/main/java/hudson/WebAppMain.java","contentType":"file"},{"name":"WorkspaceSnapshot.java","path":"core/src/main/java/hudson/WorkspaceSnapshot.java","contentType":"file"},{"name":"XmlFile.java","path":"core/src/main/java/hudson/XmlFile.java","contentType":"file"}],"totalCount":76},"core/src/main/java":{"items":[{"name":"hudson","path":"core/src/main/java/hudson","contentType":"directory"},{"name":"jenkins","path":"core/src/main/java/jenkins","contentType":"directory"},{"name":"org","path":"core/src/main/java/org","contentType":"directory"}],"totalCount":3},"core/src/main":{"items":[{"name":"grammar","path":"core/src/main/grammar","contentType":"directory"},{"name":"groovy","path":"core/src/main/groovy","contentType":"directory"},{"name":"java","path":"core/src/main/java","contentType":"directory"},{"name":"resources","path":"core/src/main/resources","contentType":"directory"}],"totalCount":4},"core/src":{"items":[{"name":"build-script","path":"core/src/build-script","contentType":"directory"},{"name":"filter","path":"core/src/filter","contentType":"directory"},{"name":"main","path":"core/src/main","contentType":"directory"},{"name":"site","path":"core/src/site","contentType":"directory"},{"name":"test","path":"core/src/test","contentType":"directory"}],"totalCount":5},"core":{"items":[{"name":"src","path":"core/src","contentType":"directory"},{"name":"move-l10n.groovy","path":"core/move-l10n.groovy","contentType":"file"},{"name":"pom.xml","path":"core/pom.xml","contentType":"file"},{"name":"report-l10n.rb","path":"core/report-l10n.rb","contentType":"file"}],"totalCount":4},"":{"items":[{"name":".github","path":".github","contentType":"directory"},{"name":".mvn","path":".mvn","contentType":"directory"},{"name":"cli","path":"cli","contentType":"directory"},{"name":"core","path":"core","contentType":"directory"},{"name":"src","path":"src","contentType":"directory"},{"name":"test","path":"test","contentType":"directory"},{"name":"war","path":"war","contentType":"directory"},{"name":".gitattributes","path":".gitattributes","contentType":"file"},{"name":".gitignore","path":".gitignore","contentType":"file"},{"name":".jenkins","path":".jenkins","contentType":"file"},{"name":"BUILDING.TXT","path":"BUILDING.TXT","contentType":"file"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","contentType":"file"},{"name":"Jenkinsfile","path":"Jenkinsfile","contentType":"file"},{"name":"LICENSE.txt","path":"LICENSE.txt","contentType":"file"},{"name":"README.md","path":"README.md","contentType":"file"},{"name":"assembly-src.xml","path":"assembly-src.xml","contentType":"file"},{"name":"changelog.html","path":"changelog.html","contentType":"file"},{"name":"dummy.keystore","path":"dummy.keystore","contentType":"file"},{"name":"licenseCompleter.groovy","path":"licenseCompleter.groovy","contentType":"file"},{"name":"pom.xml","path":"pom.xml","contentType":"file"},{"name":"rc.changelog.rb","path":"rc.changelog.rb","contentType":"file"},{"name":"show-pom-version.rb","path":"show-pom-version.rb","contentType":"file"},{"name":"translation-tool.pl","path":"translation-tool.pl","contentType":"file"}],"totalCount":23}},"fileTreeProcessingTime":36.719055,"foldersToFetch":[],"repo":{"id":1103607,"defaultBranch":"master","name":"jenkins","ownerLogin":"jenkinsci","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2010-11-22T21:21:23.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/107424?v=4","public":true,"private":false,"isOrgOwned":true},"symbolsExpanded":false,"treeExpanded":true,"refInfo":{"name":"729016989e13632bc980957d05060510efddf41f","listCacheKey":"v0:1710781600.0","canEdit":false,"refType":"tree","currentOid":"729016989e13632bc980957d05060510efddf41f"},"path":"core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java","currentUser":null,"blob":{"rawLines":["package hudson.security;","","import groovy.lang.Binding;","import hudson.FilePath;","import hudson.cli.CLICommand;","import hudson.util.spring.BeanBuilder;","import java.io.Console;","import java.io.IOException;","import jenkins.model.Jenkins;","import jenkins.security.ImpersonatingUserDetailsService;","import jenkins.security.SecurityListener;","import jenkins.security.MasterToSlaveCallable;","import org.acegisecurity.Authentication;","import org.acegisecurity.AuthenticationException;","import org.acegisecurity.AuthenticationManager;","import org.acegisecurity.BadCredentialsException;","import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;","import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;","import org.acegisecurity.userdetails.UserDetails;","import org.acegisecurity.userdetails.UserDetailsService;","import org.acegisecurity.userdetails.UsernameNotFoundException;","import org.kohsuke.args4j.Option;","import org.springframework.dao.DataAccessException;","import org.springframework.web.context.WebApplicationContext;","","/**"," * Partial implementation of {@link SecurityRealm} for username/password based authentication."," * This is a convenience base class if all you are trying to do is to check the given username"," * and password with the information stored in somewhere else, and you don't want to do anything"," * with Acegi."," *"," *
"," * This {@link SecurityRealm} uses the standard login form (and a few other optional mechanisms like BASIC auth)"," * to gather the username/password information. Subtypes are responsible for authenticating this information."," *"," * @author Kohsuke Kawaguchi"," * @since 1.317"," */","public abstract class AbstractPasswordBasedSecurityRealm extends SecurityRealm implements UserDetailsService {"," @Override"," public SecurityComponents createSecurityComponents() {"," Binding binding = new Binding();"," binding.setVariable(\"authenticator\", new Authenticator());",""," BeanBuilder builder = new BeanBuilder();"," builder.parse(Jenkins.getInstance().servletContext.getResourceAsStream(\"/WEB-INF/security/AbstractPasswordBasedSecurityRealm.groovy\"),binding);"," WebApplicationContext context = builder.createApplicationContext();"," return new SecurityComponents("," findBean(AuthenticationManager.class, context),"," new ImpersonatingUserDetailsService(this));"," }",""," @Deprecated"," @Override"," public CliAuthenticator createCliAuthenticator(final CLICommand command) {"," return new CliAuthenticator() {"," @Option(name=\"--username\",usage=\"User name to authenticate yourself to Jenkins\")"," public String userName;",""," @Option(name=\"--password\",usage=\"Password for authentication. Note that passing a password in arguments is insecure.\")"," public String password;",""," @Option(name=\"--password-file\",usage=\"File that contains the password\")"," public String passwordFile;",""," public Authentication authenticate() throws AuthenticationException, IOException, InterruptedException {"," if (userName==null)"," return command.getTransportAuthentication(); // no authentication parameter. fallback to the transport",""," if (passwordFile!=null)"," try {"," password = new FilePath(command.checkChannel(), passwordFile).readToString().trim();"," } catch (IOException e) {"," throw new BadCredentialsException(\"Failed to read \"+passwordFile,e);"," }"," if (password==null)"," password = command.checkChannel().call(new InteractivelyAskForPassword());",""," if (password==null)"," throw new BadCredentialsException(\"No password specified\");",""," UserDetails d = doAuthenticate(userName, password);"," return new UsernamePasswordAuthenticationToken(d, password, d.getAuthorities());"," }"," };"," }",""," /**"," * Authenticate a login attempt."," * This method is the heart of a {@link AbstractPasswordBasedSecurityRealm}."," *"," *
"," * If the user name and the password pair matches, retrieve the information about this user and"," * return it as a {@link UserDetails} object. {@link org.acegisecurity.userdetails.User} is a convenient"," * implementation to use, but if your backend offers additional data, you may want to use your own subtype"," * so that the rest of Hudson can use those additional information (such as e-mail address --- see"," * MailAddressResolver.)"," *"," *
"," * Properties like {@link UserDetails#getPassword()} make no sense, so just return an empty value from it."," * The only information that you need to pay real attention is {@link UserDetails#getAuthorities()}, which"," * is a list of roles/groups that the user is in. At minimum, this must contain {@link #AUTHENTICATED_AUTHORITY}"," * (which indicates that this user is authenticated and not anonymous), but if your backend supports a notion"," * of groups, you should make sure that the authorities contain one entry per one group. This enables"," * users to control authorization based on groups."," *"," *
"," * If the user name and the password pair doesn't match, throw {@link AuthenticationException} to reject the login"," * attempt."," */"," protected abstract UserDetails authenticate(String username, String password) throws AuthenticationException;",""," private UserDetails doAuthenticate(String username, String password) throws AuthenticationException {"," try {"," UserDetails user = authenticate(username, password);"," SecurityListener.fireAuthenticated(user);"," return user;"," } catch (AuthenticationException x) {"," SecurityListener.fireFailedToAuthenticate(username);"," throw x;"," }"," }",""," /**"," * Retrieves information about an user by its name."," *"," *
"," * This method is used, for example, to validate if the given token is a valid user name when the user is configuring an ACL."," * This is an optional method that improves the user experience. If your backend doesn't support"," * a query like this, just always throw {@link UsernameNotFoundException}."," */"," @Override"," public abstract UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;",""," /**"," * Retrieves information about a group by its name."," *"," * This method is the group version of the {@link #loadUserByUsername(String)}."," */"," @Override"," public abstract GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException;",""," class Authenticator extends AbstractUserDetailsAuthenticationProvider {"," protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {"," // authentication is assumed to be done already in the retrieveUser method"," }",""," protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {"," return doAuthenticate(username,authentication.getCredentials().toString());"," }"," }",""," /**"," * Asks for the password."," */"," private static class InteractivelyAskForPassword extends MasterToSlaveCallable