hudson.plugins.openid

Class OpenIdSsoSecurityRealm

java.lang.Object

hudson.model.AbstractDescribableImpl<hudson.security.SecurityRealm>

hudson.security.SecurityRealm

hudson.plugins.openid.OpenIdSsoSecurityRealm

All Implemented Interfaces:

hudson.ExtensionPoint, hudson.model.Describable<hudson.security.SecurityRealm>

Direct Known Subclasses:

GoogleAppSsoSecurityRealm

public class OpenIdSsoSecurityRealm
extends hudson.security.SecurityRealm

SSO based on OpenID by fixing a provider.

Author:

Kohsuke Kawaguchi

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OpenIdSsoSecurityRealm.DescriptorImpl

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

hudson.security.SecurityRealm.SecurityComponents

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

hudson.ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field and Description
String	endpoint

Fields inherited from class hudson.security.SecurityRealm

AUTHENTICATED_AUTHORITY, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors

Constructor and Description
OpenIdSsoSecurityRealm(String endpoint)

Method Summary

Modifier and Type	Method and Description
protected void	addProxyPropertiesToHttpClient()
protected org.openid4java.consumer.ConsumerManager	createManager()
hudson.security.SecurityRealm.SecurityComponents	createSecurityComponents() Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it.
org.kohsuke.stapler.HttpResponse	doCommenceLogin(String from) The login process starts from here.
org.kohsuke.stapler.HttpResponse	doFinishLogin(org.kohsuke.stapler.StaplerRequest request) This is where the user comes back to at the end of the OpenID redirect ping-pong.
String	getLoginUrl() Login begins with our doCommenceLogin(String) method.
boolean	isApplicable(OpenIdExtension openIdExtension) Allow OpenId SSO Security Realms to determine the extensions that are applicable.

Methods inherited from class hudson.security.SecurityRealm

all, allowsSignup, canLogOut, commenceSignup, createCliAuthenticator, createFilter, doCaptcha, doLogout, findBean, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getDescriptor, getGroupIdStrategy, getPostLogOutUrl, getSecurityComponents, getUserIdStrategy, loadGroupByGroupname, loadGroupByGroupname, loadUserByUsername, setCaptchaSupport, validateCaptcha

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

endpoint

public final String endpoint

Constructor Detail

OpenIdSsoSecurityRealm

@DataBoundConstructor
public OpenIdSsoSecurityRealm(String endpoint)
                                             throws IOException,
                                                    org.openid4java.OpenIDException

Throws:

IOException

org.openid4java.OpenIDException

Method Detail

createManager

protected org.openid4java.consumer.ConsumerManager createManager()
                                                          throws org.openid4java.consumer.ConsumerException

Throws:

org.openid4java.consumer.ConsumerException

addProxyPropertiesToHttpClient

protected void addProxyPropertiesToHttpClient()

getLoginUrl

public String getLoginUrl()

Login begins with our doCommenceLogin(String) method.

Overrides:

getLoginUrl in class hudson.security.SecurityRealm

createSecurityComponents

public hudson.security.SecurityRealm.SecurityComponents createSecurityComponents()

Acegi has this notion that first an Authentication object is created by collecting user information and then the act of authentication is done later (by AuthenticationManager) to verify it. But in case of OpenID, we create an Authentication only after we verified the user identity, so AuthenticationManager becomes no-op.

Specified by:

createSecurityComponents in class hudson.security.SecurityRealm

doCommenceLogin

public org.kohsuke.stapler.HttpResponse doCommenceLogin(@QueryParameter
                                                        String from)
                                                 throws IOException,
                                                        org.openid4java.OpenIDException

The login process starts from here.

Throws:

IOException

org.openid4java.OpenIDException

doFinishLogin

public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request)
                                               throws IOException,
                                                      org.openid4java.OpenIDException

This is where the user comes back to at the end of the OpenID redirect ping-pong.

Throws:

IOException

org.openid4java.OpenIDException

isApplicable

public boolean isApplicable(OpenIdExtension openIdExtension)

Allow OpenId SSO Security Realms to determine the extensions that are applicable.

Parameters:

openIdExtension - the extension.

Returns:

true if this extension is appropriate.

Since:

2.2