2008-01-04 08:13:30 +01:00
|
|
|
import org.acegisecurity.providers.ProviderManager
|
|
|
|
|
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
|
|
|
|
|
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider
|
2008-04-11 08:39:46 +02:00
|
|
|
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2
|
2008-01-04 08:13:30 +01:00
|
|
|
import org.acegisecurity.ldap.DefaultInitialDirContextFactory
|
2008-01-05 01:17:06 +01:00
|
|
|
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
|
2008-01-19 18:42:15 +01:00
|
|
|
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
|
2008-01-19 18:58:09 +01:00
|
|
|
import hudson.model.Hudson
|
2008-06-27 19:37:50 +02:00
|
|
|
import hudson.security.DeferredCreationLdapAuthoritiesPopulator
|
2008-01-04 08:13:30 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Configure LDAP as the authentication realm.
|
|
|
|
|
|
|
|
|
|
Authentication is performed by doing LDAP bind.
|
2008-01-05 01:17:06 +01:00
|
|
|
The 'instance' object refers to the instance of LDAPSecurityRealm
|
2008-01-04 08:13:30 +01:00
|
|
|
*/
|
|
|
|
|
|
2008-01-05 01:17:06 +01:00
|
|
|
initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL() ) {
|
2008-06-13 23:59:57 +02:00
|
|
|
if(instance.managerDN!=null) {
|
|
|
|
|
managerDn = instance.managerDN;
|
|
|
|
|
managerPassword = instance.getManagerPassword();
|
|
|
|
|
}
|
2008-01-04 08:13:30 +01:00
|
|
|
}
|
|
|
|
|
|
2008-01-25 03:08:03 +01:00
|
|
|
ldapUserSearch(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
|
|
|
|
|
searchSubtree=true
|
|
|
|
|
}
|
|
|
|
|
|
2008-04-11 08:39:46 +02:00
|
|
|
bindAuthenticator(BindAuthenticator2,initialDirContextFactory) {
|
2008-01-05 01:17:06 +01:00
|
|
|
// this is when you the user name can be translated into DN.
|
|
|
|
|
// userDnPatterns = [
|
|
|
|
|
// "uid={0},ou=people"
|
|
|
|
|
// ]
|
|
|
|
|
// this is when we need to find it.
|
2008-01-25 03:05:08 +01:00
|
|
|
userSearch = ldapUserSearch;
|
2008-01-04 08:13:30 +01:00
|
|
|
}
|
2008-01-25 03:05:08 +01:00
|
|
|
|
2008-06-27 19:37:50 +02:00
|
|
|
authoritiesPopulator(DeferredCreationLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {
|
2008-01-04 08:13:30 +01:00
|
|
|
// groupRoleAttribute = "ou";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
authenticationManager(ProviderManager) {
|
|
|
|
|
providers = [
|
|
|
|
|
// talk to LDAP
|
|
|
|
|
bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),
|
2008-01-19 18:42:15 +01:00
|
|
|
|
|
|
|
|
// these providers apply everywhere
|
|
|
|
|
bean(RememberMeAuthenticationProvider) {
|
2008-01-19 18:58:09 +01:00
|
|
|
key = Hudson.getInstance().getSecretKey();
|
2008-01-19 18:42:15 +01:00
|
|
|
},
|
2008-01-04 08:13:30 +01:00
|
|
|
// this doesn't mean we allow anonymous access.
|
|
|
|
|
// we just authenticate anonymous users as such,
|
|
|
|
|
// so that later authorization can reject them if so configured
|
|
|
|
|
bean(AnonymousAuthenticationProvider) {
|
|
|
|
|
key = "anonymous"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
