From 376aae67f913ee97b01b0868acb6cff3cfd54cc3 Mon Sep 17 00:00:00 2001 From: kohsuke Date: Sat, 19 Jan 2008 17:42:15 +0000 Subject: [PATCH] adding remember-me service to the mix. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6761 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: 846889ad1acdc3644459c3643ce22371603dde38 --- .../src/main/java/hudson/security/LDAPSecurityRealm.java | 9 +++++++-- .../WEB-INF/security/LDAPBindSecurityRealm.groovy | 6 ++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/hudson/security/LDAPSecurityRealm.java b/core/src/main/java/hudson/security/LDAPSecurityRealm.java index a978403..c801c9e 100644 --- a/core/src/main/java/hudson/security/LDAPSecurityRealm.java +++ b/core/src/main/java/hudson/security/LDAPSecurityRealm.java @@ -9,11 +9,13 @@ import hudson.util.FormFieldValidator; import hudson.util.spring.BeanBuilder; import net.sf.json.JSONObject; import org.acegisecurity.AuthenticationManager; +import org.acegisecurity.userdetails.UserDetailsService; import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; +import org.springframework.web.context.WebApplicationContext; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -119,13 +121,16 @@ public class LDAPSecurityRealm extends SecurityRealm { return "ldap://"+server+'/'+rootDN; } - public AuthenticationManager createAuthenticationManager() { + public SecurityComponents createSecurityComponents() { Binding binding = new Binding(); binding.setVariable("instance", this); BeanBuilder builder = new BeanBuilder(); builder.parse(Hudson.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/LDAPBindSecurityRealm.groovy"),binding); - return findBean(AuthenticationManager.class,builder.createApplicationContext()); + WebApplicationContext appContext = builder.createApplicationContext(); + return new SecurityComponents( + findBean(AuthenticationManager.class, appContext), + findBean(UserDetailsService.class, appContext)); } public DescriptorImpl getDescriptor() { diff --git a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy index 23ed6a6..06fe76e 100644 --- a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy +++ b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy @@ -5,6 +5,7 @@ import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator import org.acegisecurity.ldap.DefaultInitialDirContextFactory import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch +import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider /* Configure LDAP as the authentication realm. @@ -38,6 +39,11 @@ authenticationManager(ProviderManager) { providers = [ // talk to LDAP bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator), + + // these providers apply everywhere + bean(RememberMeAuthenticationProvider) { + key = app.getSecretKey(); + }, // this doesn't mean we allow anonymous access. // we just authenticate anonymous users as such, // so that later authorization can reject them if so configured