nicolabs/ldap-plugin
1
0
Fork 0
mirror of https://github.com/nicolabs/ldap-plugin.git synced 2025-09-07 05:14:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

doing a bit more LDAP work.

Browse source 
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6475 71c3de6d-444a-0410-be80-ed276b4c234a

Originally-Committed-As: ad569ef435a46570c0a15331563bc9a1721eeb19
This commit is contained in:
kohsuke 2008-01-04 07:13:30 +00:00
parent 18f05768f4
commit dc94954abb
2 changed files with 54 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
core/src/main/java/hudson/security/LDAPSecurityRealm.java
View file

@ -5,7 +5,10 @@ import org.acegisecurity.MockAuthenticationManager;
import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.DataBoundConstructor;
import hudson.model.Descriptor; import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.util.spring.BeanBuilder;
import net.sf.json.JSONObject; import net.sf.json.JSONObject;
import groovy.lang.Binding;
/** /**
* {@link SecurityRealm} implementation that uses LDAP for authentication. * {@link SecurityRealm} implementation that uses LDAP for authentication.
@ -13,6 +16,10 @@ import net.sf.json.JSONObject;
* @author Kohsuke Kawaguchi * @author Kohsuke Kawaguchi
*/ */
public class LDAPSecurityRealm extends SecurityRealm { public class LDAPSecurityRealm extends SecurityRealm {
/**
* LDAP to connect to, and root DN.
* String like "ldap://monkeymachine:389/dc=acegisecurity,dc=org"
*/
public final String providerUrl; public final String providerUrl;
@DataBoundConstructor @DataBoundConstructor
@ -21,8 +28,12 @@ public class LDAPSecurityRealm extends SecurityRealm {
} }
public AuthenticationManager createAuthenticationManager() { public AuthenticationManager createAuthenticationManager() {
// TODO Binding binding = new Binding();
return new MockAuthenticationManager(true); binding.setVariable("it", this);
BeanBuilder builder = new BeanBuilder();
builder.parse(Hudson.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/LDAPBindSecurityRealm.groovy"),binding);
return findBean(AuthenticationManager.class,builder.createApplicationContext());
} }
public DescriptorImpl getDescriptor() { public DescriptorImpl getDescriptor() {

41
war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy Normal file
View file

@ -0,0 +1,41 @@
import org.acegisecurity.providers.ProviderManager
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
import org.acegisecurity.ldap.DefaultInitialDirContextFactory
/*
Configure LDAP as the authentication realm.
Authentication is performed by doing LDAP bind.
*/
initialDirContextFactory(DefaultInitialDirContextFactory,it.providerUrl) {
// if anonymous bind is not allowed --- but what is the use of anonymous bind?
// managerDn = "..."
// managerPassword="..."
}
bindAuthenticator(BindAuthenticator,initialDirContextFactory) {
userDnPatterns = [
"uid={0},ou=people"
]
}
authoritiesPopulator(DefaultLdapAuthoritiesPopulator,initialDirContextFactory,"ou=groups") {
// groupRoleAttribute = "ou";
}
authenticationManager(ProviderManager) {
providers = [
// talk to LDAP
bean(LdapAuthenticationProvider,bindAuthenticator,authoritiesPopulator),
// this doesn't mean we allow anonymous access.
// we just authenticate anonymous users as such,
// so that later authorization can reject them if so configured
bean(AnonymousAuthenticationProvider) {
key = "anonymous"
}
]
}