nicolabs/ldap-plugin
1
0
Fork 0
mirror of https://github.com/nicolabs/ldap-plugin.git synced 2025-09-07 05:14:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

LDAP authentication realm didn't support the built-in "authenticated" role.

Browse source 
(<a href="http://www.nabble.com/Hudson-security-issue%3A-authenticated-user-does-not-work-td22176902.html">report</a>)


git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@15774 71c3de6d-444a-0410-be80-ed276b4c234a

Originally-Committed-As: e3d1a7c5ff2d4081d826d9432af6f597c5f58409
This commit is contained in:
kohsuke 2009-02-26 03:21:23 +00:00
parent 77adf5325b
commit fddcb63fe6
2 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
core/src/main/java/hudson/security/LDAPSecurityRealm.java
View file

@ -36,6 +36,7 @@ import hudson.util.Scrambler;
import hudson.util.spring.BeanBuilder;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
@ -47,6 +48,7 @@ import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.ldap.LdapTemplate;
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
@ -66,6 +68,7 @@ import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Hashtable;
import java.util.Set;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
@ -407,6 +410,20 @@ public class LDAPSecurityRealm extends SecurityRealm {
}
}
/**
* {@link LdapAuthoritiesPopulator} that adds the automatic 'authenticated' role.
*/
public static final class AuthoritiesPopulatorImpl extends DefaultLdapAuthoritiesPopulator {
public AuthoritiesPopulatorImpl(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
super(initialDirContextFactory, groupSearchBase);
}
@Override
protected Set getAdditionalRoles(LdapUserDetails ldapUser) {
return Collections.singleton(AUTHENTICATED_AUTHORITY);
}
}
@Extension
public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
public String getDisplayName() {

6
war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
View file

@ -29,8 +29,9 @@ import org.acegisecurity.ldap.DefaultInitialDirContextFactory
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
import hudson.model.Hudson
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
import hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
import hudson.Util
import javax.naming.Context
/*
Configure LDAP as the authentication realm.
@ -44,6 +45,7 @@ initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL()
managerDn = instance.managerDN;
managerPassword = instance.getManagerPassword();
}
extraEnvVars = [(Context.REFERRAL):"follow"];
}
ldapUserSearch(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
@ -59,7 +61,7 @@ bindAuthenticator(BindAuthenticator2,initialDirContextFactory) {
userSearch = ldapUserSearch;
}
authoritiesPopulator(DefaultLdapAuthoritiesPopulator, initialDirContextFactory, Util.fixNull(instance.groupSearchBase)) {
authoritiesPopulator(AuthoritiesPopulatorImpl, initialDirContextFactory, Util.fixNull(instance.groupSearchBase)) {
// see DefaultLdapAuthoritiesPopulator for other possible configurations
searchSubtree = true;
}