LDAP authentication realm didn't support the built-in "authenticated" role.

(<a href="http://www.nabble.com/Hudson-security-issue%3A-authenticated-user-does-not-work-td22176902.html">report</a>) git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@15774 71c3de6d-444a-0410-be80-ed276b4c234a Originally-Committed-As: e3d1a7c5ff2d4081d826d9432af6f597c5f58409
2025-09-07 05:14:24 +02:00 · 2009-02-26 03:21:23 +00:00 · 2009-02-26 03:21:23 +00:00 · fddcb63fe6
commit fddcb63fe6
parent 77adf5325b
2 changed files with 21 additions and 2 deletions
--- a/core/src/main/java/hudson/security/LDAPSecurityRealm.java
+++ b/core/src/main/java/hudson/security/LDAPSecurityRealm.java
@ -36,6 +36,7 @@ import hudson.util.Scrambler;
 import hudson.util.spring.BeanBuilder;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.userdetails.UserDetailsService;
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.UsernameNotFoundException;
@ -47,6 +48,7 @@ import org.acegisecurity.ldap.LdapDataAccessException;
 import org.acegisecurity.ldap.InitialDirContextFactory;
 import org.acegisecurity.ldap.LdapTemplate;
 import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
 import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.StaplerRequest;
@ -66,6 +68,7 @@ import java.net.Socket;
 import java.net.UnknownHostException;
 import java.util.Hashtable;
 import java.util.Set;
 import java.util.Collections;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
@ -407,6 +410,20 @@ public class LDAPSecurityRealm extends SecurityRealm {
        }
    }
    /**
     * {@link LdapAuthoritiesPopulator} that adds the automatic 'authenticated' role.
     */
    public static final class AuthoritiesPopulatorImpl extends DefaultLdapAuthoritiesPopulator {
        public AuthoritiesPopulatorImpl(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
            super(initialDirContextFactory, groupSearchBase);
        }
        @Override
        protected Set getAdditionalRoles(LdapUserDetails ldapUser) {
            return Collections.singleton(AUTHENTICATED_AUTHORITY);
        }
    }
    @Extension
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getDisplayName() {
--- a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
+++ b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
@ -29,8 +29,9 @@ import org.acegisecurity.ldap.DefaultInitialDirContextFactory
 import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
 import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
 import hudson.model.Hudson
-import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
+import hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
 import hudson.Util
 import javax.naming.Context
 /*
    Configure LDAP as the authentication realm.
@ -44,6 +45,7 @@ initialDirContextFactory(DefaultInitialDirContextFactory, instance.getLDAPURL()
    managerDn = instance.managerDN;
    managerPassword = instance.getManagerPassword();
  }
  extraEnvVars = [(Context.REFERRAL):"follow"];
 }
 ldapUserSearch(FilterBasedLdapUserSearch, instance.userSearchBase, instance.userSearch, initialDirContextFactory) {
@ -59,7 +61,7 @@ bindAuthenticator(BindAuthenticator2,initialDirContextFactory) {
    userSearch = ldapUserSearch;
 }
-authoritiesPopulator(DefaultLdapAuthoritiesPopulator, initialDirContextFactory, Util.fixNull(instance.groupSearchBase)) {
+authoritiesPopulator(AuthoritiesPopulatorImpl, initialDirContextFactory, Util.fixNull(instance.groupSearchBase)) {
    // see DefaultLdapAuthoritiesPopulator for other possible configurations
    searchSubtree = true;
 }