initial version

pom.xml

@@ -0,0 +1,14 @@
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.jvnet.hudson.plugins</groupId>
+    <artifactId>plugin</artifactId>
+    <version>1.330</version>
+    <relativePath>../pom.xml</relativePath>
+  </parent>
+  
+  <artifactId>script-realm</artifactId>
+  <packaging>hpi</packaging>
+  <name>Security Realm by custom script</name>
+  <url>http://wiki.hudson-ci.org/display/HUDSON/Script+Security+Realm</url>
+</project>

src/main/java/hudson/plugins/script_realm/ScriptSecurityRealm.java

@@ -0,0 +1,89 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2004-2009, Sun Microsystems, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package hudson.plugins.script_realm;
+
+import hudson.Extension;
+import hudson.Launcher.LocalLauncher;
+import hudson.model.Descriptor;
+import hudson.security.AbstractPasswordBasedSecurityRealm;
+import hudson.security.GroupDetails;
+import hudson.security.SecurityRealm;
+import hudson.util.QuotedStringTokenizer;
+import hudson.util.StreamTaskListener;
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.AuthenticationServiceException;
+import org.acegisecurity.BadCredentialsException;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.userdetails.User;
+import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.kohsuke.stapler.DataBoundConstructor;
+import org.springframework.dao.DataAccessException;
+
+import java.io.IOException;
+import java.io.StringWriter;
+
+/**
+ * @author Kohsuke Kawaguchi
+ */
+public class ScriptSecurityRealm extends AbstractPasswordBasedSecurityRealm {
+    public final String commandLine;
+
+    @DataBoundConstructor
+    public ScriptSecurityRealm(String commandLine) {
+        this.commandLine = commandLine;
+    }
+
+    protected UserDetails authenticate(String username, String password) throws AuthenticationException {
+        try {
+            StringWriter out = new StringWriter();
+            LocalLauncher launcher = new LocalLauncher(new StreamTaskListener(out));
+            if (launcher.launch().cmds(QuotedStringTokenizer.tokenize(commandLine))
+                    .envs("U="+username,"P="+password).join()!=0)
+                throw new BadCredentialsException(out.toString());
+
+            return new User(username,"",true,true,true,true,new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
+        } catch (InterruptedException e) {
+            throw new AuthenticationServiceException("Interrupted",e);
+        } catch (IOException e) {
+            throw new AuthenticationServiceException("Failed",e);
+        }
+    }
+
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
+        return new User(username,"",true,true,true,true,new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
+    }
+
+    @Override
+    public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException {
+        throw new UsernameNotFoundException(groupname);
+    }
+
+    @Extension
+    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
+        public String getDisplayName() {
+            return "Authenticate via custom script";
+        }
+    }
+}

src/main/resources/hudson/plugins/script_realm/ScriptSecurityRealm/config.jelly

@@ -0,0 +1,28 @@
+<!--
+The MIT License
+
+Copyright (c) 2004-2009, Sun Microsystems, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+-->
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
+  <f:entry title="${%Command}">
+    <f:textbox field="commandLine" />
+  </f:entry>
+</j:jelly>

src/main/resources/hudson/plugins/script_realm/ScriptSecurityRealm/help.html

@@ -0,0 +1,14 @@
+<div>
+  Delegates the authentication to a custom script. This is useful if you need to plug into
+  a custom authentication scheme, but don't want to write your own plugin.
+
+  <p>
+  Each time the authentication is attemped,
+  the specified script will be invoked with the username in the 'U' environment variable
+  and the password in the 'P' environment variable. If the script returns exit code 0,
+  the authentication is considered successful, and otherwise failure.
+
+  <p>
+  In case of the failure, the output from the process will be reported in the exception message.
+  This security realm has no concept of 'groups'.
+</div>

src/main/resources/index.jelly

@@ -0,0 +1,3 @@
+<div>
+  This plugin adds authentication via user-defined script.
+</div>