Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
a43086e7
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a43086e7
编写于
1月 05, 2011
作者:
K
Kohsuke Kawaguchi
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
unclaimed identity should commence a signup sequence
上级
26e5dbd7
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
146 addition
and
5 deletion
+146
-5
core/src/main/java/hudson/security/FederatedLoginService.java
.../src/main/java/hudson/security/FederatedLoginService.java
+56
-4
core/src/main/java/hudson/security/FederatedLoginServiceUserProperty.java
...va/hudson/security/FederatedLoginServiceUserProperty.java
+24
-1
core/src/main/java/hudson/security/SecurityRealm.java
core/src/main/java/hudson/security/SecurityRealm.java
+24
-0
core/src/main/resources/hudson/security/FederatedLoginService/UnclaimedIdentityException/error.jelly
...eratedLoginService/UnclaimedIdentityException/error.jelly
+36
-0
core/src/main/resources/hudson/security/FederatedLoginService/UnclaimedIdentityException/error.properties
...dLoginService/UnclaimedIdentityException/error.properties
+6
-0
未找到文件。
core/src/main/java/hudson/security/FederatedLoginService.java
浏览文件 @
a43086e7
/*
* The MIT License
*
* Copyright (c) 2010, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
hudson.security
;
import
hudson.ExtensionList
;
...
...
@@ -8,7 +31,11 @@ import hudson.model.UserProperty;
import
org.acegisecurity.context.SecurityContextHolder
;
import
org.acegisecurity.providers.UsernamePasswordAuthenticationToken
;
import
org.acegisecurity.userdetails.UserDetails
;
import
org.kohsuke.stapler.HttpResponse
;
import
org.kohsuke.stapler.StaplerRequest
;
import
org.kohsuke.stapler.StaplerResponse
;
import
javax.servlet.ServletException
;
import
java.io.IOException
;
/**
...
...
@@ -61,7 +88,7 @@ import java.io.IOException;
* "/federatedLoginService/openid" as the URL.
*
* @author Kohsuke Kawaguchi
* @since 1.39
3
* @since 1.39
4
*/
public
abstract
class
FederatedLoginService
implements
ExtensionPoint
{
/**
...
...
@@ -113,6 +140,12 @@ public abstract class FederatedLoginService implements ExtensionPoint {
*/
public
abstract
String
getEmailAddress
();
/**
* Returns a human-readable pronoun that describes this kind of identifier.
* This is used for rendering UI. For example, "OpenID", "Twitter ID", etc.
*/
public
abstract
String
getPronoun
();
/**
* Locates the user who owns this identifier.
*/
...
...
@@ -136,7 +169,9 @@ public abstract class FederatedLoginService implements ExtensionPoint {
* the current session. IOW, it signs in the user.
*
* @throws UnclaimedIdentityException
* If this identifier is not claimed by anyone.
* If this identifier is not claimed by anyone. If you just let this exception propagate
* to the caller of your "doXyz" method, it will either render an error page or initiate
* a user registration session (provided that {@link SecurityRealm} supports that.)
*/
public
final
void
signin
()
throws
UnclaimedIdentityException
{
User
u
=
locateUser
();
...
...
@@ -148,7 +183,7 @@ public abstract class FederatedLoginService implements ExtensionPoint {
token
.
setDetails
(
d
);
SecurityContextHolder
.
getContext
().
setAuthentication
(
token
);
}
else
{
//
unassociated identity
//
Unassociated identity.
throw
new
UnclaimedIdentityException
(
this
);
}
}
...
...
@@ -179,11 +214,28 @@ public abstract class FederatedLoginService implements ExtensionPoint {
}
}
public
static
class
UnclaimedIdentityException
extends
Exception
{
public
static
class
UnclaimedIdentityException
extends
Exception
implements
HttpResponse
{
public
final
FederatedIdentity
identity
;
public
UnclaimedIdentityException
(
FederatedIdentity
identity
)
{
this
.
identity
=
identity
;
}
public
void
generateResponse
(
StaplerRequest
req
,
StaplerResponse
rsp
,
Object
node
)
throws
IOException
,
ServletException
{
SecurityRealm
sr
=
Hudson
.
getInstance
().
getSecurityRealm
();
if
(
sr
.
allowsSignup
())
{
try
{
sr
.
commenceSignup
(
identity
).
generateResponse
(
req
,
rsp
,
node
);
return
;
}
catch
(
UnsupportedOperationException
e
)
{
// fall through
}
}
// this security realm doesn't support user registration.
// just report an error
req
.
getView
(
this
,
"error"
).
forward
(
req
,
rsp
);
}
}
public
static
ExtensionList
<
FederatedLoginService
>
all
()
{
...
...
core/src/main/java/hudson/security/FederatedLoginServiceUserProperty.java
浏览文件 @
a43086e7
/*
* The MIT License
*
* Copyright (c) 2010, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
hudson.security
;
import
hudson.model.UserProperty
;
...
...
@@ -11,7 +34,7 @@ import java.util.Set;
/**
*
* @author Kohsuke Kawaguchi
* @since 1.39
3
* @since 1.39
4
* @see FederatedLoginService
*/
public
class
FederatedLoginServiceUserProperty
extends
UserProperty
{
...
...
core/src/main/java/hudson/security/SecurityRealm.java
浏览文件 @
a43086e7
...
...
@@ -33,6 +33,7 @@ import hudson.cli.CLICommand;
import
hudson.model.AbstractDescribableImpl
;
import
hudson.model.Descriptor
;
import
hudson.model.Hudson
;
import
hudson.security.FederatedLoginService.FederatedIdentity
;
import
hudson.util.DescriptorList
;
import
hudson.util.PluginServletFilter
;
import
hudson.util.spring.BeanBuilder
;
...
...
@@ -47,6 +48,7 @@ import static org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.ACEGI
import
org.acegisecurity.userdetails.UserDetailsService
;
import
org.acegisecurity.userdetails.UserDetails
;
import
org.acegisecurity.userdetails.UsernameNotFoundException
;
import
org.kohsuke.stapler.HttpResponse
;
import
org.kohsuke.stapler.Stapler
;
import
org.kohsuke.stapler.StaplerRequest
;
import
org.kohsuke.stapler.StaplerResponse
;
...
...
@@ -299,6 +301,28 @@ public abstract class SecurityRealm extends AbstractDescribableImpl<SecurityReal
throw
new
UserMayOrMayNotExistException
(
groupname
);
}
/**
* Starts the user registration process for a new user that has the given verified identity.
*
* <p>
* If the user logs in through a {@link FederatedLoginService}, verified that the current user
* owns an {@linkplain FederatedIdentity identity}, but no existing user account has claimed that identity,
* then this method is invoked.
*
* <p>
* The expected behaviour is to confirm that the user would like to create a new account, and
* associate this federated identity to the newly created account (via {@link FederatedIdentity#addToCurrentUser()}.
*
* @throws UnsupportedOperationException
* If this implementation doesn't support the signup through this mechanism.
* This is the default implementation.
*
* @since 1.394
*/
public
HttpResponse
commenceSignup
(
FederatedIdentity
identity
)
{
throw
new
UnsupportedOperationException
();
}
/**
* {@link DefaultManageableImageCaptchaService} holder to defer initialization.
*/
...
...
core/src/main/resources/hudson/security/FederatedLoginService/UnclaimedIdentityException/error.jelly
0 → 100644
浏览文件 @
a43086e7
<!--
The MIT License
Copyright (c) 2010, CloudBees, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-->
<!--
This is used to create the first user.
-->
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<st:statusCode value="403" />
<l:layout title="${%loginError(it.identifier.pronoun)}">
<l:main-panel>
<h1>${%loginError(it.identifier.pronoun)}</h1>
<p>${%blurb(it.identifier.pronoun, it.identifier.identifier)}</p>
</l:main-panel>
</l:layout>
</j:jelly>
\ No newline at end of file
core/src/main/resources/hudson/security/FederatedLoginService/UnclaimedIdentityException/error.properties
0 → 100644
浏览文件 @
a43086e7
loginError
=
Login Error: unassociated {0}
blurb
=
{0} "{1}" is not associated with any of the Hudson user account.
\
Note that if you already have a user account and is trying to associate a {0} with your account,
\
this is a wrong place. To do so, <ol><li>Login <li>Click on your name <li>Click on the "Configure" link, and
\
then <li>associate a new {0} from that page</ol>
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录