Better for SecurityListener.authenticated to take a UserDetails, since some...

Better for SecurityListener.authenticated to take a UserDetails, since some implementations (as for AD) may have additional information.

Better for SecurityListener.authenticated to take a UserDetails, since some...
Better for SecurityListener.authenticated to take a UserDetails, since some implementations (as for AD) may have additional information.
dbdcaabc · Jesse Glick · 7ef5f938 · dbdcaabc · dbdcaabc
2 changed file
--- a/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java
+++ b/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java
@@ -7,15 +7,12 @@ import hudson.remoting.Callable;
 import hudson.util.spring.BeanBuilder;
 import java.io.Console;
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
 import jenkins.model.Jenkins;
 import jenkins.security.SecurityListener;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
 import org.acegisecurity.userdetails.UserDetails;
@@ -113,13 +110,7 @@ public abstract class AbstractPasswordBasedSecurityRealm extends SecurityRealm i
    private UserDetails doAuthenticate(String username, String password) throws AuthenticationException {
        try {
            UserDetails user = authenticate(username, password);
-            List<String> groups = new ArrayList<String>();
+            SecurityListener.fireAuthenticated(user);
-            for (GrantedAuthority auth : user.getAuthorities()) {
-                if (!auth.equals(AUTHENTICATED_AUTHORITY)) {
-                    groups.add(auth.getAuthority());
-                }
-            }
-            SecurityListener.fireAuthenticated(user.getUsername(), groups);
            return user;
        } catch (AuthenticationException x) {
            SecurityListener.fireFailedToAuthenticate(username);

--- a/core/src/main/java/jenkins/security/SecurityListener.java
+++ b/core/src/main/java/jenkins/security/SecurityListener.java
@@ -26,11 +26,15 @@ package jenkins.security;
 import hudson.ExtensionPoint;
 import hudson.security.AbstractPasswordBasedSecurityRealm;
+import hudson.security.SecurityRealm;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nonnull;
 import jenkins.model.Jenkins;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.userdetails.UserDetails;
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
@@ -46,10 +50,9 @@ public abstract class SecurityListener implements ExtensionPoint {
     * Fired when a user was successfully authenticated by password.
     * This might be via the web UI, or via REST (not with an API token) or CLI (not with an SSH key).
     * Only {@link AbstractPasswordBasedSecurityRealm}s are considered.
-     * @param username the user
+     * @param details details of the newly authenticated user, such as name and groups
-     * @param groups the names of any groups the user belongs to (not counting {@code authenticated})
     */
-    protected abstract void authenticated(@Nonnull String username, @Nonnull List<String> groups);
+    protected abstract void authenticated(@Nonnull UserDetails details);
    /**
     * Fired when a user tried to authenticate by password but failed.
@@ -85,10 +88,18 @@ public abstract class SecurityListener implements ExtensionPoint {
    // TODO event for CAPTCHA failure
    @Restricted(NoExternalUse.class)
-    public static void fireAuthenticated(@Nonnull String username, @Nonnull List<String> groups) {
+    public static void fireAuthenticated(@Nonnull UserDetails details) {
-        LOGGER.log(Level.FINE, "authenticated: {0} {1}", new Object[] {username, groups});
+        if (LOGGER.isLoggable(Level.FINE)) {
+            List<String> groups = new ArrayList<String>();
+            for (GrantedAuthority auth : details.getAuthorities()) {
+                if (!auth.equals(SecurityRealm.AUTHENTICATED_AUTHORITY)) {
+                    groups.add(auth.getAuthority());
+                }
+            }
+            LOGGER.log(Level.FINE, "authenticated: {0} {1}", new Object[] {details.getUsername(), groups});
+        }
        for (SecurityListener l : all()) {
-            l.authenticated(username, groups);
+            l.authenticated(details);
        }
    }