Class LegacySecurityRealm

  • All Implemented Interfaces:
    ExtensionPoint, Describable<SecurityRealm>, org.springframework.security.authentication.AuthenticationManager

    public final class LegacySecurityRealm
    extends SecurityRealm
    implements org.springframework.security.authentication.AuthenticationManager
    SecurityRealm that accepts ContainerAuthentication object without any check (that is, by assuming that the such token is already authenticated by the container.)
    Author:
    Kohsuke Kawaguchi
    • Field Detail

      • DESCRIPTOR

        @Deprecated
        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        public static Descriptor<SecurityRealm> DESCRIPTOR
        Deprecated.
        as of 2.0 Don't use this field, use injection.
    • Constructor Detail

      • LegacySecurityRealm

        @DataBoundConstructor
        public LegacySecurityRealm()
    • Method Detail

      • createSecurityComponents

        public SecurityRealm.SecurityComponents createSecurityComponents()
        Description copied from class: SecurityRealm
        Creates fully-configured AuthenticationManager that performs authentication against the user realm. The implementation hides how such authentication manager is configured.

        AuthenticationManager instantiation often depends on the user-specified parameters (for example, if the authentication is based on LDAP, the user needs to specify the host name of the LDAP server.) Such configuration is expected to be presented to the user via config.jelly and then captured as instance variables inside the SecurityRealm implementation.

        Your SecurityRealm may also wants to alter Filter set up by overriding SecurityRealm.createFilter(FilterConfig).

        Specified by:
        createSecurityComponents in class SecurityRealm
      • authenticate

        public org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication)
                                                                      throws org.springframework.security.core.AuthenticationException
        Specified by:
        authenticate in interface org.springframework.security.authentication.AuthenticationManager
        Throws:
        org.springframework.security.core.AuthenticationException
      • getLoginUrl

        public String getLoginUrl()
        Description copied from class: SecurityRealm
        Gets the target URL of the "login" link. There's no need to override this, except for LegacySecurityRealm. On legacy implementation this should point to loginEntry, which is protected by web.xml, so that the user can be eventually authenticated by the container.

        Path is relative from the context root of the Hudson application. The URL returned by this method will get the "from" query parameter indicating the page that the user was at.

        Overrides:
        getLoginUrl in class SecurityRealm
      • createFilter

        public javax.servlet.Filter createFilter​(javax.servlet.FilterConfig filterConfig)
        Description copied from class: SecurityRealm
        Creates Filter that all the incoming HTTP requests will go through for authentication.

        The default implementation uses SecurityRealm.getSecurityComponents() and builds a standard filter chain. But subclasses can override this to completely change the filter sequence.

        For other plugins that want to contribute Filter, see PluginServletFilter.

        Overrides:
        createFilter in class SecurityRealm