ActiveDirectorySecurityRealm (Active Directory plugin 1.31-h3 API)

java.lang.Object
- hudson.model.AbstractDescribableImpl<hudson.security.SecurityRealm>
- - hudson.security.SecurityRealm
  - - hudson.security.AbstractPasswordBasedSecurityRealm
    - - hudson.plugins.active_directory.ActiveDirectorySecurityRealm

All Implemented Interfaces:

hudson.ExtensionPoint, hudson.model.Describable<hudson.security.SecurityRealm>, org.springframework.security.core.userdetails.UserDetailsService
```
public class ActiveDirectorySecurityRealm
extends hudson.security.AbstractPasswordBasedSecurityRealm
```
SecurityRealm that talks to Active Directory.

Author:

Kohsuke Kawaguchi

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class ActiveDirectorySecurityRealm.DesciprotrImpl
- Nested classes/interfaces inherited from class hudson.security.SecurityRealm
  hudson.security.SecurityRealm.SecurityComponents
- Nested classes/interfaces inherited from interface hudson.ExtensionPoint
  hudson.ExtensionPoint.LegacyInstancesAreScopedToHudson

Nested Classes
Modifier and Type	Class and Description
`static class`	`ActiveDirectorySecurityRealm.DesciprotrImpl`

Field Summary

Fields
Modifier and Type	Field and Description
`String`	`bindName` If non-null, use this name and password to bind to LDAP to obtain the DN of the user trying to login.
`hudson.util.Secret`	`bindPassword`
`String`	`domain` Active directory domain name to authenticate against.
`static String`	`DOMAIN_CONTROLLERS` Deprecated. as of 1.28 Use the UI field.
`static boolean`	`FORCE_LDAPS` Instead of LDAP+TLS upgrade, start right away with LDAPS.
`String`	`server` If non-null, Jenkins will try to connect at this server at the first priority, before falling back to discovered DNS servers.
`String`	`site` Active directory site (which specifies the physical concentration of the servers), if any.

Fields inherited from class hudson.security.SecurityRealm
AUTHENTICATED_AUTHORITY, LIST, NO_AUTHENTICATION

Constructor Summary

Constructors
Constructor and Description
`ActiveDirectorySecurityRealm(String domain, String site, String bindName, String bindPassword, String server)`

Method Summary

Methods
Modifier and Type	Method and Description
`protected org.springframework.security.core.userdetails.UserDetails`	`authenticate(String username, String password)`
`hudson.security.SecurityRealm.SecurityComponents`	`createSecurityComponents()`
`void`	`doAuthTest(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp, String username, String password)` Authentication test.
`AbstractActiveDirectoryAuthenticationProvider`	`getAuthenticationProvider()` Interface that actually talks to Active Directory.
`ActiveDirectorySecurityRealm.DesciprotrImpl`	`getDescriptor()`
`hudson.security.GroupDetails`	`loadGroupByGroupname(String groupname)`
`org.springframework.security.core.userdetails.UserDetails`	`loadUserByUsername(String username)`

Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm
createCliAuthenticator, doAuthenticate

Methods inherited from class hudson.security.SecurityRealm
all, allowsSignup, canLogOut, commenceSignup, createFilter, doCaptcha, doLogout, findBean, getAuthenticationGatewayUrl, getCaptchaSupport, getCaptchaSupportDescriptors, getCommonFilters, getLoginUrl, getPostLogOutUrl, getSecurityComponents, setCaptchaSupport, validateCaptcha

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - domain
```
public final String domain
```
    Active directory domain name to authenticate against.
    When this plugin is used on Windows, this field is null, and we use ADSI and ADO through com4j to perform authentication.
    OTOH, when this plugin runs on non-Windows, this field must be non-null, and we'll use LDAP for authentication.
  - site
```
public final String site
```
    Active directory site (which specifies the physical concentration of the servers), if any. If the value is non-null, we'll only contact servers in this site.
    On Windows, I'm assuming ADSI takes care of everything automatically.
  - bindName
```
public final String bindName
```
    If non-null, use this name and password to bind to LDAP to obtain the DN of the user trying to login. This is unnecessary in a single-domain mode, where we can just bind with the user name and password provided during the login, but in a forest mode, without some known credential, we cannot figure out which domain in the forest the user belongs to.
  - bindPassword
```
public final hudson.util.Secret bindPassword
```
  - server
```
public final String server
```
    If non-null, Jenkins will try to connect at this server at the first priority, before falling back to discovered DNS servers.
  - DOMAIN_CONTROLLERS
```
public static String DOMAIN_CONTROLLERS
```
    Deprecated. as of 1.28 Use the UI field.
    
    If non-null, this value specifies the domain controllers and overrides all the lookups. The format is "host:port,host:port,..."
  - FORCE_LDAPS
```
public static boolean FORCE_LDAPS
```
    Instead of LDAP+TLS upgrade, start right away with LDAPS. For the time being I'm trying not to expose this to users. I don't see why any AD shouldn't support TLS upgrade if it's got the certificate. One legitimate use case is when the domain controller is Windows 2000, which doesn't support TLS (according to http://support.microsoft.com/kb/321051).
- Constructor Detail
  - ActiveDirectorySecurityRealm
```
@DataBoundConstructor
public ActiveDirectorySecurityRealm(String domain,
                                                 String site,
                                                 String bindName,
                                                 String bindPassword,
                                                 String server)
```
- Method Detail
  - createSecurityComponents
```
public hudson.security.SecurityRealm.SecurityComponents createSecurityComponents()
```
    Overrides:
    
    createSecurityComponents in class hudson.security.AbstractPasswordBasedSecurityRealm
  - getDescriptor
```
public ActiveDirectorySecurityRealm.DesciprotrImpl getDescriptor()
```
    Specified by:
    
    getDescriptor in interface hudson.model.Describable<hudson.security.SecurityRealm>
    
    Overrides:
    
    getDescriptor in class hudson.security.SecurityRealm
  - doAuthTest
```
public void doAuthTest(org.kohsuke.stapler.StaplerRequest req,
              org.kohsuke.stapler.StaplerResponse rsp,
              @QueryParameter
              String username,
              @QueryParameter
              String password)
                throws IOException,
                       javax.servlet.ServletException
```
    Authentication test.
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - loadGroupByGroupname
```
public hudson.security.GroupDetails loadGroupByGroupname(String groupname)
                                                  throws org.springframework.security.core.userdetails.UsernameNotFoundException,
                                                         org.springframework.dao.DataAccessException
```
    Specified by:
    
    loadGroupByGroupname in class hudson.security.AbstractPasswordBasedSecurityRealm
    
    Throws:
    
    org.springframework.security.core.userdetails.UsernameNotFoundException
    
    org.springframework.dao.DataAccessException
  - getAuthenticationProvider
```
public AbstractActiveDirectoryAuthenticationProvider getAuthenticationProvider()
```
    Interface that actually talks to Active Directory.
  - loadUserByUsername
```
public org.springframework.security.core.userdetails.UserDetails loadUserByUsername(String username)
                                                                             throws org.springframework.security.core.userdetails.UsernameNotFoundException,
                                                                                    org.springframework.dao.DataAccessException
```
    Specified by:
    
    loadUserByUsername in interface org.springframework.security.core.userdetails.UserDetailsService
    
    Specified by:
    
    loadUserByUsername in class hudson.security.AbstractPasswordBasedSecurityRealm
    
    Throws:
    
    org.springframework.security.core.userdetails.UsernameNotFoundException
    
    org.springframework.dao.DataAccessException
  - authenticate
```
protected org.springframework.security.core.userdetails.UserDetails authenticate(String username,
                                                                     String password)
                                                                          throws org.springframework.security.core.AuthenticationException
```
    Specified by:
    
    authenticate in class hudson.security.AbstractPasswordBasedSecurityRealm
    
    Throws:
    
    org.springframework.security.core.AuthenticationException

Class ActiveDirectorySecurityRealm

Nested Class Summary

Nested classes/interfaces inherited from class hudson.security.SecurityRealm

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

Field Summary

Fields inherited from class hudson.security.SecurityRealm

Constructor Summary

Method Summary

Methods inherited from class hudson.security.AbstractPasswordBasedSecurityRealm

Methods inherited from class hudson.security.SecurityRealm

Methods inherited from class java.lang.Object

Field Detail

domain

site

bindName

bindPassword

server

DOMAIN_CONTROLLERS

FORCE_LDAPS

Constructor Detail

ActiveDirectorySecurityRealm

Method Detail

createSecurityComponents

getDescriptor

doAuthTest

loadGroupByGroupname

getAuthenticationProvider

loadUserByUsername

authenticate