/hudson-core/src/main/java/hudson/security/CliAuthenticator.java

http://github.com/hudson/hudson · Java · 94 lines · 12 code · 3 blank · 79 comment · 0 complexity · 257e4a1c93132d43b30ba2ef2732d0ca MD5 · raw file 

    

  1. /*
    2. 

  2.  * The MIT License
    3. 

  3.  *
    4. 

  4.  * Copyright (c) 2004-2010, Oracle Corporation
    5. 

  5.  *
    6. 

  6.  * Permission is hereby granted, free of charge, to any person obtaining a copy
    7. 

  7.  * of this software and associated documentation files (the "Software"), to deal
    8. 

  8.  * in the Software without restriction, including without limitation the rights
    9. 

  9.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    10. 

  10.  * copies of the Software, and to permit persons to whom the Software is
    11. 

  11.  * furnished to do so, subject to the following conditions:
    12. 

  12.  *
    13. 

  13.  * The above copyright notice and this permission notice shall be included in
    14. 

  14.  * all copies or substantial portions of the Software.
    15. 

  15.  *
    16. 

  16.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    17. 

  17.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    18. 

  18.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    19. 

  19.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    20. 

  20.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    21. 

  21.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    22. 

  22.  * THE SOFTWARE.
    23. 

  23.  */
    24. 

  24. package hudson.security;
    25. 

  25. 

  26. import hudson.cli.CLICommand;
    27. 

  27. import hudson.model.Hudson;
    28. 

  28. import org.acegisecurity.Authentication;
    29. 

  29. import org.acegisecurity.AuthenticationException;
    30. 

  30. import org.kohsuke.args4j.Argument;
    31. 

  31. import org.kohsuke.args4j.CmdLineParser;
    32. 

  32. import org.kohsuke.args4j.Option;
    33. 

  33. 

  34. import java.io.IOException;
    35. 

  35. 

  36. /**
    37. 

  37.  * Handles authentication for CLI commands.
    38. 

  38.  *
    39. 

  39.  * <p>
    40. 

  40.  * {@link CliAuthenticator} is used to authenticate an invocation of the CLI command, so that
    41. 

  41.  * the thread carries the correct {@link Authentication} that represents the user who's invoking the command.
    42. 

  42.  *
    43. 

  43.  * <h2>Lifecycle</h2>
    44. 

  44.  * <p>
    45. 

  45.  * Each time a CLI command is invoked, {@link SecurityRealm#createCliAuthenticator(CLICommand)} is called
    46. 

  46.  * to allocate a fresh {@link CliAuthenticator} object.
    47. 

  47.  *
    48. 

  48.  * <p>
    49. 

  49.  * The {@link Option} and {@link Argument} annotations on the returned {@link CliAuthenticator} instance are
    50. 

  50.  * scanned and added into the {@link CmdLineParser}, then that parser is used to parse command line arguments.
    51. 

  51.  * This means subtypes can define fields/setters with those annotations to define authentication-specific options
    52. 

  52.  * to CLI commands.
    53. 

  53.  *
    54. 

  54.  * <p>
    55. 

  55.  * Once the arguments and options are parsed and populated, {@link #authenticate()} method is called to
    56. 

  56.  * perform the authentications. If the authentication succeeds, this method returns an {@link Authentication}
    57. 

  57.  * instance that represents the user. If the authentication fails, this method throws {@link AuthenticationException}.
    58. 

  58.  * To authenticate, the method can use parsed argument/option values, as well as interacting with the client
    59. 

  59.  * via {@link CLICommand} by using its stdin/stdout and its channel (for example, if you want to interactively prompt
    60. 

  60.  * a password, you can do so by using {@link CLICommand#channel}.)
    61. 

  61.  *
    62. 

  62.  * <p>
    63. 

  63.  * If no explicit credential is provided, or if the {@link SecurityRealm} depends on a mode of authentication
    64. 

  64.  * that doesn't involve in explicit password (such as Kerberos), it's also often useful to fall back to
    65. 

  65.  * {@link CLICommand#getTransportAuthentication()}, in case the user is authenticated at the transport level.
    66. 

  66.  *
    67. 

  67.  * <p>
    68. 

  68.  * Many commands do not require any authentication (for example, the "help" command), and still more commands
    69. 

  69.  * can be run successfully with the anonymous permission. So the authenticator should normally allow unauthenticated
    70. 

  70.  * CLI command invocations. For those, return {@link Hudson#ANONYMOUS} from the {@link #authenticate()} method.
    71. 

  71.  *
    72. 

  72.  * <h2>Example</h2>
    73. 

  73.  * <p>
    74. 

  74.  * For a complete example, see the implementation of
    75. 

  75.  * {@link AbstractPasswordBasedSecurityRealm#createCliAuthenticator(CLICommand)}
    76. 

  76.  *
    77. 

  77.  * @author Kohsuke Kawaguchi
    78. 

  78.  * @since 1.350
    79. 

  79.  */
    80. 

  80. public abstract class CliAuthenticator {
    81. 

  81.     /**
    82. 

  82.      * Authenticates the CLI invocation. See class javadoc for the semantics.
    83. 

  83.      *
    84. 

  84.      * @throws AuthenticationException
    85. 

  85.      *      If the authentication failed and hence the processing shouldn't proceed.
    86. 

  86.      * @throws IOException
    87. 

  87.      *      Can be thrown if the {@link CliAuthenticator} fails to interact with the client.
    88. 

  88.      *      This exception is treated as a failure of authentication. It's just that allowing this
    89. 

  89.      *      would often simplify the callee.
    90. 

  90.      * @throws InterruptedException
    91. 

  91.      *      Same motivation as {@link IOException}. Treated as an authentication failure. 
    92. 

  92.      */
    93. 

  93.     public abstract Authentication authenticate() throws AuthenticationException, IOException, InterruptedException;
    94. 

  94. }
    95.