PageRenderTime 6ms CodeModel.GetById 1ms app.highlight 2ms RepoModel.GetById 1ms app.codeStats 0ms

/hudson-core/src/main/java/hudson/security/CliAuthenticator.java

http://github.com/hudson/hudson
Java | 94 lines | 12 code | 3 blank | 79 comment | 0 complexity | 257e4a1c93132d43b30ba2ef2732d0ca MD5 | raw file
 1/*
 2 * The MIT License
 3 *
 4 * Copyright (c) 2004-2010, Oracle Corporation
 5 *
 6 * Permission is hereby granted, free of charge, to any person obtaining a copy
 7 * of this software and associated documentation files (the "Software"), to deal
 8 * in the Software without restriction, including without limitation the rights
 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24package hudson.security;
25
26import hudson.cli.CLICommand;
27import hudson.model.Hudson;
28import org.acegisecurity.Authentication;
29import org.acegisecurity.AuthenticationException;
30import org.kohsuke.args4j.Argument;
31import org.kohsuke.args4j.CmdLineParser;
32import org.kohsuke.args4j.Option;
33
34import java.io.IOException;
35
36/**
37 * Handles authentication for CLI commands.
38 *
39 * <p>
40 * {@link CliAuthenticator} is used to authenticate an invocation of the CLI command, so that
41 * the thread carries the correct {@link Authentication} that represents the user who's invoking the command.
42 *
43 * <h2>Lifecycle</h2>
44 * <p>
45 * Each time a CLI command is invoked, {@link SecurityRealm#createCliAuthenticator(CLICommand)} is called
46 * to allocate a fresh {@link CliAuthenticator} object.
47 *
48 * <p>
49 * The {@link Option} and {@link Argument} annotations on the returned {@link CliAuthenticator} instance are
50 * scanned and added into the {@link CmdLineParser}, then that parser is used to parse command line arguments.
51 * This means subtypes can define fields/setters with those annotations to define authentication-specific options
52 * to CLI commands.
53 *
54 * <p>
55 * Once the arguments and options are parsed and populated, {@link #authenticate()} method is called to
56 * perform the authentications. If the authentication succeeds, this method returns an {@link Authentication}
57 * instance that represents the user. If the authentication fails, this method throws {@link AuthenticationException}.
58 * To authenticate, the method can use parsed argument/option values, as well as interacting with the client
59 * via {@link CLICommand} by using its stdin/stdout and its channel (for example, if you want to interactively prompt
60 * a password, you can do so by using {@link CLICommand#channel}.)
61 *
62 * <p>
63 * If no explicit credential is provided, or if the {@link SecurityRealm} depends on a mode of authentication
64 * that doesn't involve in explicit password (such as Kerberos), it's also often useful to fall back to
65 * {@link CLICommand#getTransportAuthentication()}, in case the user is authenticated at the transport level.
66 *
67 * <p>
68 * Many commands do not require any authentication (for example, the "help" command), and still more commands
69 * can be run successfully with the anonymous permission. So the authenticator should normally allow unauthenticated
70 * CLI command invocations. For those, return {@link Hudson#ANONYMOUS} from the {@link #authenticate()} method.
71 *
72 * <h2>Example</h2>
73 * <p>
74 * For a complete example, see the implementation of
75 * {@link AbstractPasswordBasedSecurityRealm#createCliAuthenticator(CLICommand)}
76 *
77 * @author Kohsuke Kawaguchi
78 * @since 1.350
79 */
80public abstract class CliAuthenticator {
81    /**
82     * Authenticates the CLI invocation. See class javadoc for the semantics.
83     *
84     * @throws AuthenticationException
85     *      If the authentication failed and hence the processing shouldn't proceed.
86     * @throws IOException
87     *      Can be thrown if the {@link CliAuthenticator} fails to interact with the client.
88     *      This exception is treated as a failure of authentication. It's just that allowing this
89     *      would often simplify the callee.
90     * @throws InterruptedException
91     *      Same motivation as {@link IOException}. Treated as an authentication failure. 
92     */
93    public abstract Authentication authenticate() throws AuthenticationException, IOException, InterruptedException;
94}