Examples of hudson.security.CliAuthenticator

• hudson.security.CliAuthenticator
  Handles authentication for CLI commands.

  {@link CliAuthenticator} is used to authenticate an invocation of the CLI command, so thatthe thread carries the correct {@link Authentication} that represents the user who's invoking the command.

  Lifecycle

  Each time a CLI command is invoked, {@link SecurityRealm#createCliAuthenticator(CLICommand)} is calledto allocate a fresh {@link CliAuthenticator} object.

  The {@link Option} and {@link Argument} annotations on the returned {@link CliAuthenticator} instance arescanned and added into the {@link CmdLineParser}, then that parser is used to parse command line arguments. This means subtypes can define fields/setters with those annotations to define authentication-specific options to CLI commands.

  Once the arguments and options are parsed and populated, {@link #authenticate()} method is called toperform the authentications. If the authentication succeeds, this method returns an {@link Authentication}instance that represents the user. If the authentication fails, this method throws {@link AuthenticationException}. To authenticate, the method can use parsed argument/option values, as well as interacting with the client via {@link CLICommand} by using its stdin/stdout and its channel (for example, if you want to interactively prompta password, you can do so by using {@link CLICommand#channel}.)

  If no explicit credential is provided, or if the {@link SecurityRealm} depends on a mode of authenticationthat doesn't involve in explicit password (such as Kerberos), it's also often useful to fall back to {@link CLICommand#getTransportAuthentication()}, in case the user is authenticated at the transport level.

  Many commands do not require any authentication (for example, the "help" command), and still more commands can be run successfully with the anonymous permission. So the authenticator should normally allow unauthenticated CLI command invocations. For those, return {@link jenkins.model.Jenkins#ANONYMOUS} from the {@link #authenticate()} method.

  Example

  For a complete example, see the implementation of {@link AbstractPasswordBasedSecurityRealm#createCliAuthenticator(CLICommand)} @author Kohsuke Kawaguchi @since 1.350

        // add options from the authenticator
        SecurityContext sc = SecurityContextHolder.getContext();
        Authentication old = sc.getAuthentication();

        CliAuthenticator authenticator = Jenkins.getInstance().getSecurityRealm().createCliAuthenticator(this);
        new ClassParser().parse(authenticator,p);

        try {
            p.parseArgument(args.toArray(new String[args.size()]));
            Authentication auth = authenticator.authenticate();
            if (auth==Jenkins.ANONYMOUS)
                auth = loadStoredAuthentication();
            sc.setAuthentication(auth); // run the CLI with the right credential
            if (!(this instanceof LoginCommand || this instanceof HelpCommand))
                Jenkins.getInstance().checkPermission(Jenkins.READ);

                                    while (!chains.isEmpty())
                                        binders.add(new MethodBinder(chains.pop(),this,parser));

                                    // authentication
                                    CliAuthenticator authenticator = Jenkins.getInstance().getSecurityRealm().createCliAuthenticator(this);
                                    new ClassParser().parse(authenticator,parser);

                                    // fill up all the binders
                                    parser.parseArgument(args);

                                    Authentication auth = authenticator.authenticate();
                                    if (auth== Jenkins.ANONYMOUS)
                                        auth = loadStoredAuthentication();
                                    sc.setAuthentication(auth); // run the CLI with the right credential
                                    hudson.checkPermission(Jenkins.READ);

        // add options from the authenticator
        SecurityContext sc = SecurityContextHolder.getContext();
        Authentication old = sc.getAuthentication();

        CliAuthenticator authenticator = Hudson.getInstance().getSecurityRealm().createCliAuthenticator(this);
        new ClassParser().parse(authenticator,p);

        try {
            p.parseArgument(args.toArray(new String[args.size()]));
            Authentication auth = authenticator.authenticate();
            if (auth==Hudson.ANONYMOUS)
                auth = loadStoredAuthentication();
            sc.setAuthentication(auth); // run the CLI with the right credential
            if (!(this instanceof LoginCommand || this instanceof HelpCommand))
                Hudson.getInstance().checkPermission(Hudson.READ);

                                    while (!chains.isEmpty())
                                        binders.add(new MethodBinder(chains.pop(),parser));

                                    // authentication
                                    CliAuthenticator authenticator = Hudson.getInstance().getSecurityRealm().createCliAuthenticator(this);
                                    new ClassParser().parse(authenticator,parser);

                                    // fill up all the binders
                                    parser.parseArgument(args);

                                    Authentication auth = authenticator.authenticate();
                                    if (auth==Hudson.ANONYMOUS)
                                        auth = loadStoredAuthentication();
                                    sc.setAuthentication(auth); // run the CLI with the right credential
                                    hudson.checkPermission(Hudson.READ);