public FormValidation doTest() {
try {
String message = NativeUtils.getInstance().checkPamAuthentication();
if (message.startsWith("Error:")) {
return FormValidation.error(message.replaceFirst("Error:", ""));
} else {
return FormValidation.ok(message);
}
} catch (NativeAccessException exc) {
return FormValidation.error("Native Support for PAM Authentication not available.");
}
}
@Override
public GroupDetails loadGroupByGroupname(final String groupname)
throws UsernameNotFoundException, DataAccessException {
try {
if (!NativeUtils.getInstance().checkUnixGroup(groupname)) {
throw new UsernameNotFoundException("No such Unix group: " + groupname);
}
} catch (NativeAccessException exc) {
throw new DataAccessException("Failed to find Unix Group", exc) {};
}
return new GroupDetails() {
@Override
public String getName() {
return groupname;
}
};
}
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String username = authentication.getPrincipal().toString();
String password = authentication.getCredentials().toString();
try {
Set<String> grps =
NativeUtils.getInstance().pamAuthenticate(serviceName, username, password);
GrantedAuthority[] groups = new GrantedAuthority[grps.size()];
int i = 0;
for (String g : grps) {
groups[i++] = new GrantedAuthorityImpl(g);
}
EnvVars.setHudsonUserEnvVar(username);
// I never understood why Spring Security insists on keeping the password...
return new UsernamePasswordAuthenticationToken(username, password, groups);
} catch (NativeAccessException exc) {
throw new BadCredentialsException(exc.getMessage(), exc);
}
}