/** Try to make this user a super-user */
  private void tryToMakeAdmin(User u) throws IOException {
    WwpassIdentity p = u.getProperty(WwpassIdentity.class);
    p.activate();
    u.save();
    AuthorizationStrategy as = Jenkins.getInstance().getAuthorizationStrategy();

    for (PermissionAdder adder : Jenkins.getInstance().getExtensionList(PermissionAdder.class)) {
      if (adder.add(as, u, Jenkins.ADMINISTER)) {
        return;
      }
    }
    LOGGER.severe(
        "Admin permission wasn't added for user: "******", ID: " + u.getId());
  }
  @Override
  public WwpassIdentity loadUserByUsername(String puid)
      throws UsernameNotFoundException, DataAccessException {
    Collection<User> all = User.getAll();

    for (User u : all) {
      WwpassIdentity p = u.getProperty(WwpassIdentity.class);
      if (puid.equals(p != null ? p.getPuid() : null)) {
        return p;
      }
    }

    throw new UsernameNotFoundException("There is no any user with: " + puid);
  }
  /**
   * @return <code>null</code> if failed. The browser is already redirected to retry by the time
   *     this method returns. a valid {@link User} object if the user creation was successful.
   */
  private User createAccount(StaplerRequest req, StaplerResponse rsp, String formView)
      throws ServletException, IOException {

    SignupInfo si = new SignupInfo(req);

    String puid = authenticateInWwpass(si.ticket, certFile, keyFile);

    try {
      if (loadUserByUsername(puid) != null) {
        si.errorMessages.add(Messages.WwpassSecurityRealm_PuidIsAlreadyTaken());
      }
    } catch (UsernameNotFoundException e) {

    }

    if (si.nickname == null || si.nickname.length() == 0)
      si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsRequired());
    else {
      User user = User.get(si.nickname, false);
      if (null != user)
        if (user.getProperty(WwpassIdentity.class) != null)
          si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsAlreadyTaken());
    }

    if (si.fullname == null || si.fullname.length() == 0)
      si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsRequired());
    else {
      User user = User.get(si.fullname, false);
      if (null != user)
        if (user.getProperty(WwpassIdentity.class) != null)
          si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsAlreadyTaken());
    }

    if (si.email == null || !si.email.contains("@"))
      si.errorMessages.add(Messages.WwpassSecurityRealm_InvalidEmailAddress());

    if (!si.errorMessages.isEmpty()) {
      // failed. ask the user to try again.
      req.setAttribute("data", si);
      req.getView(this, formView).forward(req, rsp);
      return null;
    }

    // register the user
    WwpassIdentity id = new WwpassIdentity(puid);
    id.populate(si);

    User user = createAccount(id);
    id.updateProfile(user);

    user.save();
    return user;
  }
  /** Lets the current user silently login as the given user and report back accordingly. */
  @SuppressWarnings("ACL.impersonate")
  private void loginAndTakeBack(StaplerRequest req, StaplerResponse rsp, User u)
      throws ServletException, IOException {
    // ... and let him login
    Authentication a = new WwpassAuthenticationToken(u.getId());
    a = this.getSecurityComponents().manager.authenticate(a);
    SecurityContextHolder.getContext().setAuthentication(a);

    // then back to top
    req.getView(this, "success.jelly").forward(req, rsp);
  }
 /**
  * Computes if this Jenkins has some user accounts configured.
  *
  * <p>This is used to check for the initial
  */
 private static boolean hasSomeUser() {
   for (User u : User.getAll()) if (u.getProperty(WwpassIdentity.class) != null) return true;
   return false;
 }
 /** Creates a new user account by registering a password to the user. */
 public User createAccount(WwpassIdentity id) throws IOException {
   User user = User.get(id.getNickname());
   user.addProperty(id);
   return user;
 }