Added pluggable API for authentication backends.

An AuthBackend authenticates an incoming request and provides the authenticated user. An incoming request is represented as an AuthRequest. Each protocol is responsible for parsing the request and creating the AuthRequest e.g Digest HTTP, PubKey SSH, etc. The core server defines two AuthBackends in this change: Internal: gerrit DB password based authentication Ldap: delegates the password verification to the LDAP server The allowed AuthBackends are bound in a DynamicSet which the UniversalAuthBackend handles by attempting to authenticate the request with every backend. It is expected that at most one AuthBackend will successfully authenticate a user. It is considered an error if more than one user is authenticated. If this is an issue for a service, consider separating users by username, so a backend can quickly determine if it should consider the request. After a user is authenticated, an AuthUser object is returned with a globally unique UUID. More work needs to be done to join the concept of the AuthUser UUID and the Account ID. The AuthBackend is marked as an ExtensionPoint so it may be implemented as a plugin. Change-Id: I645262519f15806517c7ff4058ed6c5aabf8e754
2012-11-12 10:51:32 -08:00
parent d270a342a3
commit ad5b2330ac
16 changed files with 722 additions and 8 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/MissingCredentialsException.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/MissingCredentialsException.java
@@ -0,0 +1,41 @@
+// Copyright (C) 2012 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.auth;
+
+/**
+ * An authentication exception that is thrown when the credentials are not
+ * present. This indicates that the AuthBackend has none of the needed
+ * information in the request to perform authentication. If parts of the
+ * authentication information is available to the backend, then a different
+ * AuthException should be used.
+ */
+public class MissingCredentialsException extends AuthException {
+  private static final long serialVersionUID = -6499866977513508051L;
+
+  public MissingCredentialsException() {
+  }
+
+  public MissingCredentialsException(String msg) {
+    super(msg);
+  }
+
+  public MissingCredentialsException(Throwable ex) {
+    super(ex);
+  }
+
+  public MissingCredentialsException(String msg, Throwable ex) {
+    super(msg, ex);
+  }
+}