Custom Authentication Module

public class CustomLoginModule implements javax.security.auth.spi.LoginModule { private Subject mySubject; private CallbackHandler myCallbackHandler; private Callback[] myCallbacks; private NameCallback myNameCallback; private PasswordCallback myPasswordCallback; public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { // We should remember callback handler and create our own callbacks. // TeamCity authorization scheme supports two callbacks only: NameCallback and PasswordCallback. // From these callbacks you will receive username and password entered on the login page. myCallbackHandler = callbackHandler; myNameCallback = new NameCallback("login:"); myPasswordCallback = new PasswordCallback("password:", false); // remember references to newly created callbacks myCallbacks = new Callback[]{myNameCallback, myPasswordCallback}; // Subject is a place where authorized entity credentials are stored. // When user is successfully authorized, the jetbrains.buildServer.serverSide.auth.ServerPrincipal // instance should be added to the subject. Based on this information the principal server will know a real name of // the authorized entity and realm where this entity was authorized. mySubject = subject; } public boolean login() throws LoginException { // invoke callback handler so that username and password were added // to the name and password callbacks try { myCallbackHandler.handle(myCallbacks); } catch (Throwable t) { throw new jetbrains.buildServer.serverSide.auth.TeamCityLoginException(t); } // retrieve login and password final String login = myNameCallback.getName(); final String password = new String(myPasswordCallback.getPassword()); // perform authentication if (checkPassword(login, password)) { // create ServerPrincipal and put it in the subject mySubject.getPrincipals().add(new ServerPrincipal(null, login)); return true; } throw new jetbrains.buildServer.serverSide.auth.TeamCityFailedLoginException(); } private boolean checkPassword(final String login, final String password) { return true; } public boolean commit() throws LoginException { // simply return true return true; } public boolean abort() throws LoginException { return true; } public boolean logout() throws LoginException { return true; } }

public class CustomLoginModuleDescriptor extends jetbrains.buildServer.serverSide.auth.LoginModuleDescriptorAdapter { // Spring framework will provide reference to LoginConfiguration when // the CustomLoginModuleDescriptor is instantiated public CustomLoginModuleDescriptor(LoginConfiguration loginConfiguration) { // register this descriptor in the login configuration loginConfiguration.registerLoginModule(this); } public String getName() { // return unique name of this module type. e.g. a derivative id will then be used in "auth-config.xml" file return "custom"; } @Override public String getDisplayName() { // return presentable name of this plugin return "My custom authentication plugin"; } @Override public String getDescription() { // return human-readable description of this module type return "Authentication via custom login module"; } public Class<? extends LoginModule> getLoginModuleClass() { // return our custom login module class return CustomLoginModule.class; } @Override public Map<String, ?> getJAASOptions(final Map<String, String> properties) { // return options which can be passed to our custom login module // for example, we could store reference to SBuildServer instance here return null; } }

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans default-autowire="constructor"> <bean id="customLoginModuleDescriptor" class="some.package.CustomLoginModuleDescriptor"/> </beans>

public class CustomHttpAuthenticationScheme extends jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationSchemeAdapter { // Spring framework will provide reference to LoginConfiguration when // the CustomLoginModuleDescriptor is instantiated public CustomHttpAuthenticationScheme(final LoginConfiguration loginConfiguration) { // register this scheme in the login configuration loginConfiguration.registerAuthModuleType(this); } @Override protected String doGetName() { // return unique name of this module type. e.g. a derivative id will then be used in "auth-config.xml" file return "custom"; } @Override public String getDisplayName() { // return presentable name of this plugin return "My custom HTTP authentication plugin"; } @Override public String getDescription() { // return human-readable description of this module type return "Authentication via custom HTTP scheme"; } // main method to process HTTP authentication @Override public HttpAuthenticationResult processAuthenticationRequest(final HttpServletRequest request, final HttpServletResponse response, final Map<String, String> properties) throws IOException { if (!isAttemptToAuthenticateViaThisHTTPScheme(request)) { return HttpAuthenticationResult.notApplicable(); } // perform authentication final String username = authenticate(request); if (username == null) { return HttpAuthUtil.sendUnauthorized(request, response, "Failed to authenticate user", this, properties); } return HttpAuthenticationResult.authenticated(new ServerPrincipal(null, username), true); } }

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans default-autowire="constructor"> <bean id="customHttpAuthenticationScheme" class="some.package.CustomHttpAuthenticationScheme"/> </beans>