Custom authentication

When using custom authentication, only the authentication (and the per-repository restrictions) are delegated to the configured class.

The configured user directories are still used to hold the user, groups and memberships lists. In most configurations you should use an internal directory together with custom authentication.

If possible you should use a supported external directory, rather than custom authentication.

 

To implement an arbitrary form of authentication and authorization for FishEye you need to provide a class which extends com.cenqua.fisheye.user.plugin.AbstractFishEyeAuthenticator. You can find more information about custom FishEye authorization in the online javadocs and the library jar.

For FishEye to use the authenticator, it must be compiled, placed in a jar archive and then put in the $FISHEYE_INST/lib directory. If other third-party libraries are required by your authenticator, they must also be in the $FISHEYE_INST/lib directory.

Global configuration

After implementing a custom authenticator, the next step is to configure FishEye to use it.

Click Setup Custom authentication on the FishEye Authentication page, in the Admin area.

You will be presented with a form containing the following fields to be set:

Classname

The fully qualified class name of your AbstractFishEyeAuthenticator, e.g. com.cenqua.fisheye.user.plugin.ExampleFishEyeAuthenticator.

Auto-add

FishEye can automatically create a user it has not previously encountered if the user can successfully authenticate against your authenticator.

Properties

Any properties your authenticator requires. These will be passed to its init() method. This field should comply with the java.util.Properties format. Example:

 
# comments
name1=value1
name2=value2

Per-repository constraint configuration

You may also require a per-repository constraint to restrict access to specific repositories using your custom authenticator. If a custom authenticator is set, then the Permissions Summary table will display the constraint per repository and a link to enable you to edit it.

When using FishEye's built-in groups in conjunction with a custom authenticator, a user will have access to a repository if:

  1. the user is in an allowed group for the repository
  2. or the hasPermissionToAccess method of the custom authenticator returns true.

The 'Authentication Test' page allows you to enter a user's credentials and to test the user's authentication. It will also test which repositories the user is authorized to access.

Last modified on Sep 28, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.