Class NonSerializableSecurityContext

  • All Implemented Interfaces:
    Serializable, org.springframework.security.core.context.SecurityContext

    @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
    public class NonSerializableSecurityContext
    extends Object
    implements org.springframework.security.core.context.SecurityContext
    The same as SecurityContextImpl but doesn't serialize Authentication.

    Authentication often contains UserDetails implemented by a plugin, but when it's persisted as a part of HttpSession, such instance will never de-serialize correctly because the container isn't aware of additional classloading in Jenkins.

    Jenkins doesn't work with a clustering anyway, and so it's better to just not persist Authentication at all. See the problem report.

    Since:
    1.509
    Author:
    Kohsuke Kawaguchi
    See Also:
    HttpSessionContextIntegrationFilter2, Serialized Form
    • Constructor Detail

      • NonSerializableSecurityContext

        public NonSerializableSecurityContext()
      • NonSerializableSecurityContext

        public NonSerializableSecurityContext​(org.springframework.security.core.Authentication authentication)
    • Method Detail

      • getAuthentication

        public org.springframework.security.core.Authentication getAuthentication()
        Specified by:
        getAuthentication in interface org.springframework.security.core.context.SecurityContext
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • setAuthentication

        public void setAuthentication​(org.springframework.security.core.Authentication authentication)
        Specified by:
        setAuthentication in interface org.springframework.security.core.context.SecurityContext