java.lang.Object
- hudson.model.AbstractDescribableImpl<AuthorizationStrategy>
- - hudson.security.AuthorizationStrategy

All Implemented Interfaces:

ExtensionPoint, Describable<AuthorizationStrategy>

Direct Known Subclasses:

AuthorizationStrategy.Unsecured, FullControlOnceLoggedInAuthorizationStrategy, LegacyAuthorizationStrategy
```
@StaplerAccessibleType
public abstract class AuthorizationStrategy
extends AbstractDescribableImpl<AuthorizationStrategy>
implements ExtensionPoint
```
Controls authorization throughout Hudson.
Persistence

This object will be persisted along with Jenkins object. Hudson by itself won't put the ACL returned from getRootACL() into the serialized object graph, so if that object contains state and needs to be persisted, it's the responsibility of AuthorizationStrategy to do so (by keeping them in an instance field.)
Re-configuration

The corresponding Describable instance will be asked to create a new AuthorizationStrategy every time the system configuration is updated. Implementations that keep more state in ACL beyond the system configuration should use Jenkins.getAuthorizationStrategy() to talk to the current instance to carry over the state.

Author:

Kohsuke Kawaguchi

See Also:

SecurityRealm

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class AuthorizationStrategy.Unsecured
- Nested classes/interfaces inherited from interface hudson.ExtensionPoint
  ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields
Modifier and Type	Field	Description
`static DescriptorList<AuthorizationStrategy>`	`LIST`	Deprecated. since 1.286 Use `all()` for read access, and `Extension` for registration.
`static AuthorizationStrategy`	`UNSECURED`	`AuthorizationStrategy` that implements the semantics of unsecured Hudson where everyone has full control.

Constructor Summary

Constructors
Constructor Description

AuthorizationStrategy()

Method Summary

All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>>`	`all()`	Returns all the registered `AuthorizationStrategy` descriptors.
`ACL`	`getACL(AbstractItem item)`	Implementation can choose to provide different ACL for different items.
`ACL`	`getACL(AbstractProject<?,?> project)`	Deprecated. since 1.277 Override `getACL(Job)` instead.
`ACL`	`getACL(Computer computer)`	Implementation can choose to provide different ACL for different computers.
`ACL`	`getACL(Job<?,?> project)`
`ACL`	`getACL(Node node)`
`ACL`	`getACL(User user)`	Implementation can choose to provide different ACL per user.
`ACL`	`getACL(View item)`	Implementation can choose to provide different ACL for different views.
`ACL`	`getACL(Cloud cloud)`	Implementation can choose to provide different ACL for different `Cloud`s.
`abstract Collection<String>`	`getGroups()`	Returns the list of all group/role names used in this authorization strategy, and the ACL returned from the `getRootACL()` method.
`abstract ACL`	`getRootACL()`	Returns the instance of `ACL` where all the other `ACL` instances for all the other model objects eventually delegate.

Methods inherited from class hudson.model.AbstractDescribableImpl
getDescriptor

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LIST
```
@Deprecated
public static final DescriptorList<AuthorizationStrategy> LIST
```
    Deprecated.
    since 1.286 Use all() for read access, and Extension for registration.
    
    All registered SecurityRealm implementations.
  - UNSECURED
```
public static final AuthorizationStrategy UNSECURED
```
    AuthorizationStrategy that implements the semantics of unsecured Hudson where everyone has full control.
    This singleton is safe because AuthorizationStrategy.Unsecured is stateless.
- Constructor Detail
  - AuthorizationStrategy
```
public AuthorizationStrategy()
```
- Method Detail
  - getRootACL
```
@NonNull
public abstract ACL getRootACL()
```
    Returns the instance of ACL where all the other ACL instances for all the other model objects eventually delegate.
    IOW, this ACL will have the ultimate say on the access control.
  - getACL
```
@Deprecated
@NonNull
public ACL getACL(@NonNull
                  AbstractProject<?,?> project)
```
    Deprecated.
    since 1.277 Override getACL(Job) instead.
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  Job<?,?> project)
```
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  View item)
```
    Implementation can choose to provide different ACL for different views. This can be used as a basis for more fine-grained access control.
    The default implementation makes the view visible if any of the items are visible or the view is configurable.
    
    Since:
    
    1.220
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  AbstractItem item)
```
    Implementation can choose to provide different ACL for different items. This can be used as a basis for more fine-grained access control.
    The default implementation returns getRootACL().
    
    Since:
    
    1.220
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  User user)
```
    Implementation can choose to provide different ACL per user. This can be used as a basis for more fine-grained access control.
    The default implementation returns getRootACL().
    
    Since:
    
    1.221
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  Computer computer)
```
    Implementation can choose to provide different ACL for different computers. This can be used as a basis for more fine-grained access control.
    The default implementation delegates to getACL(Node)
    
    Since:
    
    1.220
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  Cloud cloud)
```
    Implementation can choose to provide different ACL for different Clouds. This can be used as a basis for more fine-grained access control.
    The default implementation returns getRootACL().
    
    Since:
    
    1.252
  - getACL
```
@NonNull
public ACL getACL(@NonNull
                  Node node)
```
  - getGroups
```
@NonNull
public abstract Collection<String> getGroups()
```
    Returns the list of all group/role names used in this authorization strategy, and the ACL returned from the getRootACL() method.
    This method is used by ContainerAuthentication to work around the servlet API issue that prevents us from enumerating roles that the user has.
    If such enumeration is impossible, do the best to list as many as possible, then return it. In the worst case, just return an empty list. Doing so would prevent users from using role names as group names (see JENKINS-2716 for such one such report.)
    
    Returns:
    
    never null.
  - all
```
@NonNull
public static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()
```
    Returns all the registered AuthorizationStrategy descriptors.

Class AuthorizationStrategy

Persistence

Re-configuration

Nested Class Summary

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

Field Summary

Constructor Summary

Method Summary

Methods inherited from class hudson.model.AbstractDescribableImpl

Methods inherited from class java.lang.Object

Field Detail

LIST

UNSECURED

Constructor Detail

AuthorizationStrategy

Method Detail

getRootACL

getACL

getACL

getACL

getACL

getACL

getACL

getACL

getACL

getGroups

all