Package jenkins.security

Class NonSerializableSecurityContext

  • All Implemented Interfaces:
    Serializable, org.springframework.security.core.context.SecurityContext
    @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public class NonSerializableSecurityContext
extends Object
implements org.springframework.security.core.context.SecurityContext
    The same as SecurityContextImpl but doesn't serialize Authentication.

    Authentication often contains UserDetails implemented by a plugin, but when it's persisted as a part of HttpSession, such instance will never de-serialize correctly because the container isn't aware of additional classloading in Jenkins.

    Jenkins doesn't work with a clustering anyway, and so it's better to just not persist Authentication at all. See the problem report.

    Since:
    1.509
    Author:
    Kohsuke Kawaguchi
    See Also:
    HttpSessionContextIntegrationFilter2, Serialized Form

    • Constructor Detail

      • NonSerializableSecurityContext

        public NonSerializableSecurityContext()

      • NonSerializableSecurityContext

        public NonSerializableSecurityContext​(org.springframework.security.core.Authentication authentication)

    • Method Detail

      • getAuthentication

        public org.springframework.security.core.Authentication getAuthentication()
        Specified by:
        getAuthentication in interface org.springframework.security.core.context.SecurityContext

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • setAuthentication

        public void setAuthentication​(org.springframework.security.core.Authentication authentication)
        Specified by:
        setAuthentication in interface org.springframework.security.core.context.SecurityContext