@ExportedBean public class User extends AbstractModelObject implements AccessControlled, DescriptorByNameOwner, Saveable, Comparable<User>, ModelObjectWithContextMenu, org.kohsuke.stapler.StaplerProxy
In Hudson, User
objects are created in on-demand basis;
for example, when a build is performed, its change log is computed
and as a result commits from users who Hudson has never seen may be discovered.
When this happens, new User
object is created.
If the persisted record for an user exists, the information is loaded at
that point, but if there's no such record, a fresh instance is created from
thin air (this is where UserPropertyDescriptor.newInstance(User)
is
called to provide initial UserProperty
objects.
Such newly created User
objects will be simply GC-ed without
ever leaving the persisted record, unless save()
method
is explicitly invoked (perhaps as a result of a browser submitting a
configuration.)
Modifier and Type | Class and Description |
---|---|
static class |
User.AllUsers
|
static class |
User.CanonicalIdResolver
Resolves User IDs by ID, full names or other strings.
|
static class |
User.FullNameIdResolver
Resolve user ID from full name
|
static class |
User.UserIDCanonicalIdResolver
Tries to verify if an ID is valid.
|
ModelObjectWithContextMenu.ContextMenu, ModelObjectWithContextMenu.ContextMenuVisibility, ModelObjectWithContextMenu.MenuItem
Modifier and Type | Field and Description |
---|---|
static boolean |
ALLOW_NON_EXISTENT_USER_TO_LOGIN
Jenkins now refuses to let the user login if he/she doesn't exist in
SecurityRealm ,
which was necessary to make sure users removed from the backend will get removed from the frontend. |
static boolean |
ALLOW_USER_CREATION_VIA_URL
Jenkins historically created a (usually) ephemeral user record when an user with Overall/Administer permission
accesses a /user/arbitraryName URL.
|
static boolean |
SKIP_PERMISSION_CHECK
Escape hatch for StaplerProxy-based access control
|
static XStream2 |
XSTREAM |
Modifier and Type | Method and Description |
---|---|
void |
addProperty(UserProperty p)
Updates the user object by adding a property.
|
boolean |
canDelete()
With ADMINISTER permission, can delete users with persisted data but can't delete self.
|
static void |
clear()
Deprecated.
|
int |
compareTo(User that) |
static User |
current()
Gets the
User object representing the currently logged-in user, or null
if the current user is anonymous. |
void |
delete()
Deletes the data directory and removes this user from Hudson.
|
void |
doConfigSubmit(org.kohsuke.stapler.StaplerRequest req,
org.kohsuke.stapler.StaplerResponse rsp)
Accepts submission from the configuration page.
|
ModelObjectWithContextMenu.ContextMenu |
doContextMenu(org.kohsuke.stapler.StaplerRequest request,
org.kohsuke.stapler.StaplerResponse response)
Generates the context menu.
|
void |
doDoDelete(org.kohsuke.stapler.StaplerRequest req,
org.kohsuke.stapler.StaplerResponse rsp)
Deletes this user from Hudson.
|
void |
doRssAll(org.kohsuke.stapler.StaplerRequest req,
org.kohsuke.stapler.StaplerResponse rsp) |
void |
doRssFailed(org.kohsuke.stapler.StaplerRequest req,
org.kohsuke.stapler.StaplerResponse rsp) |
void |
doRssLatest(org.kohsuke.stapler.StaplerRequest req,
org.kohsuke.stapler.StaplerResponse rsp) |
void |
doSubmitDescription(org.kohsuke.stapler.StaplerRequest req,
org.kohsuke.stapler.StaplerResponse rsp)
Accepts the new description.
|
static User |
get(Authentication a)
Deprecated.
|
static User |
get(String idOrFullName)
Deprecated.
This method is deprecated, because it causes unexpected
User creation
by API usage code and causes performance degradation of used to retrieve users by ID.
Use getById(java.lang.String, boolean) when you know you have an ID.
Otherwise use getOrCreateByIdOrFullName(String) or get(String, boolean, Map) . |
static User |
get(String idOrFullName,
boolean create)
Deprecated.
|
static User |
get(String idOrFullName,
boolean create,
Map context)
Gets the
User object by its id or full name. |
static User |
get2(org.springframework.security.core.Authentication a)
Gets the
User object representing the supplied Authentication or
null if the supplied Authentication is either anonymous or null |
String |
getAbsoluteUrl()
The URL of the user page.
|
ACL |
getACL()
Obtains the ACL associated with this object.
|
static Collection<User> |
getAll()
Gets all the users.
|
List<UserProperty> |
getAllProperties()
List of all
UserProperty s exposed primarily for the remoting API. |
Api |
getApi()
Exposed remote API.
|
List<String> |
getAuthorities()
Checks for authorities (groups) associated with this user.
|
RunList |
getBuilds()
Gets the list of
Build s that include changes by this user,
by the timestamp order. |
static User |
getById(String id,
boolean create)
Gets the
User object by its id |
String |
getDescription() |
String |
getDisplayName()
Returns the user name.
|
Object |
getDynamic(String token) |
String |
getFullName()
Gets the human readable name of this user.
|
String |
getId() |
static User |
getOrCreateByIdOrFullName(String idOrFullName)
Get the user by ID or Full Name.
|
Set<AbstractProject<?,?>> |
getProjects()
Gets all the
AbstractProject s that this user has committed to. |
Map<Descriptor<UserProperty>,UserProperty> |
getProperties()
Gets the user properties configured for this user.
|
<T extends UserProperty> |
getProperty(Class<T> clazz)
Gets the specific property, or null.
|
List<Action> |
getPropertyActions()
Return all properties that are also actions.
|
String |
getSearchUrl()
Returns the URL of this item relative to the parent
SearchItem . |
Object |
getTarget() |
List<Action> |
getTransientActions()
Return all transient actions associated with this user.
|
static User |
getUnknown()
Gets the fallback "unknown" user instance.
|
String |
getUrl() |
UserDetails |
getUserDetailsForImpersonation()
Deprecated.
|
org.springframework.security.core.userdetails.UserDetails |
getUserDetailsForImpersonation2()
This method checks with
SecurityRealm if the user is a valid user that can login to the security realm. |
File |
getUserFolder()
Returns the folder that store all the user information.
|
static IdStrategy |
idStrategy()
Returns the
IdStrategy for use with User instances. |
Authentication |
impersonate()
Deprecated.
use
impersonate2() |
org.springframework.security.core.Authentication |
impersonate(org.springframework.security.core.userdetails.UserDetails userDetails)
Creates an
Authentication object that represents this user using the given userDetails |
org.springframework.security.core.Authentication |
impersonate2()
Creates an
Authentication object that represents this user. |
static boolean |
isIdOrFullnameAllowed(String id)
Is the ID allowed? Some are prohibited for security reasons.
|
static void |
rekey()
Called when changing the
IdStrategy . |
static void |
reload()
To be called from
Jenkins.reload() only. |
void |
save()
Save the user configuration.
|
void |
setDescription(String description)
Sets the description of the user.
|
void |
setFullName(String name)
Sets the human readable name of the user.
|
String |
toString() |
getSearch, getSearchIndex, getSearchName, makeSearchIndex, requirePOST, sendError, sendError, sendError, sendError, sendError
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
checkAnyPermission, checkPermission, hasAnyPermission, hasPermission, hasPermission, hasPermission2
getDescriptorByName
public static final XStream2 XSTREAM
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static boolean SKIP_PERMISSION_CHECK
public static boolean ALLOW_NON_EXISTENT_USER_TO_LOGIN
SecurityRealm
,
which was necessary to make sure users removed from the backend will get removed from the frontend.
Unfortunately this infringed some legitimate use cases of creating Jenkins-local users for automation purposes. This escape hatch switch can be enabled to resurrect that behaviour.
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static boolean ALLOW_USER_CREATION_VIA_URL
Unfortunately this constitutes a CSRF vulnerability, as malicious users can make admins create arbitrary numbers of ephemeral user records, so the behavior was changed in Jenkins 2.TODO / 2.32.2.
As some users may be relying on the previous behavior, setting this to true restores the previous behavior. This is not recommended.
SECURITY-406.
@NonNull public static IdStrategy idStrategy()
IdStrategy
for use with User
instances.public int compareTo(@NonNull User that)
compareTo
in interface Comparable<User>
@Exported public String getId()
@NonNull public String getUrl()
@NonNull public String getSearchUrl()
SearchItem
SearchItem
.getSearchUrl
in interface SearchItem
@Exported(visibility=999) @NonNull public String getAbsoluteUrl()
@Exported(visibility=999) @NonNull public String getFullName()
public void setFullName(String name)
@Exported @CheckForNull public String getDescription()
public void setDescription(String description)
public Map<Descriptor<UserProperty>,UserProperty> getProperties()
public void addProperty(@NonNull UserProperty p) throws IOException
IOException
@Exported(name="property", inline=true) public List<UserProperty> getAllProperties()
UserProperty
s exposed primarily for the remoting API.public <T extends UserProperty> T getProperty(Class<T> clazz)
@NonNull public org.springframework.security.core.Authentication impersonate2() throws org.springframework.security.core.userdetails.UsernameNotFoundException
Authentication
object that represents this user.
This method checks with SecurityRealm
if the user is a valid user that can login to the security realm.
If SecurityRealm
is a kind that does not support querying information about other users, this will
use LastGrantedAuthoritiesProperty
to pick up the granted authorities as of the last time the user has
logged in.
org.springframework.security.core.userdetails.UsernameNotFoundException
- If this user is not a valid user in the backend SecurityRealm
.@Deprecated @NonNull public Authentication impersonate() throws UsernameNotFoundException
impersonate2()
UsernameNotFoundException
@NonNull public org.springframework.security.core.userdetails.UserDetails getUserDetailsForImpersonation2() throws org.springframework.security.core.userdetails.UsernameNotFoundException
SecurityRealm
if the user is a valid user that can login to the security realm.
If SecurityRealm
is a kind that does not support querying information about other users, this will
use LastGrantedAuthoritiesProperty
to pick up the granted authorities as of the last time the user has
logged in.org.springframework.security.core.userdetails.UsernameNotFoundException
- If this user is not a valid user in the backend SecurityRealm
.@Deprecated @NonNull public UserDetails getUserDetailsForImpersonation() throws UsernameNotFoundException
getUserDetailsForImpersonation2()
UsernameNotFoundException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @NonNull public org.springframework.security.core.Authentication impersonate(@NonNull org.springframework.security.core.userdetails.UserDetails userDetails)
Authentication
object that represents this user using the given userDetailsuserDetails
- Provided by getUserDetailsForImpersonation2()
.getUserDetailsForImpersonation2()
public void doSubmitDescription(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException
IOException
@NonNull public static User getUnknown()
This is used to avoid null User
instance.
@Deprecated @Nullable public static User get(String idOrFullName, boolean create)
get(String, boolean, java.util.Map)
User
object by its id or full name.create
- If true, this method will never return null for valid input
(by creating a new User
object if none exists.)
If false, this method will return null if User
object
with the given name doesn't exist.null
if a user does not exist and
create
is false.@Nullable public static User get(String idOrFullName, boolean create, @NonNull Map context)
User
object by its id or full name.
In order to resolve the user ID, the method invokes User.CanonicalIdResolver
extension points.
Note that it may cause significant performance degradation.
If you are sure the passed value is a User ID, it is recommended to use getById(String, boolean)
.
create
- If true, this method will never return null for valid input
(by creating a new User
object if none exists.)
If false, this method will return null if User
object
with the given name doesn't exist.context
- contextual environment this user idOfFullName was retrieved from,
that can help resolve the user IDnull
if a user does not exist and
create
is false.@Deprecated @NonNull public static User get(String idOrFullName)
User
creation
by API usage code and causes performance degradation of used to retrieve users by ID.
Use getById(java.lang.String, boolean)
when you know you have an ID.
Otherwise use getOrCreateByIdOrFullName(String)
or get(String, boolean, Map)
.User
object by its id or full name.
Creates a user on-demand.
Use getById(java.lang.String, boolean)
when you know you have an ID.
In this method Jenkins will try to resolve the User
by full name with help of various
UserNameResolver
.
This is slow (see JENKINS-23281).
@NonNull public static User getOrCreateByIdOrFullName(@NonNull String idOrFullName)
If the user does not exist, creates a new one on-demand.
Use getById(java.lang.String, boolean)
when you know you have an ID.
In this method Jenkins will try to resolve the User
by full name with help of various
UserNameResolver
.
This is slow (see JENKINS-23281).
idOrFullName
- User ID or full name@CheckForNull public static User current()
User
object representing the currently logged-in user, or null
if the current user is anonymous.@CheckForNull public static User get2(@CheckForNull org.springframework.security.core.Authentication a)
User
object representing the supplied Authentication
or
null
if the supplied Authentication
is either anonymous or null
a
- the supplied Authentication
.User
object for the supplied Authentication
or null
@Deprecated @CheckForNull public static User get(@CheckForNull Authentication a)
get2(Authentication)
@Nullable public static User getById(String id, boolean create)
User
object by its id
id
- the id of the user to retrieve and optionally create if it does not exist.create
- If true
, this method will never return null
for valid input (by creating a
new User
object if none exists.) If false
, this method will return
null
if User
object with the given id doesn't exist.id
, or null
if create
is false
and the user does not exist.@NonNull public static Collection<User> getAll()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void reload() throws IOException
Jenkins.reload()
only.IOException
public static void rekey()
IdStrategy
.@NonNull public String getDisplayName()
getDisplayName
in interface ModelObject
@WithBridgeMethods(value=java.util.List.class) @NonNull public RunList getBuilds()
Build
s that include changes by this user,
by the timestamp order.@NonNull public Set<AbstractProject<?,?>> getProjects()
AbstractProject
s that this user has committed to.@Deprecated public static void clear()
@CheckForNull public File getUserFolder()
null
if the user was not yet saved.public static boolean isIdOrFullnameAllowed(@CheckForNull String id)
Note that this is only enforced when saving. These users are often created via the constructor (and even listed on /asynchPeople), but our goal is to prevent anyone from logging in as these users. Therefore, we prevent saving a User with one of these ids.
id
- ID to be checkedtrue
if the username or fullname is valid.
For null
or blank IDs returns false
.public void save() throws IOException
save
in interface Saveable
IOException
- if the persistence failed.public void delete() throws IOException
IOException
- if we fail to delete.public Api getApi()
@POST public void doConfigSubmit(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException, Descriptor.FormException
IOException
javax.servlet.ServletException
Descriptor.FormException
public void doDoDelete(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException
IOException
public void doRssAll(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void doRssFailed(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void doRssLatest(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
@NonNull public ACL getACL()
AccessControlled
getACL
in interface AccessControlled
public boolean canDelete()
@NonNull public List<String> getAuthorities()
Jenkins.ADMINISTER
, or any problems arise, returns an empty list.
SecurityRealm.AUTHENTICATED_AUTHORITY2
and the username, if present, are omitted.public List<Action> getPropertyActions()
public List<Action> getTransientActions()
public ModelObjectWithContextMenu.ContextMenu doContextMenu(org.kohsuke.stapler.StaplerRequest request, org.kohsuke.stapler.StaplerResponse response) throws Exception
ModelObjectWithContextMenu
return new ContextMenu().from(this,request,response);
,
which implements the default behaviour. See ModelObjectWithContextMenu.ContextMenu.from(ModelObjectWithContextMenu, StaplerRequest, StaplerResponse)
for more details of what it does. This should suit most implementations.doContextMenu
in interface ModelObjectWithContextMenu
Exception
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public Object getTarget()
getTarget
in interface org.kohsuke.stapler.StaplerProxy
Copyright © 2004–2021. All rights reserved.