Modifier and Type | Field and Description |
---|---|
static Sid |
ANONYMOUS
Sid that represents the anonymous unauthenticated users. |
static String |
ANONYMOUS_USERNAME
The username for the anonymous user
|
protected static Sid[] |
AUTOMATIC_SIDS |
static Sid |
EVERYONE
Special
Sid that represents "everyone", even including anonymous users. |
static Authentication |
SYSTEM
Deprecated.
use
SYSTEM2 |
static String |
SYSTEM_USERNAME
The username for the system user
|
static org.springframework.security.core.Authentication |
SYSTEM2
Sid that represents the Hudson itself. |
Constructor and Description |
---|
ACL() |
Modifier and Type | Method and Description |
---|---|
static ACLContext |
as(Authentication auth)
Deprecated.
|
static ACLContext |
as(User user)
Changes the
Authentication associated with the current thread to the specified one and returns an
AutoCloseable that restores the previous security context. |
static ACLContext |
as2(org.springframework.security.core.Authentication auth)
Changes the
Authentication associated with the current thread to the specified one and returns an
AutoCloseable that restores the previous security context. |
void |
checkAnyPermission(Permission... permissions)
Checks if the current security principal has one of the supplied permissions.
|
void |
checkCreatePermission(ItemGroup c,
TopLevelItemDescriptor d)
Checks if the current security principal has the permission to create top level items within the specified
item group.
|
void |
checkCreatePermission(ViewGroup c,
ViewDescriptor d)
Checks if the current security principal has the permission to create views within the specified view group.
|
void |
checkPermission(Permission p)
Checks if the current security principal has this permission.
|
boolean |
hasAnyPermission(Permission... permissions)
Checks if the current security principal has any of the permissions.
|
boolean |
hasCreatePermission(Authentication a,
ItemGroup c,
TopLevelItemDescriptor d)
|
boolean |
hasCreatePermission(Authentication a,
ViewGroup c,
ViewDescriptor d)
|
boolean |
hasCreatePermission2(org.springframework.security.core.Authentication a,
ItemGroup c,
TopLevelItemDescriptor d)
Checks if the given principal has the permission to create top level items within the specified item group.
|
boolean |
hasCreatePermission2(org.springframework.security.core.Authentication a,
ViewGroup c,
ViewDescriptor d)
Checks if the given principal has the permission to create views within the specified view group.
|
boolean |
hasPermission(Authentication a,
Permission permission)
|
boolean |
hasPermission(Permission p)
Checks if the current security principal has this permission.
|
boolean |
hasPermission2(org.springframework.security.core.Authentication a,
Permission permission)
Checks if the given principle has the given permission.
|
static SecurityContext |
impersonate(Authentication auth)
Deprecated.
|
static <V,T extends Exception> |
impersonate(Authentication auth,
hudson.remoting.Callable<V,T> body)
Deprecated.
|
static void |
impersonate(Authentication auth,
Runnable body)
Deprecated.
|
static org.springframework.security.core.context.SecurityContext |
impersonate2(org.springframework.security.core.Authentication auth)
Deprecated.
use try with resources and
as2(Authentication) |
static <V,T extends Exception> |
impersonate2(org.springframework.security.core.Authentication auth,
hudson.remoting.Callable<V,T> body)
Deprecated.
use try with resources and
as2(Authentication) |
static void |
impersonate2(org.springframework.security.core.Authentication auth,
Runnable body)
Deprecated.
use try with resources and
as2(Authentication) |
static boolean |
isAnonymous(Authentication authentication)
Deprecated.
|
static boolean |
isAnonymous2(org.springframework.security.core.Authentication authentication)
Checks if the given authentication is anonymous by checking its class.
|
static ACL |
lambda(BiFunction<Authentication,Permission,Boolean> impl)
|
static ACL |
lambda2(BiFunction<org.springframework.security.core.Authentication,Permission,Boolean> impl)
Creates a simple
ACL implementation based on a “single-abstract-method” easily implemented via lambda syntax. |
public static final Sid EVERYONE
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final String ANONYMOUS_USERNAME
public static final Sid ANONYMOUS
Sid
that represents the anonymous unauthenticated users.
HudsonFilter
sets this up, so this sid remains the same
regardless of the current SecurityRealm
in use.
protected static final Sid[] AUTOMATIC_SIDS
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final String SYSTEM_USERNAME
public static final org.springframework.security.core.Authentication SYSTEM2
Sid
that represents the Hudson itself.
This is used when Hudson is performing computation for itself, instead of acting on behalf of an user, such as doing builds.
@Deprecated public static final Authentication SYSTEM
SYSTEM2
public final void checkPermission(@NonNull Permission p)
This is just a convenience function.
org.springframework.security.access.AccessDeniedException
- if the user doesn't have the permission.public final void checkAnyPermission(@NonNull Permission... permissions)
org.springframework.security.access.AccessDeniedException
- if the user doesn't have the permission.IllegalArgumentException
- if no permissions are providedpublic final boolean hasPermission(@NonNull Permission p)
public final boolean hasAnyPermission(@NonNull Permission... permissions)
false
if the user doesn't have one of the required permissions.IllegalArgumentException
- if no permissions are providedpublic boolean hasPermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull Permission permission)
Note that SYSTEM2
can be passed in as the authentication parameter,
in which case you should probably just assume it has every permission.
@Deprecated public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission)
public static ACL lambda2(BiFunction<org.springframework.security.core.Authentication,Permission,Boolean> impl)
ACL
implementation based on a “single-abstract-method” easily implemented via lambda syntax.impl
- the implementation of hasPermission2(Authentication, Permission)
@Deprecated public static ACL lambda(BiFunction<Authentication,Permission,Boolean> impl)
lambda2(java.util.function.BiFunction<org.springframework.security.core.Authentication, hudson.security.Permission, java.lang.Boolean>)
public final void checkCreatePermission(@NonNull ItemGroup c, @NonNull TopLevelItemDescriptor d)
This is just a convenience function.
c
- the container of the item.d
- the descriptor of the item to be created.org.springframework.security.access.AccessDeniedException
- if the user doesn't have the permission.public boolean hasCreatePermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull ItemGroup c, @NonNull TopLevelItemDescriptor d)
Note that SYSTEM2
can be passed in as the authentication parameter,
in which case you should probably just assume it can create anything anywhere.
a
- the principal.c
- the container of the item.d
- the descriptor of the item to be created.@Deprecated public boolean hasCreatePermission(@NonNull Authentication a, @NonNull ItemGroup c, @NonNull TopLevelItemDescriptor d)
public final void checkCreatePermission(@NonNull ViewGroup c, @NonNull ViewDescriptor d)
This is just a convenience function.
c
- the container of the item.d
- the descriptor of the view to be created.org.springframework.security.access.AccessDeniedException
- if the user doesn't have the permission.public boolean hasCreatePermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull ViewGroup c, @NonNull ViewDescriptor d)
Note that SYSTEM2
can be passed in as the authentication parameter,
in which case you should probably just assume it can create anything anywhere.
a
- the principal.c
- the container of the view.d
- the descriptor of the view to be created.@Deprecated public boolean hasCreatePermission(@NonNull Authentication a, @NonNull ViewGroup c, @NonNull ViewDescriptor d)
@Deprecated @NonNull public static org.springframework.security.core.context.SecurityContext impersonate2(@NonNull org.springframework.security.core.Authentication auth)
as2(Authentication)
Authentication
associated with the current thread
to the specified one, and returns the previous security context.
When the impersonation is over, be sure to restore the previous authentication
via SecurityContextHolder.setContext(returnValueFromThisMethod)
;
or just use impersonate2(Authentication, Runnable)
.
We need to create a new SecurityContext
instead of SecurityContext.setAuthentication(Authentication)
because the same SecurityContext
object is reused for all the concurrent requests from the same session.
@Deprecated @NonNull public static SecurityContext impersonate(@NonNull Authentication auth)
impersonate2(Authentication)
@Deprecated public static void impersonate2(@NonNull org.springframework.security.core.Authentication auth, @NonNull Runnable body)
as2(Authentication)
impersonate2(Authentication)
that does not require a finally-block.auth
- authentication, such as SYSTEM2
body
- an action to run with this alternate authentication in effect@Deprecated public static void impersonate(@NonNull Authentication auth, @NonNull Runnable body)
impersonate2(Authentication, Runnable)
@Deprecated public static <V,T extends Exception> V impersonate2(org.springframework.security.core.Authentication auth, hudson.remoting.Callable<V,T> body) throws T extends Exception
as2(Authentication)
impersonate2(Authentication)
that does not require a finally-block.auth
- authentication, such as SYSTEM2
body
- an action to run with this alternate authentication in effect (try NotReallyRoleSensitiveCallable
)T extends Exception
@Deprecated public static <V,T extends Exception> V impersonate(Authentication auth, hudson.remoting.Callable<V,T> body) throws T extends Exception
impersonate2(Authentication, Callable)
T extends Exception
@NonNull public static ACLContext as2(@NonNull org.springframework.security.core.Authentication auth)
Authentication
associated with the current thread to the specified one and returns an
AutoCloseable
that restores the previous security context.
This makes impersonation much easier within code as it can now be used using the try with resources construct:
try (ACLContext ctx = ACL.as2(auth)) { ... }
auth
- the new authentication.@Deprecated @NonNull public static ACLContext as(@NonNull Authentication auth)
as2(Authentication)
@NonNull public static ACLContext as(@CheckForNull User user)
Authentication
associated with the current thread to the specified one and returns an
AutoCloseable
that restores the previous security context.
This makes impersonation much easier within code as it can now be used using the try with resources construct:
try (ACLContext ctx = ACL.as2(auth)) { ... }
user
- the user to impersonate.public static boolean isAnonymous2(@NonNull org.springframework.security.core.Authentication authentication)
Jenkins.ANONYMOUS2
,
AnonymousAuthenticationToken
@Deprecated public static boolean isAnonymous(@NonNull Authentication authentication)
isAnonymous2(org.springframework.security.core.Authentication)
Copyright © 2004–2021. All rights reserved.