Class AuthorizationStrategy
- All Implemented Interfaces:
ExtensionPoint
,Describable<AuthorizationStrategy>
- Direct Known Subclasses:
AuthorizationStrategy.Unsecured
,FullControlOnceLoggedInAuthorizationStrategy
,LegacyAuthorizationStrategy
Persistence
This object will be persisted along with Jenkins
object.
Hudson by itself won't put the ACL returned from getRootACL()
into the serialized object graph,
so if that object contains state and needs to be persisted, it's the responsibility of
AuthorizationStrategy
to do so (by keeping them in an instance field.)
Re-configuration
The corresponding Describable
instance will be asked to create a new AuthorizationStrategy
every time the system configuration is updated. Implementations that keep more state in ACL beyond
the system configuration should use Jenkins.getAuthorizationStrategy()
to talk to the current
instance to carry over the state.
- Author:
- Kohsuke Kawaguchi
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
Field Summary
Modifier and TypeFieldDescriptionstatic final DescriptorList<AuthorizationStrategy>
Deprecated.static final AuthorizationStrategy
AuthorizationStrategy
that implements the semantics of unsecured Hudson where everyone has full control. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionall()
Returns all the registeredAuthorizationStrategy
descriptors.getACL
(AbstractItem item) Implementation can choose to provide different ACL for different items.getACL
(AbstractProject<?, ?> project) Deprecated.since 1.277 OverridegetACL(Job)
instead.Implementation can choose to provide different ACL for different computers.Implementation can choose to provide different ACL per user.Implementation can choose to provide different ACL for different views.Implementation can choose to provide different ACL for differentCloud
s.abstract Collection<String>
Returns the list of all group/role names used in this authorization strategy, and the ACL returned from thegetRootACL()
method.abstract ACL
Methods inherited from class hudson.model.AbstractDescribableImpl
getDescriptor
-
Field Details
-
LIST
All registeredSecurityRealm
implementations. -
UNSECURED
AuthorizationStrategy
that implements the semantics of unsecured Hudson where everyone has full control.This singleton is safe because
AuthorizationStrategy.Unsecured
is stateless.
-
-
Constructor Details
-
AuthorizationStrategy
public AuthorizationStrategy()
-
-
Method Details
-
getRootACL
-
getACL
Deprecated.since 1.277 OverridegetACL(Job)
instead. -
getACL
-
getACL
Implementation can choose to provide different ACL for different views. This can be used as a basis for more fine-grained access control.The default implementation makes the view visible if any of the items are visible or the view is configurable.
- Since:
- 1.220
-
getACL
Implementation can choose to provide different ACL for different items. This can be used as a basis for more fine-grained access control.The default implementation returns
getRootACL()
.- Since:
- 1.220
-
getACL
Implementation can choose to provide different ACL per user. This can be used as a basis for more fine-grained access control.The default implementation returns
getRootACL()
.- Since:
- 1.221
-
getACL
Implementation can choose to provide different ACL for different computers. This can be used as a basis for more fine-grained access control.The default implementation delegates to
getACL(Node)
- Since:
- 1.220
-
getACL
Implementation can choose to provide different ACL for differentCloud
s. This can be used as a basis for more fine-grained access control.The default implementation returns
getRootACL()
.- Since:
- 1.252
-
getACL
-
getGroups
Returns the list of all group/role names used in this authorization strategy, and the ACL returned from thegetRootACL()
method.This method is used by
ContainerAuthentication
to work around the servlet API issue that prevents us from enumerating roles that the user has.If such enumeration is impossible, do the best to list as many as possible, then return it. In the worst case, just return an empty list. Doing so would prevent users from using role names as group names (see JENKINS-2716 for such one such report.)
- Returns:
- never null.
-
all
@NonNull public static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()Returns all the registeredAuthorizationStrategy
descriptors.
-
all()
for read access, andExtension
for registration.