@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public class NonSerializableSecurityContext extends Object implements org.springframework.security.core.context.SecurityContext
SecurityContextImpl
but doesn't serialize Authentication
.
Authentication
often contains UserDetails
implemented by a plugin,
but when it's persisted as a part of HttpSession
, such instance will never
de-serialize correctly because the container isn't aware of additional classloading
in Jenkins.
Jenkins doesn't work with a clustering anyway, and so it's better to just not persist Authentication at all. See the problem report.
HttpSessionContextIntegrationFilter2
,
Serialized FormConstructor and Description |
---|
NonSerializableSecurityContext() |
NonSerializableSecurityContext(org.springframework.security.core.Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object obj) |
org.springframework.security.core.Authentication |
getAuthentication() |
int |
hashCode() |
void |
setAuthentication(org.springframework.security.core.Authentication authentication) |
String |
toString() |
public NonSerializableSecurityContext()
public NonSerializableSecurityContext(org.springframework.security.core.Authentication authentication)
public org.springframework.security.core.Authentication getAuthentication()
getAuthentication
in interface org.springframework.security.core.context.SecurityContext
public void setAuthentication(org.springframework.security.core.Authentication authentication)
setAuthentication
in interface org.springframework.security.core.context.SecurityContext
Copyright © 2004–2021. All rights reserved.