@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public class NonSerializableSecurityContext extends Object implements org.springframework.security.core.context.SecurityContext
SecurityContextImpl but doesn't serialize Authentication.
Authentication often contains UserDetails implemented by a plugin,
but when it's persisted as a part of HttpSession, such instance will never
de-serialize correctly because the container isn't aware of additional classloading
in Jenkins.
Jenkins doesn't work with a clustering anyway, and so it's better to just not persist Authentication at all. See the problem report.
HttpSessionContextIntegrationFilter2,
Serialized Form| Constructor and Description |
|---|
NonSerializableSecurityContext() |
NonSerializableSecurityContext(org.springframework.security.core.Authentication authentication) |
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(Object obj) |
org.springframework.security.core.Authentication |
getAuthentication() |
int |
hashCode() |
void |
setAuthentication(org.springframework.security.core.Authentication authentication) |
String |
toString() |
public NonSerializableSecurityContext()
public NonSerializableSecurityContext(org.springframework.security.core.Authentication authentication)
public org.springframework.security.core.Authentication getAuthentication()
getAuthentication in interface org.springframework.security.core.context.SecurityContextpublic void setAuthentication(org.springframework.security.core.Authentication authentication)
setAuthentication in interface org.springframework.security.core.context.SecurityContextCopyright © 2004–2020. All rights reserved.