Package jenkins.security
package jenkins.security
-
ClassDescriptionTranslates
AcegiSecurityExceptions to Spring Security equivalents.JENKINS-22474: Makes API Token calls bypass CSRF protection to ease usageDeprecated.Remembers the API token for this user, that can be used like a password to login.LikeSimpleUrlAuthenticationSuccessHandlerbut does not allow open redirects.Checks if the password given in the BASIC header matches the user's API token.When Jenkins receives HTTP basic authentication, this hook will validate the username/password pair.Takes "username:password" given in theAuthorizationHTTP header and authenticates the request.Checks if the password given in the BASIC header matches the user's actual password, as opposed to other pseudo-passwords like API tokens.Intercepts the new creation ofChanneland tweak its configuration.Customized version ofClassFilter.DEFAULT.Confidential information that gets stored as a singleton in Jenkins, mostly some random token value.The actual storage for the data held byConfidentialKeys, and the holder of the master secret.ConfidentialKeythat stores aSecretKeyfor shared-secret cryptography (AES).Allows extensions to adjust the behavior ofClassFilter.DEFAULT.Standard filter which can load whitelists and blacklists from plugins.Standard filter which pays attention to a system property.Default portable implementation ofConfidentialStorethat uses a directory inside $JENKINS_HOME.Redactconfig.xmlcontents for users with ExtendedRead permission while lacking the required Configure permission to see the full unredacted configuration.Utilities to help code change behaviour when it is desired to run in a FIPS-140 enabled environment.Adds the 'X-Frame-Options' header to all web pages.ConfidentialKeythat is the random hexadecimal string of length N.ConfidentialKeythat's used for creating a token by hashing some information with secret (such ashash(msg|secret)).UsesACL.impersonate2(Authentication)for all tasks.Variant ofImpersonatingExecutorServicefor scheduled services.Deprecated.UserDetailsServicefor thoseSecurityRealmthat doesn't allow query of other users.Set aServletContextattribute that instructs Jetty (typically via Winstone) to set theSameSiteattribute on cookies (typically session and Remember-me).Remembers the set ofGrantedAuthoritys that was obtained the last time the user has logged in.Listen to the login success/failure event to persistGrantedAuthoritys properly.MasterToSlaveCallable<V,T extends Throwable> Callablemeant to be run on agent.Generated localization support class.The same asSecurityContextImplbut doesn't serializeAuthentication.NotReallyRoleSensitiveCallable<V,T extends Throwable> Deprecated.useThrowingCallableinsteadExtension point to runQueue.Executables under a specific identity for better access control.Show theQueueItemAuthenticatorconfigurations on the system config page.There are cases where a plugin need to provide aQueueItemAuthenticatorthat cannot be controlled or configured by the user.Configure the resource root URL, an alternative root URL to serve resources from to not need Content-Security-Policy headers, which mess with desired complex output.Prohibit requests to Jenkins coming through a resource domain URL configured withResourceDomainConfiguration, except anything going toResourceDomainRootAction.Recommend use ofResourceDomainConfigurationto users with the system propertyhudson.model.DirectoryBrowserSupport.CSPset to overrideDirectoryBrowserSupport.DEFAULT_CSP_VALUE.Root action servingDirectoryBrowserSupportinstances on random URLs to support resource URLs (second domain).PredefinedRoles in Jenkins.RSA public/private key pair asConfidentialKey.RSA digital signature asConfidentialKeyto prevent accidental leak of private key.An extension point for authorizing REST API access to an object where an unsafe result type would be produced.Creates a delegatingExecutorServiceimplementation whose submit and related methods capture the current SecurityContext and then wrap any runnable/callable objects in another runnable/callable that sets the context before execution and resets it afterwards.Listener notified of various significant events related to security.SlaveToMasterCallable<V,T extends Throwable> ConvenientCallablethat are meant to run on the master (sent by agent/CLI/etc).Configuration for update site-provided warnings.Administrative monitor showing plugin/core warnings published by the configured update site to the user.Cache layer forUserDetailslookup.
BasicHeaderProcessor