Package org.jenkinsci.plugins.authorizeproject.strategy

Class SpecificUsersAuthorizationStrategy

java.lang.Object

hudson.model.AbstractDescribableImpl<AuthorizeProjectStrategy>

org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy

org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy

All Implemented Interfaces:

ExtensionPoint, Describable<AuthorizeProjectStrategy>

public class SpecificUsersAuthorizationStrategy
extends AuthorizeProjectStrategy

Run builds as a user specified in project configuration pages.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SpecificUsersAuthorizationStrategy.DescriptorImpl	Our descriptor.

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Constructor Summary

Constructors

Constructor	Description
SpecificUsersAuthorizationStrategy(String userid)
SpecificUsersAuthorizationStrategy(String userid, boolean useApitoken, String apitoken, String password)

Method Summary

Modifier and Type	Method	Description
org.springframework.security.core.Authentication	authenticate(Job<?,?> project, Queue.Item item)	Run builds as a specified user.
protected static SpecificUsersAuthorizationStrategy	getCurrentStrategy(Job<?,?> project)	Return SpecificUsersAuthorizationStrategy configured in a project.
SpecificUsersAuthorizationStrategy.DescriptorImpl	getDescriptor()
String	getUserid()
boolean	hasAuthorizationConfigurePermission(AccessControlled context)	Tests if the authorization can be configured by the current user.
boolean	hasJobConfigurePermission(AccessControlled context)	Tests if the job can be reconfigured by the current user when this strategy is the configured strategy.
protected static boolean	isAuthenticationRequired(String userId)
boolean	isDontRestrictJobConfiguration()
protected Object	readResolve()	If we are being deserialized outside of loading the initial jobs (or reloading) then we need to cross check the strategy permissions to defend against somebody trying to push a configuration relating to a user other than themselves.
void	setDontRestrictJobConfiguration(boolean dontRestrictPermission)

Methods inherited from class org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy

all, checkAuthorizationConfigurePermission, checkJobConfigurePermission

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpecificUsersAuthorizationStrategy

public SpecificUsersAuthorizationStrategy(String userid)

SpecificUsersAuthorizationStrategy

@DataBoundConstructor
public SpecificUsersAuthorizationStrategy(String userid,
 boolean useApitoken,
 String apitoken,
 String password)
                                   throws org.springframework.security.access.AccessDeniedException

Throws:

org.springframework.security.access.AccessDeniedException

Method Details

getUserid

public String getUserid()

Returns:

id of the user to run builds as.

isDontRestrictJobConfiguration

public boolean isDontRestrictJobConfiguration()

Returns:

whether not to restrict job configuration

Since:

1.3.0

See Also:

• hasJobConfigurePermission(AccessControlled)

setDontRestrictJobConfiguration

@DataBoundSetter
public void setDontRestrictJobConfiguration(boolean dontRestrictPermission)

Parameters:

dontRestrictPermission - whether not to restrict job configuration

Since:

1.3.0

See Also:

• hasJobConfigurePermission(AccessControlled)

isAuthenticationRequired

protected static boolean isAuthenticationRequired(String userId)

getDescriptor

public SpecificUsersAuthorizationStrategy.DescriptorImpl getDescriptor()

Description copied from class: AuthorizeProjectStrategy

Specified by:

getDescriptor in interface Describable<AuthorizeProjectStrategy>

Overrides:

getDescriptor in class AuthorizeProjectStrategy

authenticate

public org.springframework.security.core.Authentication authenticate(Job<?,?> project,
 Queue.Item item)

Run builds as a specified user.

If the user is invalid, run as anonymous.

Specified by:

authenticate in class AuthorizeProjectStrategy

Parameters:

project - the project to run.

item - the item in queue, which will be a build.

Returns:

true if authentication was successful

See Also:

• AuthorizeProjectStrategy.authenticate(hudson.model.Job, hudson.model.Queue.Item)

hasJobConfigurePermission

public boolean hasJobConfigurePermission(AccessControlled context)

Tests if the job can be reconfigured by the current user when this strategy is the configured strategy. Users with Jenkins.ADMINISTER permission skips this check.

Overrides:

hasJobConfigurePermission in class AuthorizeProjectStrategy

Parameters:

context - the context of the job

Returns:

true if and only if the current user is allowed to reconfigure the specified job.

hasAuthorizationConfigurePermission

public boolean hasAuthorizationConfigurePermission(AccessControlled context)

Tests if the authorization can be configured by the current user. Users with Jenkins.ADMINISTER permission skips this check.

Overrides:

hasAuthorizationConfigurePermission in class AuthorizeProjectStrategy

Parameters:

context - the context of the job

Returns:

true if and only if the current user is allowed to configure this authorization.

getCurrentStrategy

protected static SpecificUsersAuthorizationStrategy getCurrentStrategy(Job<?,?> project)

Return SpecificUsersAuthorizationStrategy configured in a project.

readResolve

protected Object readResolve()
                      throws ObjectStreamException

If we are being deserialized outside of loading the initial jobs (or reloading) then we need to cross check the strategy permissions to defend against somebody trying to push a configuration relating to a user other than themselves.

Overrides:

readResolve in class AuthorizeProjectStrategy

Returns:

this

Throws:

ObjectStreamException - if the object cannot be deserialized.

See Also:

• AuthorizeProjectProperty.setStrategyCritical()