/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Jenkins.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Hudson.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Jenkins.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Hudson.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Hudson.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
/** * Servlet container can tie a {@link ServletRequest} to the request * handling thread, so we need to capture all the information upfront to * allow {@link Authentication} to be passed to other threads, like update * center does. See HUDSON-5382. * @param request */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal == null) { throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. } // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. for (String g : HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getGroups()) { if (request.isUserInRole(g)) { authorities.add(new GrantedAuthorityImpl(g)); } } authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY); }
if (activeDirectoryRealm.removeIrrelevantGroups) { Set<String> referencedGroups = new HashSet<>(); for (String group : jenkins.getAuthorizationStrategy().getGroups()) { referencedGroups.add(group.toLowerCase());