/** * Returns the {@link ACL} for this object. */ public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
/** * Returns the {@link ACL} for this object. */ public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Jenkins.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
/** * Returns the {@link ACL} for this object. * We need to override the identical method in AbstractItem because we won't * call getACL(Job) otherwise (single dispatch) */ @Override public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { return Jenkins.get().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
/** * Try to make this user a super-user */ private void tryToMakeAdmin(User u) { AuthorizationStrategy as = Jenkins.getInstance().getAuthorizationStrategy(); for (PermissionAdder adder : ExtensionList.lookup(PermissionAdder.class)) { if (adder.add(as, u, Jenkins.ADMINISTER)) { return; } } }
@Override @Nonnull public ACL getACL() { ACL base = Jenkins.get().getAuthorizationStrategy().getACL(this); // always allow a non-anonymous user full control of himself. return ACL.lambda((a, permission) -> (idStrategy().equals(a.getName(), id) && !(a instanceof AnonymousAuthenticationToken)) || base.hasPermission(a, permission)); }
@Test @ConfiguredWithCode("UnsecuredAuthorizationStrategyConfiguratorTest.yml") public void unsecured() throws Exception { assertSame(AuthorizationStrategy.UNSECURED, j.jenkins.getAuthorizationStrategy()); } }
@Test @ConfiguredWithCode("HeteroDescribable.yml") public void jenkins_abstract_describable_attributes() throws Exception { final Jenkins jenkins = Jenkins.getInstance(); assertTrue(jenkins.getSecurityRealm() instanceof HudsonPrivateSecurityRealm); assertTrue(jenkins.getAuthorizationStrategy() instanceof FullControlOnceLoggedInAuthorizationStrategy); assertFalse(((FullControlOnceLoggedInAuthorizationStrategy) jenkins.getAuthorizationStrategy()).isAllowAnonymousRead()); }
@Test @ConfiguredWithCode("HudsonPrivateSecurityRealmConfiguratorTest.yml") public void configure_local_security_and_admin_user() throws Exception { final Jenkins jenkins = Jenkins.getInstance(); final HudsonPrivateSecurityRealm securityRealm = (HudsonPrivateSecurityRealm) jenkins.getSecurityRealm(); assertFalse(securityRealm.allowsSignup()); final User admin = User.getById("admin", false); assertNotNull(admin); final HudsonPrivateSecurityRealm.Details details = admin.getProperty(HudsonPrivateSecurityRealm.Details.class); assertTrue(details.isPasswordCorrect("1234")); final FullControlOnceLoggedInAuthorizationStrategy authorizationStrategy = (FullControlOnceLoggedInAuthorizationStrategy) jenkins.getAuthorizationStrategy(); assertTrue(authorizationStrategy.isAllowAnonymousRead()); ConfiguratorRegistry registry = ConfiguratorRegistry.get(); ConfigurationContext context = new ConfigurationContext(registry); final Configurator c = context.lookupOrFail(HudsonPrivateSecurityRealm.class); final CNode node = c.describe(securityRealm, context); final Mapping user = node.asMapping().get("users").asSequence().get(0).asMapping(); assertEquals("admin", user.getScalarValue("id")); } }
/** * Provides the icon for the Manage Hudson page link * @return Path to the icon */ @Override public String getIconFileName() { String icon = null; // Only show this link if the role-based authorization strategy has been enabled if (Jenkins.getActiveInstance().getAuthorizationStrategy() instanceof RoleBasedAuthorizationStrategy) { icon = "secure.gif"; } return icon; }
/** * Returns the {@link ACL} for this object. */ public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
/** * Returns the {@link ACL} for this object. */ public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { final ACL base = Jenkins.getInstance().getAuthorizationStrategy().getACL(this); // always allow a non-anonymous user full control of himself. return new ACL() { public boolean hasPermission(Authentication a, Permission permission) { return (idStrategy().equals(a.getName(), id) && !(a instanceof AnonymousAuthenticationToken)) || base.hasPermission(a, permission); } }; }
/** * Returns the {@link ACL} for this object. * We need to override the identical method in AbstractItem because we won't * call getACL(Job) otherwise (single dispatch) */ @Override public ACL getACL() { return Jenkins.getInstance().getAuthorizationStrategy().getACL(this); }
/** * Try to make this user a super-user */ private void tryToMakeAdmin(User u) { AuthorizationStrategy as = Jenkins.getInstance().getAuthorizationStrategy(); for (PermissionAdder adder : ExtensionList.lookup(PermissionAdder.class)) { if (adder.add(as, u, Jenkins.ADMINISTER)) { return; } } }
/** * {@inheritDoc} */ public @Nonnull ACL getACL() { AccessControlled eventItem = getAccessControlled(); if (eventItem != null) { return eventItem.getACL(); } else { // TODO: Is the right thing to do? return Jenkins.getInstance().getAuthorizationStrategy().getRootACL(); } }
private void setAuth() { if (permissions.isEmpty()) return; JenkinsRule.DummySecurityRealm realm = rule.createDummySecurityRealm(); realm.addGroups(username, "group"); originalSecurityRealm = rule.jenkins.getSecurityRealm(); rule.jenkins.setSecurityRealm(realm); originalAuthorizationStrategy = rule.jenkins.getAuthorizationStrategy(); rule.jenkins.setAuthorizationStrategy(new GrantPermissions(username, permissions)); command.setTransportAuth(user().impersonate()); // Otherwise it is SYSTEM, which would be relevant for a command overriding main: originalSecurityContext = ACL.impersonate(Jenkins.ANONYMOUS); }