@Override public boolean isCollapsed(String paneId) { final HttpSession session = Stapler.getCurrentRequest().getSession(); return session.getAttribute(format(attribute, paneId)) != null; }
/** * Whether to show the upgrade wizard */ public boolean isShowUpgradeWizard() { HttpSession session = Stapler.getCurrentRequest().getSession(false); if(session != null) { return Boolean.TRUE.equals(session.getAttribute(SHOW_UPGRADE_WIZARD_FLAG)); } return false; } /**
@Override public boolean toggleCollapsed(String paneId) { final HttpSession session = Stapler.getCurrentRequest().getSession(); final String property = format(attribute, paneId); final Object collapsed = session.getAttribute(property); if (collapsed == null) { session.setAttribute(property, true); return true; } session.removeAttribute(property); return false; } }
/** * Validates the captcha. */ protected final boolean validateCaptcha(String text) { if (captchaSupport != null) { String id = Stapler.getCurrentRequest().getSession().getId(); return captchaSupport.validateCaptcha(id, text); } // If no Captcha Support then bogus validation always returns true return true; }
/** * Show the sign up page with the data from the identity. */ @Override public HttpResponse commenceSignup(final FederatedIdentity identity) { // store the identity in the session so that we can use this later Stapler.getCurrentRequest().getSession().setAttribute(FEDERATED_IDENTITY_SESSION_KEY,identity); return new ForwardToView(this,"signupWithFederatedIdentity.jelly") { @Override public void generateResponse(StaplerRequest req, StaplerResponse rsp, Object node) throws IOException, ServletException { SignupInfo si = new SignupInfo(identity); si.errorMessage = Messages.HudsonPrivateSecurityRealm_WouldYouLikeToSignUp(identity.getPronoun(),identity.getIdentifier()); req.setAttribute("data", si); super.generateResponse(req, rsp, node); } }; }
/** * Creates an account and associates that with the given identity. Used in conjunction * with {@link #commenceSignup}. */ @RequirePOST public User doCreateAccountWithFederatedIdentity(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { User u = _doCreateAccount(req,rsp,"signupWithFederatedIdentity.jelly"); if (u!=null) ((FederatedIdentity)req.getSession().getAttribute(FEDERATED_IDENTITY_SESSION_KEY)).addTo(u); return u; }
public String getProtectedPassword() { // put session Id in it to prevent a replay attack. return Protector.protect(Stapler.getCurrentRequest().getSession().getId()+':'+getPassword()); }
/** * Call this to hide the upgrade wizard */ public HttpResponse doHideUpgradeWizard() { Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); HttpSession session = Stapler.getCurrentRequest().getSession(false); if(session != null) { session.removeAttribute(SHOW_UPGRADE_WIZARD_FLAG); } return HttpResponses.redirectToContextRoot(); }
/** * Call this to show the upgrade wizard */ public HttpResponse doShowUpgradeWizard() throws Exception { Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); HttpSession session = Stapler.getCurrentRequest().getSession(true); session.setAttribute(SHOW_UPGRADE_WIZARD_FLAG, true); return HttpResponses.redirectToContextRoot(); }
&& request.getSession(false) != null) { from = (String) request.getSession().getAttribute("from"); } else if (request != null) { from = request.getParameter("from");
private void putUserSeedInSession(String username) { StaplerRequest req = Stapler.getCurrentRequest(); if (req == null) { // expected case: CLI // But also HudsonPrivateSecurityRealm because of a redirect from Acegi, the request is not a Stapler one return; } HttpSession session = req.getSession(false); if (session == null) { // expected case: CLI through CLIRegisterer return; } if (!UserSeedProperty.DISABLE_USER_SEED) { User user = User.getById(username, true); UserSeedProperty userSeed = user.getProperty(UserSeedProperty.class); if (userSeed == null) { // if you want to filter out the user seed property, you should consider using the DISABLE_USER_SEED instead return; } String sessionSeed = userSeed.getSeed(); // normally invalidated before session.setAttribute(UserSeedProperty.USER_SESSION_SEED, sessionSeed); } } }
/** * Lets the current user silently login as the given user and report back accordingly. */ @SuppressWarnings("ACL.impersonate") private void loginAndTakeBack(StaplerRequest req, StaplerResponse rsp, User u) throws ServletException, IOException { HttpSession session = req.getSession(false); if (session != null) { // avoid session fixation session.invalidate(); } req.getSession(true); // ... and let him login Authentication a = new UsernamePasswordAuthenticationToken(u.getId(),req.getParameter("password1")); a = this.getSecurityComponents().manager.authenticate(a); SecurityContextHolder.getContext().setAuthentication(a); SecurityListener.fireLoggedIn(u.getId()); // then back to top req.getView(this,"success.jelly").forward(req,rsp); }
/** * Generates a captcha image. */ public final void doCaptcha(StaplerRequest req, StaplerResponse rsp) throws IOException { if (captchaSupport != null) { String id = req.getSession().getId(); rsp.setContentType("image/png"); // source: https://stackoverflow.com/a/3414217 rsp.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); rsp.setHeader("Pragma", "no-cache"); rsp.setHeader("Expires", "0"); captchaSupport.generateImage(id, rsp.getOutputStream()); } }
/** * Handles the logout processing. * * <p> * The default implementation erases the session and do a few other clean up, then * redirect the user to the URL specified by {@link #getPostLogOutUrl(StaplerRequest, Authentication)}. * * @since 1.314 */ public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { HttpSession session = req.getSession(false); if(session!=null) session.invalidate(); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); SecurityContextHolder.clearContext(); // reset remember-me cookie Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,""); cookie.setMaxAge(0); cookie.setSecure(req.isSecure()); cookie.setHttpOnly(true); cookie.setPath(req.getContextPath().length()>0 ? req.getContextPath() : "/"); rsp.addCookie(cookie); rsp.sendRedirect2(getPostLogOutUrl(req,auth)); }
@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { if (req == null) { // Should never happen, see newInstance() Javadoc throw new FormException("Stapler request is missing in the call", "staplerRequest"); } String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2= Util.fixEmpty(req.getParameter("user.password2")); if(!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) throw new FormException("Please confirm the password by typing it twice","user.password2"); String data = Protector.unprotect(pwd); if(data!=null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if(data.startsWith(prefix)) return Details.fromHashedPassword(data.substring(prefix.length())); } User user = Util.getNearestAncestorOfTypeOrThrow(req, User.class); // the UserSeedProperty is not touched by the configure page UserSeedProperty userSeedProperty = user.getProperty(UserSeedProperty.class); if (userSeedProperty != null) { userSeedProperty.renewSeed(); } return Details.fromPlainPassword(Util.fixNull(pwd)); }
SecurityContextHolder.getContext().setAuthentication(auth); HttpSession session = req.getSession(false); if (session != null) { HttpSession newSession = req.getSession(true);
private void handleBranchTabs(final String branch, final StaplerRequest req) { if ("all".equals(branch)) { req.getSession().removeAttribute("branchView" + this.getName()); } else { req.getSession().setAttribute("branchView" + this.getName(), branch); } }
/** * Validates the captcha. */ protected final boolean validateCaptcha(String text) { if (captchaSupport != null) { String id = Stapler.getCurrentRequest().getSession().getId(); return captchaSupport.validateCaptcha(id, text); } // If no Captcha Support then bogus validation always returns true return true; }
/** * Creates an account and associates that with the given identity. Used in conjunction * with {@link #commenceSignup}. */ @RequirePOST public User doCreateAccountWithFederatedIdentity(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { User u = _doCreateAccount(req,rsp,"signupWithFederatedIdentity.jelly"); if (u!=null) ((FederatedIdentity)req.getSession().getAttribute(FEDERATED_IDENTITY_SESSION_KEY)).addTo(u); return u; }
/** * Call this to hide the upgrade wizard */ public HttpResponse doHideUpgradeWizard() { Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); HttpSession session = Stapler.getCurrentRequest().getSession(false); if(session != null) { session.removeAttribute(SHOW_UPGRADE_WIZARD_FLAG); } return HttpResponses.redirectToContextRoot(); }