hudson.security.ACL类的使用及代码示例

x33g5p2x  于11个月前 转载在 其他  
字(10.0k)|赞(0)|评价(0)|浏览(43)

本文整理了Java中hudson.security.ACL类的一些代码示例,展示了ACL类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ACL类的具体详情如下:
包路径:hudson.security.ACL
类名称:ACL

ACL介绍

[英]Gate-keeper that controls access to Hudson's model objects.
[中]控制对哈德逊模型对象访问的门卫。

代码示例

代码示例来源:origin: jenkinsci/jenkins

/**
 * Safer variant of {@link #impersonate(Authentication)} that does not require a finally-block.
 * @param auth authentication, such as {@link #SYSTEM}
 * @param body an action to run with this alternate authentication in effect
 * @since 1.509
 * @deprecated use try with resources and {@link #as(Authentication)}
 */
@Deprecated
public static void impersonate(@Nonnull Authentication auth, @Nonnull Runnable body) {
  SecurityContext old = impersonate(auth);
  try {
    body.run();
  } finally {
    SecurityContextHolder.setContext(old);
  }
}

代码示例来源:origin: jenkinsci/jenkins

/**
 * Convenient short-cut for {@code getACL().hasPermission(a, permission)}
 * @since 2.92
 */
default boolean hasPermission(@Nonnull Authentication a, @Nonnull Permission permission) {
  if (a == ACL.SYSTEM) {
    return true;
  }
  return getACL().hasPermission(a, permission);
}

代码示例来源:origin: jenkinsci/jenkins

/**
 * Convenient short-cut for {@code getACL().checkPermission(permission)}
 */
default void checkPermission(@Nonnull Permission permission) throws AccessDeniedException {
  getACL().checkPermission(permission);
}

代码示例来源:origin: jenkinsci/jenkins

@Override
@Nonnull
public ACL getACL() {
  ACL base = Jenkins.get().getAuthorizationStrategy().getACL(this);
  // always allow a non-anonymous user full control of himself.
  return ACL.lambda((a, permission) -> (idStrategy().equals(a.getName(), id) && !(a instanceof AnonymousAuthenticationToken))
      || base.hasPermission(a, permission));
}

代码示例来源:origin: jenkinsci/jenkins

/**
 * Implementation can choose to provide different ACL for different views.
 * This can be used as a basis for more fine-grained access control.
 *
 * <p>
 * The default implementation makes the view visible if any of the items are visible
 * or the view is configurable.
 *
 * @since 1.220
 */
public @Nonnull ACL getACL(final @Nonnull View item) {
  return ACL.lambda((a, permission) -> {
      ACL base = item.getOwner().getACL();
      boolean hasPermission = base.hasPermission(a, permission);
      if (!hasPermission && permission == View.READ) {
        return base.hasPermission(a,View.CONFIGURE) || !item.getItems().isEmpty();
      }
      return hasPermission;
  });
}

代码示例来源:origin: jenkinsci/jenkins

@Override
@Restricted(NoExternalUse.class)
public Object getTarget() {
  if (!SKIP_PERMISSION_CHECK) {
    if (!getACL().hasPermission(Item.DISCOVER)) {
      return null;
    }
    getACL().checkPermission(Item.READ);
  }
  return this;
}

代码示例来源:origin: jenkinsci/jenkins

/**
 * Checks if the current security principal has this permission.
 *
 * @return false
 *      if the user doesn't have the permission.
 */
public final boolean hasPermission(@Nonnull Permission p) {
  Authentication a = Jenkins.getAuthentication();
  if (a == SYSTEM) {
    return true;
  }
  return hasPermission(a, p);
}

代码示例来源:origin: org.jenkins-ci.plugins/credentials

@Override
  public boolean hasPermission(@Nonnull Authentication a, @Nonnull Permission permission) {
    return user.equals(User.get(a.getName())) && user.getACL().hasPermission(a, permission);
  }
};

代码示例来源:origin: jenkinsci/jenkins

/**
 * Changes the {@link Authentication} associated with the current thread to the specified one and returns an
 * {@link AutoCloseable} that restores the previous security context.
 *
 * <p>
 * This makes impersonation much easier within code as it can now be used using the try with resources construct:
 * <pre>
 *     try (ACLContext ctx = ACL.as(auth)) {
 *        ...
 *     }
 * </pre>
 *
 * @param user the user to impersonate.
 * @return the previous authentication context
 * @since 2.14
 */
@Nonnull
public static ACLContext as(@CheckForNull User user) {
  return as(user == null ? Jenkins.ANONYMOUS : user.impersonate());
}

代码示例来源:origin: jenkinsci/jenkins

private static boolean canDiscoverItem(@Nonnull final String fullName) {
  final Jenkins jenkins = Jenkins.getInstance();
    item = jenkins.getItemByFullName(fullName);
  } catch (AccessDeniedException ex) {
  final Authentication userAuth = Jenkins.getAuthentication();
  try (ACLContext acl = ACL.as(ACL.SYSTEM)) {
    final Item itemBySystemUser = jenkins.getItemByFullName(fullName);
    if (itemBySystemUser == null) {

代码示例来源:origin: jenkinsci/jenkins

/**
 * Securely check for the existence of an item before trying to create one with the same name.
 * @param parent the folder where we are about to create/rename/move an item
 * @param newName the proposed new name
 * @param variant if not null, an existing item which we accept could be there
 * @throws IllegalArgumentException if there is already something there, which you were supposed to know about
 * @throws Failure if there is already something there but you should not be told details
 */
static void verifyItemDoesNotAlreadyExist(@Nonnull ItemGroup<?> parent, @Nonnull String newName, @CheckForNull Item variant) throws IllegalArgumentException, Failure {
  Item existing;
  try (ACLContext ctxt = ACL.as(ACL.SYSTEM)) {
    existing = parent.getItem(newName);
  }
  if (existing != null && existing != variant) {
    if (existing.hasPermission(Item.DISCOVER)) {
      String prefix = parent.getFullName();
      throw new IllegalArgumentException((prefix.isEmpty() ? "" : prefix + "/") + newName + " already exists");
    } else {
      // Cannot hide its existence, so at least be as vague as possible.
      throw new Failure("");
    }
  }
}

代码示例来源:origin: jenkinsci/jenkins

public void setChannel(@Nonnull Channel channel,
            @CheckForNull OutputStream launchLog,
            @CheckForNull Channel.Listener listener) throws IOException, InterruptedException {
  if (Util.isRelativePath(remoteFS)) {
    remoteFS = channel.call(new AbsolutePath(remoteFS));
    log.println("NOTE: Relative remote path resolved to: "+remoteFS);
  SecurityContext old = ACL.impersonate(ACL.SYSTEM);
  try {
    for (ComputerListener cl : ComputerListener.all()) {
    SecurityContextHolder.setContext(old);
  old = ACL.impersonate(ACL.SYSTEM);
  try {
    for (ComputerListener cl : ComputerListener.all()) {
    SecurityContextHolder.setContext(old);
  Jenkins.get().getQueue().scheduleMaintenance();

代码示例来源:origin: jenkinsci/jenkins

private void checkIfNameIsUsed(@Nonnull String newName) throws Failure {
  try {
    Item item = getParent().getItem(newName);
      throw new Failure(Messages.AbstractItem_NewNameInUse(newName));
    try (ACLContext ctx = ACL.as(ACL.SYSTEM)) {
      item = getParent().getItem(newName);
      if (item != null) {
      LOGGER.log(Level.FINE, "Unable to rename the job {0}: name {1} is already in use. " +
          "User {2} has {3} permission, but no {4} for existing job with the same name",
          new Object[] {this.getFullName(), newName, User.current(), Item.DISCOVER.name, Item.READ.name} );

代码示例来源:origin: jenkinsci/jenkins

private boolean shouldTrigger(Run upstreamBuild, TaskListener listener) {
  Jenkins jenkins = Jenkins.getInstance();
  if (job == null) {
    return false;
    downstreamVisible = jenkins.getItemByFullName(job.getFullName()) == job;
  } catch (AccessDeniedException ex) {
  Authentication originalAuth = Jenkins.getAuthentication();
  Job upstream = upstreamBuild.getParent();
  Authentication auth = Tasks.getAuthenticationOf((Queue.Task) job);
  SecurityContext orig = ACL.impersonate(auth);
  Item authUpstream = null;
  try {
    SecurityContextHolder.setContext(orig);

代码示例来源:origin: jenkinsci/jenkins

public void build() {
  // Set full privileges while computing to avoid missing any projects the current user cannot see.
  SecurityContext saveCtx = ACL.impersonate(ACL.SYSTEM);
  try {
    this.computationalData = new HashMap<Class<?>, Object>();
    for( AbstractProject p : Jenkins.getInstance().allItems(AbstractProject.class) )
      p.buildDependencyGraph(this);
    forward = finalize(forward);
    backward = finalize(backward);
    topologicalDagSort();
    this.computationalData = null;
    built = true;
  } finally {
    SecurityContextHolder.setContext(saveCtx);
  }
}

代码示例来源:origin: org.jenkins-ci.main/jenkins-core

StringTokenizer tokens = new StringTokenizer(Util.fixNull(value),",");
boolean hasProjects = false;
while(tokens.hasMoreTokens()) {
  String projectName = tokens.nextToken().trim();
  if (StringUtils.isNotBlank(projectName)) {
    Item item = Jenkins.getInstance().getItem(projectName,project,Item.class);
    if (item == null) {
      Job<?, ?> nearest = Items.findNearest(Job.class, projectName, project.getParent());
      String alternative = nearest != null ? nearest.getRelativeNameFrom(project) : "?";
      return FormValidation.error(Messages.BuildTrigger_NoSuchProject(projectName, alternative));
    if (!item.getACL().hasPermission(auth, Item.BUILD)) {
      return FormValidation.error(Messages.BuildTrigger_you_have_no_permission_to_build_(projectName));

代码示例来源:origin: jenkinsci/jenkins

private static void remove(Saveable obj, boolean isDelete) {
  Jenkins j = Jenkins.getInstance();
  OldDataMonitor odm = get(j);
  SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
  try {
    odm.data.remove(referTo(obj));
    if (isDelete && obj instanceof Job<?, ?>) {
      for (Run r : ((Job<?, ?>) obj).getBuilds()) {
        odm.data.remove(referTo(r));
      }
    }
  } finally {
    SecurityContextHolder.setContext(oldContext);
  }
}

代码示例来源:origin: jenkinsci/gitlab-plugin

private void checkPermission(Permission permission) {
  if (((GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class)).isUseAuthenticatedEndpoint()) {
    if (!Jenkins.getActiveInstance().getACL().hasPermission(authentication, permission)) {
      String message = Messages.AccessDeniedException2_MissingPermission(authentication.getName(), permission.group.title+"/"+permission.name);
      LOGGER.finest("Unauthorized (Did you forget to add API Token to the web hook ?)");
      throw HttpResponses.errorWithoutStack(403, message);
    }
  }
}

代码示例来源:origin: jenkinsci/jenkins

SecurityContext context = ACL.impersonate(ACL.SYSTEM);
try {
  int result = 0;
  for (TopLevelItem topLevelItem : Jenkins.getInstance().getItemMap().values()) {
    if (topLevelItem instanceof AbstractProject) {
      final AbstractProject project = (AbstractProject) topLevelItem;
  SecurityContextHolder.setContext(context);

代码示例来源:origin: jenkinsci/jenkins

/**
 * Checks if the current user (for which we are processing the current request)
 * has the admin access.
 *
 * @deprecated since 2007-12-18.
 *      This method is deprecated when Hudson moved from simple Unix root-like model
 *      of "admin gets to do everything, and others don't have any privilege" to more
 *      complex {@link hudson.security.ACL} and {@link hudson.security.Permission} based scheme.
 *
 *      <p>
 *      For a quick migration, use {@code Hudson.getInstance().getACL().hasPermission(Hudson.ADMINISTER)}
 *      To check if the user has the 'administer' role in Hudson.
 *
 *      <p>
 *      But ideally, your plugin should first identify a suitable {@link hudson.security.Permission} (or create one,
 *      if appropriate), then identify a suitable {@link hudson.security.AccessControlled} object to check its permission
 *      against.
 */
@Deprecated
public static boolean isAdmin() {
  return Jenkins.getInstance().getACL().hasPermission(ADMINISTER);
}

相关文章