Class ACL

  • Direct Known Subclasses:
    SidACL

    public abstract class ACL
    extends Object
    Gate-keeper that controls access to Hudson's model objects.
    Author:
    Kohsuke Kawaguchi
    • Field Detail

      • EVERYONE

        public static final Sid EVERYONE
        Special Sid that represents "everyone", even including anonymous users.

        This doesn't need to be included in Authentication.getAuthorities(), but ACL is responsible for checking it nonetheless, as if it was the last entry in the granted authority.

      • ANONYMOUS_USERNAME

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        public static final String ANONYMOUS_USERNAME
        The username for the anonymous user
        See Also:
        Constant Field Values
      • ANONYMOUS

        public static final Sid ANONYMOUS
        Sid that represents the anonymous unauthenticated users.

        HudsonFilter sets this up, so this sid remains the same regardless of the current SecurityRealm in use.

      • SYSTEM_USERNAME

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        public static final String SYSTEM_USERNAME
        The username for the system user
        See Also:
        Constant Field Values
      • SYSTEM2

        public static final org.springframework.security.core.Authentication SYSTEM2
        Sid that represents the Hudson itself.

        This is used when Hudson is performing computation for itself, instead of acting on behalf of an user, such as doing builds.

        Since:
        2.266
    • Constructor Detail

      • ACL

        public ACL()
    • Method Detail

      • checkPermission

        public final void checkPermission​(@NonNull
                                          Permission p)
        Checks if the current security principal has this permission.

        This is just a convenience function.

        Throws:
        org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
      • checkAnyPermission

        public final void checkAnyPermission​(@NonNull
                                             Permission... permissions)
        Checks if the current security principal has one of the supplied permissions. This is just a convenience function.
        Throws:
        org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
        IllegalArgumentException - if no permissions are provided
        Since:
        2.222
      • hasPermission

        public final boolean hasPermission​(@NonNull
                                           Permission p)
        Checks if the current security principal has this permission.
        Returns:
        false if the user doesn't have the permission.
      • hasAnyPermission

        public final boolean hasAnyPermission​(@NonNull
                                              Permission... permissions)
        Checks if the current security principal has any of the permissions.
        Returns:
        false if the user doesn't have one of the required permissions.
        Throws:
        IllegalArgumentException - if no permissions are provided
      • hasPermission2

        public boolean hasPermission2​(@NonNull
                                      org.springframework.security.core.Authentication a,
                                      @NonNull
                                      Permission permission)
        Checks if the given principle has the given permission.

        Note that SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it has every permission.

        Since:
        2.266
      • lambda2

        public static ACL lambda2​(BiFunction<org.springframework.security.core.Authentication,​Permission,​Boolean> impl)
        Creates a simple ACL implementation based on a “single-abstract-method” easily implemented via lambda syntax.
        Parameters:
        impl - the implementation of hasPermission2(Authentication, Permission)
        Returns:
        an adapter to that lambda
        Since:
        2.266
      • checkCreatePermission

        public final void checkCreatePermission​(@NonNull
                                                ItemGroup c,
                                                @NonNull
                                                TopLevelItemDescriptor d)
        Checks if the current security principal has the permission to create top level items within the specified item group.

        This is just a convenience function.

        Parameters:
        c - the container of the item.
        d - the descriptor of the item to be created.
        Throws:
        org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
        Since:
        1.607
      • hasCreatePermission2

        public boolean hasCreatePermission2​(@NonNull
                                            org.springframework.security.core.Authentication a,
                                            @NonNull
                                            ItemGroup c,
                                            @NonNull
                                            TopLevelItemDescriptor d)
        Checks if the given principal has the permission to create top level items within the specified item group.

        Note that SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it can create anything anywhere.

        Parameters:
        a - the principal.
        c - the container of the item.
        d - the descriptor of the item to be created.
        Returns:
        false if the user doesn't have the permission.
        Since:
        2.266
      • checkCreatePermission

        public final void checkCreatePermission​(@NonNull
                                                ViewGroup c,
                                                @NonNull
                                                ViewDescriptor d)
        Checks if the current security principal has the permission to create views within the specified view group.

        This is just a convenience function.

        Parameters:
        c - the container of the item.
        d - the descriptor of the view to be created.
        Throws:
        org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
        Since:
        1.607
      • hasCreatePermission2

        public boolean hasCreatePermission2​(@NonNull
                                            org.springframework.security.core.Authentication a,
                                            @NonNull
                                            ViewGroup c,
                                            @NonNull
                                            ViewDescriptor d)
        Checks if the given principal has the permission to create views within the specified view group.

        Note that SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it can create anything anywhere.

        Parameters:
        a - the principal.
        c - the container of the view.
        d - the descriptor of the view to be created.
        Returns:
        false if the user doesn't have the permission.
        Since:
        2.266
      • impersonate2

        @Deprecated
        @NonNull
        public static org.springframework.security.core.context.SecurityContext impersonate2​(@NonNull
                                                                                             org.springframework.security.core.Authentication auth)
        Deprecated.
        use try with resources and as2(Authentication)
        Changes the Authentication associated with the current thread to the specified one, and returns the previous security context.

        When the impersonation is over, be sure to restore the previous authentication via SecurityContextHolder.setContext(returnValueFromThisMethod); or just use impersonate2(Authentication, Runnable).

        We need to create a new SecurityContext instead of SecurityContext.setAuthentication(Authentication) because the same SecurityContext object is reused for all the concurrent requests from the same session.

        Since:
        2.266
      • impersonate2

        @Deprecated
        public static void impersonate2​(@NonNull
                                        org.springframework.security.core.Authentication auth,
                                        @NonNull
                                        Runnable body)
        Deprecated.
        use try with resources and as2(Authentication)
        Safer variant of impersonate2(Authentication) that does not require a finally-block.
        Parameters:
        auth - authentication, such as SYSTEM2
        body - an action to run with this alternate authentication in effect
        Since:
        2.266
      • as2

        @NonNull
        public static ACLContext as2​(@NonNull
                                     org.springframework.security.core.Authentication auth)
        Changes the Authentication associated with the current thread to the specified one and returns an AutoCloseable that restores the previous security context.

        This makes impersonation much easier within code as it can now be used using the try with resources construct:

             try (ACLContext ctx = ACL.as2(auth)) {
                ...
             }
         
        Parameters:
        auth - the new authentication.
        Returns:
        the previous authentication context
        Since:
        2.266
      • as

        @NonNull
        public static ACLContext as​(@CheckForNull
                                    User user)
        Changes the Authentication associated with the current thread to the specified one and returns an AutoCloseable that restores the previous security context.

        This makes impersonation much easier within code as it can now be used using the try with resources construct:

             try (ACLContext ctx = ACL.as2(auth)) {
                ...
             }
         
        Parameters:
        user - the user to impersonate.
        Returns:
        the previous authentication context
        Since:
        2.14
      • isAnonymous2

        public static boolean isAnonymous2​(@NonNull
                                           org.springframework.security.core.Authentication authentication)
        Checks if the given authentication is anonymous by checking its class.
        Since:
        2.266
        See Also:
        Jenkins.ANONYMOUS2, AnonymousAuthenticationToken