Class User
- All Implemented Interfaces:
DescriptorByNameOwner
,ModelObject
,Saveable
,SearchableModelObject
,SearchItem
,AccessControlled
,Comparable<User>
,Loadable
,ModelObjectWithContextMenu
,org.kohsuke.stapler.StaplerProxy
In Hudson, User
objects are created in on-demand basis;
for example, when a build is performed, its change log is computed
and as a result commits from users who Hudson has never seen may be discovered.
When this happens, new User
object is created.
If the persisted record for an user exists, the information is loaded at
that point, but if there's no such record, a fresh instance is created from
thin air (this is where UserPropertyDescriptor.newInstance(User)
is
called to provide initial UserProperty
objects.
Such newly created User
objects will be simply GC-ed without
ever leaving the persisted record, unless save()
method
is explicitly invoked (perhaps as a result of a browser submitting a
configuration.)
- Author:
- Kohsuke Kawaguchi
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
static class
Resolves User IDs by ID, full names or other strings.static class
Resolve user ID from full namestatic class
Tries to verify if an ID is valid.Nested classes/interfaces inherited from interface jenkins.model.ModelObjectWithContextMenu
ModelObjectWithContextMenu.ContextMenu, ModelObjectWithContextMenu.ContextMenuVisibility, ModelObjectWithContextMenu.MenuItem, ModelObjectWithContextMenu.MenuItemType
-
Field Summary
Modifier and TypeFieldDescriptionstatic boolean
Jenkins now refuses to let the user login if he/she doesn't exist inSecurityRealm
, which was necessary to make sure users removed from the backend will get removed from the frontend.static boolean
Jenkins historically created a (usually) ephemeral user record when an user with Overall/Administer permission accesses a /user/arbitraryName URL.static boolean
Escape hatch for StaplerProxy-based access controlstatic final XStream2
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addProperties
(List<UserProperty> multipleProperties) ExpandaddProperty(UserProperty)
for multiple properties to be done at once.void
Updates the user object by adding a property.boolean
With ADMINISTER permission, can delete users with persisted data but can't delete self.static void
clear()
Deprecated.removed without replacementint
static User
current()
Gets theUser
object representing the currently logged-in user, or null if the current user is anonymous.void
delete()
Deletes the data directory and removes this user from Hudson.doContextMenu
(org.kohsuke.stapler.StaplerRequest2 request, org.kohsuke.stapler.StaplerResponse2 response) Generates the context menu.void
doDoDelete
(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) Deletes this user from Hudson.void
doRssAll
(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) void
doRssFailed
(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) void
doRssLatest
(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) void
doSubmitDescription
(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) Accepts the new description.static User
Deprecated.This method is deprecated, because it causes unexpectedUser
creation by API usage code and causes performance degradation of used to retrieve users by ID.static User
Deprecated.static User
Gets theUser
object by its id or full name.static User
Deprecated.static User
get2
(org.springframework.security.core.Authentication a) Gets theUser
object representing the suppliedAuthentication
ornull
if the suppliedAuthentication
is either anonymous ornull
The URL of the user page.getACL()
Obtains the ACL associated with this object.static Collection<User>
getAll()
Gets all the users.List of allUserProperty
s exposed primarily for the remoting API.getApi()
Exposed remote API.Checks for authorities (groups) associated with this user.Searches for builds which include changes by this user or which were triggered by this user.static User
Gets theUser
object by itsid
Returns the user name.getDynamic
(String token) Gets the human readable name of this user.getId()
static User
getOrCreateByIdOrFullName
(String idOrFullName) Get the user by ID or Full Name.Set<AbstractProject<?,
?>> Gets all theAbstractProject
s that this user has committed to.Gets the user properties configured for this user.<T extends UserProperty>
TgetProperty
(Class<T> clazz) Gets the specific property, or null.Return all properties that are also actions.Returns the URL of this item relative to the parentSearchItem
.Return all transient actions associated with this user.static User
Gets the fallback "unknown" user instance.getUrl()
Deprecated.org.springframework.security.core.userdetails.UserDetails
This method checks withSecurityRealm
if the user is a valid user that can login to the security realm.Returns the folder that store all the user information.static IdStrategy
Returns theIdStrategy
for use withUser
instances.Deprecated.useimpersonate2()
org.springframework.security.core.Authentication
impersonate
(org.springframework.security.core.userdetails.UserDetails userDetails) Creates anAuthentication
object that represents this user using the given userDetailsorg.springframework.security.core.Authentication
Creates anAuthentication
object that represents this user.static boolean
Is the ID allowed? Some are prohibited for security reasons.void
load()
Loads the state of this object from disk.static void
rekey()
Called when changing theIdStrategy
.static void
reload()
Called fromJenkins.reload()
.void
save()
Save the user configuration.void
setDescription
(String description) Sets the description of the user.void
setFullName
(String name) Sets the human readable name of the user.toString()
Methods inherited from class hudson.model.AbstractModelObject
getSearch, getSearchIndex, getSearchName, makeSearchIndex, requirePOST, sendError, sendError, sendError, sendError, sendError, sendError, sendError, sendError
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface hudson.security.AccessControlled
checkAnyPermission, checkPermission, hasAnyPermission, hasPermission, hasPermission, hasPermission2
Methods inherited from interface hudson.model.DescriptorByNameOwner
getDescriptorByName
Methods inherited from interface jenkins.model.ModelObjectWithContextMenu
doContextMenu
-
Field Details
-
XSTREAM
-
SKIP_PERMISSION_CHECK
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static boolean SKIP_PERMISSION_CHECKEscape hatch for StaplerProxy-based access control -
ALLOW_NON_EXISTENT_USER_TO_LOGIN
public static boolean ALLOW_NON_EXISTENT_USER_TO_LOGINJenkins now refuses to let the user login if he/she doesn't exist inSecurityRealm
, which was necessary to make sure users removed from the backend will get removed from the frontend.Unfortunately this infringed some legitimate use cases of creating Jenkins-local users for automation purposes. This escape hatch switch can be enabled to resurrect that behaviour.
See JENKINS-22346.
-
ALLOW_USER_CREATION_VIA_URL
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static boolean ALLOW_USER_CREATION_VIA_URLJenkins historically created a (usually) ephemeral user record when an user with Overall/Administer permission accesses a /user/arbitraryName URL.Unfortunately this constitutes a CSRF vulnerability, as malicious users can make admins create arbitrary numbers of ephemeral user records, so the behavior was changed in Jenkins 2.44 / 2.32.2.
As some users may be relying on the previous behavior, setting this to true restores the previous behavior. This is not recommended.
SECURITY-406.
-
-
Method Details
-
load
public void load()Description copied from interface:Loadable
Loads the state of this object from disk. -
idStrategy
- Returns:
- the
IdStrategy
for use withUser
instances. - Since:
- 1.566
-
compareTo
- Specified by:
compareTo
in interfaceComparable<User>
-
getId
-
getUrl
-
getSearchUrl
Description copied from interface:SearchItem
Returns the URL of this item relative to the parentSearchItem
.- Specified by:
getSearchUrl
in interfaceSearchItem
- Returns:
- URL like "foo" or "foo/bar". The path can end with '/'. The path that starts with '/' will be interpreted as the absolute path (within the context path of Jenkins.)
-
getSearchIcon
- Specified by:
getSearchIcon
in interfaceSearchItem
-
getAbsoluteUrl
The URL of the user page. -
getFullName
Gets the human readable name of this user. This is configurable by the user. -
setFullName
Sets the human readable name of the user. If the input parameter is empty, the user's ID will be set. -
getDescription
-
setDescription
Sets the description of the user.- Since:
- 1.609
-
getProperties
Gets the user properties configured for this user. -
addProperty
Updates the user object by adding a property.- Throws:
IOException
-
addProperties
ExpandaddProperty(UserProperty)
for multiple properties to be done at once. Expected to be used by the categorized configuration pages to update part of the properties. The properties not included in the list will be let untouched. It will call theUserProperty.setUser(User)
method and at the end,save()
once.- Throws:
IOException
- Since:
- 2.468
-
getAllProperties
List of allUserProperty
s exposed primarily for the remoting API. -
getProperty
Gets the specific property, or null. -
impersonate2
@NonNull public org.springframework.security.core.Authentication impersonate2() throws org.springframework.security.core.userdetails.UsernameNotFoundExceptionCreates anAuthentication
object that represents this user.This method checks with
SecurityRealm
if the user is a valid user that can login to the security realm. IfSecurityRealm
is a kind that does not support querying information about other users, this will useLastGrantedAuthoritiesProperty
to pick up the granted authorities as of the last time the user has logged in.- Throws:
org.springframework.security.core.userdetails.UsernameNotFoundException
- If this user is not a valid user in the backendSecurityRealm
.- Since:
- 2.266
-
impersonate
Deprecated.useimpersonate2()
- Throws:
UsernameNotFoundException
- Since:
- 1.419
-
getUserDetailsForImpersonation2
@NonNull public org.springframework.security.core.userdetails.UserDetails getUserDetailsForImpersonation2() throws org.springframework.security.core.userdetails.UsernameNotFoundExceptionThis method checks withSecurityRealm
if the user is a valid user that can login to the security realm. IfSecurityRealm
is a kind that does not support querying information about other users, this will useLastGrantedAuthoritiesProperty
to pick up the granted authorities as of the last time the user has logged in.- Returns:
- userDetails for the user, in case he's not found but seems legitimate, we provide a userDetails with minimum access
- Throws:
org.springframework.security.core.userdetails.UsernameNotFoundException
- If this user is not a valid user in the backendSecurityRealm
.- Since:
- 2.266
-
getUserDetailsForImpersonation
@Deprecated @NonNull public UserDetails getUserDetailsForImpersonation() throws UsernameNotFoundExceptionDeprecated.- Throws:
UsernameNotFoundException
-
impersonate
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @NonNull public org.springframework.security.core.Authentication impersonate(@NonNull org.springframework.security.core.userdetails.UserDetails userDetails) Creates anAuthentication
object that represents this user using the given userDetails- Parameters:
userDetails
- Provided bygetUserDetailsForImpersonation2()
.- See Also:
-
doSubmitDescription
public void doSubmitDescription(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException Accepts the new description.- Throws:
IOException
-
getUnknown
Gets the fallback "unknown" user instance.This is used to avoid null
User
instance. -
get
Deprecated.Gets theUser
object by its id or full name.- Parameters:
create
- If true, this method will never return null for valid input (by creating a newUser
object if none exists.) If false, this method will return null ifUser
object with the given name doesn't exist.- Returns:
- Requested user. May be
null
if a user does not exist andcreate
is false.
-
get
Gets theUser
object by its id or full name.In order to resolve the user ID, the method invokes
User.CanonicalIdResolver
extension points. Note that it may cause significant performance degradation. If you are sure the passed value is a User ID, it is recommended to usegetById(String, boolean)
.- Parameters:
create
- If true, this method will never return null for valid input (by creating a newUser
object if none exists.) If false, this method will return null ifUser
object with the given name doesn't exist.context
- contextual environment this user idOfFullName was retrieved from, that can help resolve the user ID- Returns:
- An existing or created user. May be
null
if a user does not exist andcreate
is false.
-
get
Deprecated.This method is deprecated, because it causes unexpectedUser
creation by API usage code and causes performance degradation of used to retrieve users by ID. UsegetById(java.lang.String, boolean)
when you know you have an ID. Otherwise usegetOrCreateByIdOrFullName(String)
orget(String, boolean, Map)
.Gets theUser
object by its id or full name.Creates a user on-demand.
Use
getById(java.lang.String, boolean)
when you know you have an ID. In this method Jenkins will try to resolve theUser
by full name with help of variousUserNameResolver
. This is slow (see JENKINS-23281). -
getOrCreateByIdOrFullName
Get the user by ID or Full Name.If the user does not exist, creates a new one on-demand.
Use
getById(java.lang.String, boolean)
when you know you have an ID. In this method Jenkins will try to resolve theUser
by full name with help of variousUserNameResolver
. This is slow (see JENKINS-23281).- Parameters:
idOrFullName
- User ID or full name- Returns:
- User instance. It will be created on-demand.
- Since:
- 2.91
-
current
Gets theUser
object representing the currently logged-in user, or null if the current user is anonymous.- Since:
- 1.172
-
get2
@CheckForNull public static User get2(@CheckForNull org.springframework.security.core.Authentication a) Gets theUser
object representing the suppliedAuthentication
ornull
if the suppliedAuthentication
is either anonymous ornull
- Parameters:
a
- the suppliedAuthentication
.- Returns:
- a
User
object for the suppliedAuthentication
ornull
- Since:
- 2.266
-
get
Deprecated.- Since:
- 1.609
-
getById
Gets theUser
object by itsid
- Parameters:
id
- the id of the user to retrieve and optionally create if it does not exist.create
- Iftrue
, this method will never returnnull
for valid input (by creating a newUser
object if none exists.) Iffalse
, this method will returnnull
ifUser
object with the given id doesn't exist.- Returns:
- the a User whose id is
id
, ornull
ifcreate
isfalse
and the user does not exist. - Since:
- 1.651.2 / 2.3
-
getAll
Gets all the users. -
reload
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) public static void reload() throws IOExceptionCalled fromJenkins.reload()
.- Throws:
IOException
-
rekey
public static void rekey()Called when changing theIdStrategy
.- Since:
- 1.566
-
getDisplayName
Returns the user name.- Specified by:
getDisplayName
in interfaceModelObject
-
getBuilds
Searches for builds which include changes by this user or which were triggered by this user. -
getProjects
Gets all theAbstractProject
s that this user has committed to.- Since:
- 1.191
-
toString
-
clear
Deprecated.removed without replacementCalled by tests in the JTH. Otherwise this shouldn't be called. Even in the tests this usage is questionable. -
getUserFolder
Returns the folder that store all the user information. Useful for plugins to save a user-specific file aside the config.xml. Exposes implementation details that may be subject to change.- Returns:
- The folder containing the user configuration files or
null
if the user was not yet saved. - Since:
- 2.129
-
isIdOrFullnameAllowed
Is the ID allowed? Some are prohibited for security reasons. See SECURITY-166.Note that this is only enforced when saving. These users are often created via the constructor (and even listed on /asynchPeople), but our goal is to prevent anyone from logging in as these users. Therefore, we prevent saving a User with one of these ids.
- Parameters:
id
- ID to be checked- Returns:
true
if the username or fullname is valid. Fornull
or blank IDs returnsfalse
.- Since:
- 1.600
-
save
Save the user configuration.- Specified by:
save
in interfaceSaveable
- Throws:
IOException
- if the persistence failed.
-
delete
Deletes the data directory and removes this user from Hudson.- Throws:
IOException
- if we fail to delete.
-
getApi
Exposed remote API. -
doDoDelete
public void doDoDelete(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException Deletes this user from Hudson.- Throws:
IOException
-
doRssAll
public void doRssAll(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
doRssFailed
public void doRssFailed(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
doRssLatest
public void doRssLatest(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
getACL
Description copied from interface:AccessControlled
Obtains the ACL associated with this object.- Specified by:
getACL
in interfaceAccessControlled
- Returns:
- never null.
-
canDelete
public boolean canDelete()With ADMINISTER permission, can delete users with persisted data but can't delete self. -
getAuthorities
Checks for authorities (groups) associated with this user. If the caller lacksJenkins.ADMINISTER
, or any problems arise, returns an empty list.SecurityRealm.AUTHENTICATED_AUTHORITY2
and the username, if present, are omitted.- Returns:
- a possibly empty list
- Since:
- 1.498
-
getDynamic
-
getPropertyActions
Return all properties that are also actions.- Returns:
- the list can be empty but never null. read only.
-
getTransientActions
Return all transient actions associated with this user.- Returns:
- the list can be empty but never null. read only.
-
doContextMenu
public ModelObjectWithContextMenu.ContextMenu doContextMenu(org.kohsuke.stapler.StaplerRequest2 request, org.kohsuke.stapler.StaplerResponse2 response) throws Exception Description copied from interface:ModelObjectWithContextMenu
Generates the context menu. The typical implementation isreturn new ContextMenu().from(this,request,response);
, which implements the default behaviour. SeeModelObjectWithContextMenu.ContextMenu.from(ModelObjectWithContextMenu, StaplerRequest2, StaplerResponse2)
for more details of what it does. This should suit most implementations.- Specified by:
doContextMenu
in interfaceModelObjectWithContextMenu
- Throws:
Exception
-
getTarget
- Specified by:
getTarget
in interfaceorg.kohsuke.stapler.StaplerProxy
-