Package hudson.model

Class User

    • Field Detail

      • XSTREAM

        public static final XStream2 XSTREAM
      • SKIP_PERMISSION_CHECK

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        public static boolean SKIP_PERMISSION_CHECK
        Escape hatch for StaplerProxy-based access control
      • ALLOW_NON_EXISTENT_USER_TO_LOGIN

        public static boolean ALLOW_NON_EXISTENT_USER_TO_LOGIN
        Jenkins now refuses to let the user login if he/she doesn't exist in SecurityRealm, which was necessary to make sure users removed from the backend will get removed from the frontend.

        Unfortunately this infringed some legitimate use cases of creating Jenkins-local users for automation purposes. This escape hatch switch can be enabled to resurrect that behaviour.

        See JENKINS-22346.

      • ALLOW_USER_CREATION_VIA_URL

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        public static boolean ALLOW_USER_CREATION_VIA_URL
        Jenkins historically created a (usually) ephemeral user record when an user with Overall/Administer permission accesses a /user/arbitraryName URL.

        Unfortunately this constitutes a CSRF vulnerability, as malicious users can make admins create arbitrary numbers of ephemeral user records, so the behavior was changed in Jenkins 2.44 / 2.32.2.

        As some users may be relying on the previous behavior, setting this to true restores the previous behavior. This is not recommended.

        SECURITY-406.

    • Method Detail

      • load

        public void load()
        Description copied from interface: Loadable
        Loads the state of this object from disk.
        Specified by:
        load in interface Loadable
      • getId

        @Exported
        public String getId()
      • getUrl

        @NonNull
        public String getUrl()
      • getSearchUrl

        @NonNull
        public String getSearchUrl()
        Description copied from interface: SearchItem
        Returns the URL of this item relative to the parent SearchItem.
        Specified by:
        getSearchUrl in interface SearchItem
        Returns:
        URL like "foo" or "foo/bar". The path can end with '/'. The path that starts with '/' will be interpreted as the absolute path (within the context path of Jenkins.)
      • getAbsoluteUrl

        @Exported(visibility=999)
        @NonNull
        public String getAbsoluteUrl()
        The URL of the user page.
      • getFullName

        @Exported(visibility=999)
        @NonNull
        public String getFullName()
        Gets the human readable name of this user. This is configurable by the user.
      • setFullName

        public void setFullName​(String name)
        Sets the human readable name of the user. If the input parameter is empty, the user's ID will be set.
      • getDescription

        @Exported
        @CheckForNull
        public String getDescription()
      • setDescription

        public void setDescription​(String description)
        Sets the description of the user.
        Since:
        1.609
      • getAllProperties

        @Exported(name="property",
                  inline=true)
        public List<UserProperty> getAllProperties()
        List of all UserPropertys exposed primarily for the remoting API.
      • getProperty

        public <T extends UserProperty> T getProperty​(Class<T> clazz)
        Gets the specific property, or null.
      • impersonate2

        @NonNull
        public org.springframework.security.core.Authentication impersonate2()
                                                                      throws org.springframework.security.core.userdetails.UsernameNotFoundException
        Creates an Authentication object that represents this user.

        This method checks with SecurityRealm if the user is a valid user that can login to the security realm. If SecurityRealm is a kind that does not support querying information about other users, this will use LastGrantedAuthoritiesProperty to pick up the granted authorities as of the last time the user has logged in.

        Throws:
        org.springframework.security.core.userdetails.UsernameNotFoundException - If this user is not a valid user in the backend SecurityRealm.
        Since:
        2.266
      • getUserDetailsForImpersonation2

        @NonNull
        public org.springframework.security.core.userdetails.UserDetails getUserDetailsForImpersonation2()
                                                                                                  throws org.springframework.security.core.userdetails.UsernameNotFoundException
        This method checks with SecurityRealm if the user is a valid user that can login to the security realm. If SecurityRealm is a kind that does not support querying information about other users, this will use LastGrantedAuthoritiesProperty to pick up the granted authorities as of the last time the user has logged in.
        Returns:
        userDetails for the user, in case he's not found but seems legitimate, we provide a userDetails with minimum access
        Throws:
        org.springframework.security.core.userdetails.UsernameNotFoundException - If this user is not a valid user in the backend SecurityRealm.
        Since:
        2.266
      • impersonate

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        @NonNull
        public org.springframework.security.core.Authentication impersonate​(@NonNull
                                                                            org.springframework.security.core.userdetails.UserDetails userDetails)
        Creates an Authentication object that represents this user using the given userDetails
        Parameters:
        userDetails - Provided by getUserDetailsForImpersonation2().
        See Also:
        getUserDetailsForImpersonation2()
      • doSubmitDescription

        public void doSubmitDescription​(org.kohsuke.stapler.StaplerRequest req,
                                        org.kohsuke.stapler.StaplerResponse rsp)
                                 throws IOException
        Accepts the new description.
        Throws:
        IOException
      • getUnknown

        @NonNull
        public static User getUnknown()
        Gets the fallback "unknown" user instance.

        This is used to avoid null User instance.

      • get

        @Deprecated
        @Nullable
        public static User get​(String idOrFullName,
                               boolean create)
        Gets the User object by its id or full name.
        Parameters:
        create - If true, this method will never return null for valid input (by creating a new User object if none exists.) If false, this method will return null if User object with the given name doesn't exist.
        Returns:
        Requested user. May be null if a user does not exist and create is false.
      • get

        @Nullable
        public static User get​(String idOrFullName,
                               boolean create,
                               @NonNull
                               Map context)
        Gets the User object by its id or full name.

        In order to resolve the user ID, the method invokes User.CanonicalIdResolver extension points. Note that it may cause significant performance degradation. If you are sure the passed value is a User ID, it is recommended to use getById(String, boolean).

        Parameters:
        create - If true, this method will never return null for valid input (by creating a new User object if none exists.) If false, this method will return null if User object with the given name doesn't exist.
        context - contextual environment this user idOfFullName was retrieved from, that can help resolve the user ID
        Returns:
        An existing or created user. May be null if a user does not exist and create is false.
      • getOrCreateByIdOrFullName

        @NonNull
        public static User getOrCreateByIdOrFullName​(@NonNull
                                                     String idOrFullName)
        Get the user by ID or Full Name.

        If the user does not exist, creates a new one on-demand.

        Use getById(java.lang.String, boolean) when you know you have an ID. In this method Jenkins will try to resolve the User by full name with help of various UserNameResolver. This is slow (see JENKINS-23281).

        Parameters:
        idOrFullName - User ID or full name
        Returns:
        User instance. It will be created on-demand.
        Since:
        2.91
      • current

        @CheckForNull
        public static User current()
        Gets the User object representing the currently logged-in user, or null if the current user is anonymous.
        Since:
        1.172
      • get2

        @CheckForNull
        public static User get2​(@CheckForNull
                                org.springframework.security.core.Authentication a)
        Gets the User object representing the supplied Authentication or null if the supplied Authentication is either anonymous or null
        Parameters:
        a - the supplied Authentication .
        Returns:
        a User object for the supplied Authentication or null
        Since:
        2.266
      • getById

        @Nullable
        public static User getById​(String id,
                                   boolean create)
        Gets the User object by its id
        Parameters:
        id - the id of the user to retrieve and optionally create if it does not exist.
        create - If true, this method will never return null for valid input (by creating a new User object if none exists.) If false, this method will return null if User object with the given id doesn't exist.
        Returns:
        the a User whose id is id, or null if create is false and the user does not exist.
        Since:
        1.651.2 / 2.3
      • getAll

        @NonNull
        public static Collection<User> getAll()
        Gets all the users.
      • rekey

        public static void rekey()
        Called when changing the IdStrategy.
        Since:
        1.566
      • getBuilds

        @WithBridgeMethods(java.util.List.class)
        @NonNull
        public RunList getBuilds()
        Searches for builds which include changes by this user or which were triggered by this user.
      • clear

        @Deprecated
        public static void clear()
        Deprecated.
        removed without replacement
        Called by tests in the JTH. Otherwise this shouldn't be called. Even in the tests this usage is questionable.
      • getUserFolder

        @CheckForNull
        public File getUserFolder()
        Returns the folder that store all the user information. Useful for plugins to save a user-specific file aside the config.xml. Exposes implementation details that may be subject to change.
        Returns:
        The folder containing the user configuration files or null if the user was not yet saved.
        Since:
        2.129
      • isIdOrFullnameAllowed

        public static boolean isIdOrFullnameAllowed​(@CheckForNull
                                                    String id)
        Is the ID allowed? Some are prohibited for security reasons. See SECURITY-166.

        Note that this is only enforced when saving. These users are often created via the constructor (and even listed on /asynchPeople), but our goal is to prevent anyone from logging in as these users. Therefore, we prevent saving a User with one of these ids.

        Parameters:
        id - ID to be checked
        Returns:
        true if the username or fullname is valid. For null or blank IDs returns false.
        Since:
        1.600
      • delete

        public void delete()
                    throws IOException
        Deletes the data directory and removes this user from Hudson.
        Throws:
        IOException - if we fail to delete.
      • getApi

        public Api getApi()
        Exposed remote API.
      • doDoDelete

        public void doDoDelete​(org.kohsuke.stapler.StaplerRequest req,
                               org.kohsuke.stapler.StaplerResponse rsp)
                        throws IOException
        Deletes this user from Hudson.
        Throws:
        IOException
      • doRssAll

        public void doRssAll​(org.kohsuke.stapler.StaplerRequest req,
                             org.kohsuke.stapler.StaplerResponse rsp)
                      throws IOException,
                             javax.servlet.ServletException
        Throws:
        IOException
        javax.servlet.ServletException
      • doRssFailed

        public void doRssFailed​(org.kohsuke.stapler.StaplerRequest req,
                                org.kohsuke.stapler.StaplerResponse rsp)
                         throws IOException,
                                javax.servlet.ServletException
        Throws:
        IOException
        javax.servlet.ServletException
      • doRssLatest

        public void doRssLatest​(org.kohsuke.stapler.StaplerRequest req,
                                org.kohsuke.stapler.StaplerResponse rsp)
                         throws IOException,
                                javax.servlet.ServletException
        Throws:
        IOException
        javax.servlet.ServletException
      • getACL

        @NonNull
        public ACL getACL()
        Description copied from interface: AccessControlled
        Obtains the ACL associated with this object.
        Specified by:
        getACL in interface AccessControlled
        Returns:
        never null.
      • canDelete

        public boolean canDelete()
        With ADMINISTER permission, can delete users with persisted data but can't delete self.
      • getAuthorities

        @NonNull
        public List<String> getAuthorities()
        Checks for authorities (groups) associated with this user. If the caller lacks Jenkins.ADMINISTER, or any problems arise, returns an empty list. SecurityRealm.AUTHENTICATED_AUTHORITY2 and the username, if present, are omitted.
        Returns:
        a possibly empty list
        Since:
        1.498
      • getPropertyActions

        public List<Action> getPropertyActions()
        Return all properties that are also actions.
        Returns:
        the list can be empty but never null. read only.
      • getTransientActions

        public List<Action> getTransientActions()
        Return all transient actions associated with this user.
        Returns:
        the list can be empty but never null. read only.
      • getTarget

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
        public Object getTarget()
        Specified by:
        getTarget in interface org.kohsuke.stapler.StaplerProxy