Class ACL

java.lang.Object
hudson.security.ACL
Direct Known Subclasses:
SidACL

public abstract class ACL extends Object
Gate-keeper that controls access to Hudson's model objects.
Author:
Kohsuke Kawaguchi
  • Field Details

    • EVERYONE

      public static final Sid EVERYONE
      Special Sid that represents "everyone", even including anonymous users.

      This doesn't need to be included in Authentication.getAuthorities(), but ACL is responsible for checking it nonetheless, as if it was the last entry in the granted authority.

    • ANONYMOUS_USERNAME

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final String ANONYMOUS_USERNAME
      The username for the anonymous user
      See Also:
    • ANONYMOUS

      public static final Sid ANONYMOUS
      Sid that represents the anonymous unauthenticated users.

      HudsonFilter sets this up, so this sid remains the same regardless of the current SecurityRealm in use.

    • SYSTEM_USERNAME

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final String SYSTEM_USERNAME
      The username for the system user
      See Also:
    • SYSTEM2

      public static final org.springframework.security.core.Authentication SYSTEM2
      Sid that represents the Hudson itself.

      This is used when Hudson is performing computation for itself, instead of acting on behalf of an user, such as doing builds.

      Since:
      2.266
    • SYSTEM

      @Deprecated public static final Authentication SYSTEM
      Deprecated.
  • Constructor Details

    • ACL

      public ACL()
  • Method Details

    • checkPermission

      public final void checkPermission(@NonNull Permission p)
      Checks if the current security principal has this permission.

      This is just a convenience function.

      Throws:
      org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
    • checkAnyPermission

      public final void checkAnyPermission(@NonNull Permission... permissions)
      Checks if the current security principal has one of the supplied permissions. This is just a convenience function.
      Throws:
      org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
      IllegalArgumentException - if no permissions are provided
      Since:
      2.222
    • hasPermission

      public final boolean hasPermission(@NonNull Permission p)
      Checks if the current security principal has this permission.
      Returns:
      false if the user doesn't have the permission.
    • hasAnyPermission

      public final boolean hasAnyPermission(@NonNull Permission... permissions)
      Checks if the current security principal has any of the permissions.
      Returns:
      false if the user doesn't have one of the required permissions.
      Throws:
      IllegalArgumentException - if no permissions are provided
    • hasPermission2

      public boolean hasPermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull Permission permission)
      Checks if the given principle has the given permission.

      Note that SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it has every permission.

      Since:
      2.266
    • hasPermission

      @Deprecated public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission)
    • lambda2

      public static ACL lambda2(BiFunction<org.springframework.security.core.Authentication,Permission,Boolean> impl)
      Creates a simple ACL implementation based on a “single-abstract-method” easily implemented via lambda syntax.
      Parameters:
      impl - the implementation of hasPermission2(Authentication, Permission)
      Returns:
      an adapter to that lambda
      Since:
      2.266
    • lambda

      Since:
      2.105
    • checkCreatePermission

      public final void checkCreatePermission(@NonNull ItemGroup c, @NonNull TopLevelItemDescriptor d)
      Checks if the current security principal has the permission to create top level items within the specified item group.

      This is just a convenience function.

      Parameters:
      c - the container of the item.
      d - the descriptor of the item to be created.
      Throws:
      org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
      Since:
      1.607
    • hasCreatePermission2

      public boolean hasCreatePermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull ItemGroup c, @NonNull TopLevelItemDescriptor d)
      Checks if the given principal has the permission to create top level items within the specified item group.

      Note that SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it can create anything anywhere.

      Parameters:
      a - the principal.
      c - the container of the item.
      d - the descriptor of the item to be created.
      Returns:
      false if the user doesn't have the permission.
      Since:
      2.266
    • hasCreatePermission

      @Deprecated public boolean hasCreatePermission(@NonNull Authentication a, @NonNull ItemGroup c, @NonNull TopLevelItemDescriptor d)
      Since:
      1.607
    • checkCreatePermission

      public final void checkCreatePermission(@NonNull ViewGroup c, @NonNull ViewDescriptor d)
      Checks if the current security principal has the permission to create views within the specified view group.

      This is just a convenience function.

      Parameters:
      c - the container of the item.
      d - the descriptor of the view to be created.
      Throws:
      org.springframework.security.access.AccessDeniedException - if the user doesn't have the permission.
      Since:
      1.607
    • hasCreatePermission2

      public boolean hasCreatePermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull ViewGroup c, @NonNull ViewDescriptor d)
      Checks if the given principal has the permission to create views within the specified view group.

      Note that SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it can create anything anywhere.

      Parameters:
      a - the principal.
      c - the container of the view.
      d - the descriptor of the view to be created.
      Returns:
      false if the user doesn't have the permission.
      Since:
      2.266
    • hasCreatePermission

      @Deprecated public boolean hasCreatePermission(@NonNull Authentication a, @NonNull ViewGroup c, @NonNull ViewDescriptor d)
      Since:
      2.37
    • impersonate2

      @Deprecated @NonNull public static org.springframework.security.core.context.SecurityContext impersonate2(@NonNull org.springframework.security.core.Authentication auth)
      Deprecated.
      use try with resources and as2(Authentication)
      Changes the Authentication associated with the current thread to the specified one, and returns the previous security context.

      When the impersonation is over, be sure to restore the previous authentication via SecurityContextHolder.setContext(returnValueFromThisMethod); or just use impersonate2(Authentication, Runnable).

      We need to create a new SecurityContext instead of SecurityContext.setAuthentication(Authentication) because the same SecurityContext object is reused for all the concurrent requests from the same session.

      Since:
      2.266
    • impersonate

      @Deprecated @NonNull public static SecurityContext impersonate(@NonNull Authentication auth)
      Since:
      1.462
    • impersonate2

      @Deprecated public static void impersonate2(@NonNull org.springframework.security.core.Authentication auth, @NonNull Runnable body)
      Deprecated.
      use try with resources and as2(Authentication)
      Safer variant of impersonate2(Authentication) that does not require a finally-block.
      Parameters:
      auth - authentication, such as SYSTEM2
      body - an action to run with this alternate authentication in effect
      Since:
      2.266
    • impersonate

      @Deprecated public static void impersonate(@NonNull Authentication auth, @NonNull Runnable body)
      Since:
      1.509
    • impersonate2

      @Deprecated public static <V, T extends Exception> V impersonate2(org.springframework.security.core.Authentication auth, hudson.remoting.Callable<V,T> body) throws T
      Deprecated.
      use try with resources and as2(Authentication)
      Safer variant of impersonate2(Authentication) that does not require a finally-block.
      Parameters:
      auth - authentication, such as SYSTEM2
      body - an action to run with this alternate authentication in effect (try NotReallyRoleSensitiveCallable)
      Throws:
      T extends Exception
      Since:
      2.266
    • impersonate

      @Deprecated public static <V, T extends Exception> V impersonate(Authentication auth, hudson.remoting.Callable<V,T> body) throws T
      Throws:
      T extends Exception
      Since:
      1.587
    • as2

      @NonNull public static ACLContext as2(@NonNull org.springframework.security.core.Authentication auth)
      Changes the Authentication associated with the current thread to the specified one and returns an AutoCloseable that restores the previous security context.

      This makes impersonation much easier within code as it can now be used using the try with resources construct:

           try (ACLContext ctx = ACL.as2(auth)) {
              ...
           }
       
      Parameters:
      auth - the new authentication.
      Returns:
      the previous authentication context
      Since:
      2.266
    • as

      @Deprecated @NonNull public static ACLContext as(@NonNull Authentication auth)
      Deprecated.
      Since:
      2.14
    • as

      @NonNull public static ACLContext as(@CheckForNull User user)
      Changes the Authentication associated with the current thread to the specified one and returns an AutoCloseable that restores the previous security context.

      This makes impersonation much easier within code as it can now be used using the try with resources construct:

           try (ACLContext ctx = ACL.as2(auth)) {
              ...
           }
       
      Parameters:
      user - the user to impersonate.
      Returns:
      the previous authentication context
      Since:
      2.14
    • isAnonymous2

      public static boolean isAnonymous2(@NonNull org.springframework.security.core.Authentication authentication)
      Checks if the given authentication is anonymous by checking its class.
      Since:
      2.266
      See Also:
    • isAnonymous

      @Deprecated public static boolean isAnonymous(@NonNull Authentication authentication)