Package hudson.security

Class AuthorizationStrategy

java.lang.Object
hudson.model.AbstractDescribableImpl<AuthorizationStrategy>
hudson.security.AuthorizationStrategy
All Implemented Interfaces:
ExtensionPoint, Describable<AuthorizationStrategy>
Direct Known Subclasses:
AuthorizationStrategy.Unsecured, FullControlOnceLoggedInAuthorizationStrategy, LegacyAuthorizationStrategy
@StaplerAccessibleType public abstract class AuthorizationStrategy extends AbstractDescribableImpl<AuthorizationStrategy> implements ExtensionPoint
Controls authorization throughout Hudson.

Persistence

This object will be persisted along with Jenkins object. Hudson by itself won't put the ACL returned from getRootACL() into the serialized object graph, so if that object contains state and needs to be persisted, it's the responsibility of AuthorizationStrategy to do so (by keeping them in an instance field.)

Re-configuration

The corresponding Describable instance will be asked to create a new AuthorizationStrategy every time the system configuration is updated. Implementations that keep more state in ACL beyond the system configuration should use Jenkins.getAuthorizationStrategy() to talk to the current instance to carry over the state.

Author:
Kohsuke Kawaguchi
See Also:

  • Field Details

  • Constructor Details

    • AuthorizationStrategy

      public AuthorizationStrategy()

  • Method Details

    • getRootACL

      @NonNull public abstract ACL getRootACL()
      Returns the instance of ACL where all the other ACL instances for all the other model objects eventually delegate.

      IOW, this ACL will have the ultimate say on the access control.

    • getACL

      @Deprecated @NonNull public ACL getACL(@NonNull AbstractProject<?,?> project)
      Deprecated.
      since 1.277 Override getACL(Job) instead.

    • getACL

      @NonNull public ACL getACL(@NonNull Job<?,?> project)

    • getACL

      @NonNull public ACL getACL(@NonNull View item)
      Implementation can choose to provide different ACL for different views. This can be used as a basis for more fine-grained access control.

      The default implementation makes the view visible if any of the items are visible or the view is configurable.

      Since:
      1.220

    • getACL

      @NonNull public ACL getACL(@NonNull AbstractItem item)
      Implementation can choose to provide different ACL for different items. This can be used as a basis for more fine-grained access control.

      The default implementation returns getRootACL().

      Since:
      1.220

    • getACL

      @NonNull public ACL getACL(@NonNull User user)
      Implementation can choose to provide different ACL per user. This can be used as a basis for more fine-grained access control.

      The default implementation returns getRootACL().

      Since:
      1.221

    • getACL

      @NonNull public ACL getACL(@NonNull Computer computer)
      Implementation can choose to provide different ACL for different computers. This can be used as a basis for more fine-grained access control.

      The default implementation delegates to getACL(Node)

      Since:
      1.220

    • getACL

      @NonNull public ACL getACL(@NonNull IComputer computer)
      Implementation can choose to provide different ACL for different computers. This can be used as a basis for more fine-grained access control.

      Default implementation delegates to getACL(Computer) if the computer is an instance of Computer, otherwise it will fall back to getRootACL().

      Since:
      2.480

    • getACL

      @NonNull public ACL getACL(@NonNull Cloud cloud)
      Implementation can choose to provide different ACL for different Clouds. This can be used as a basis for more fine-grained access control.

      The default implementation returns getRootACL().

      Since:
      1.252

    • getACL

      @NonNull public ACL getACL(@NonNull Node node)

    • getGroups

      @NonNull public abstract Collection<String> getGroups()
      Returns the list of all group/role names used in this authorization strategy, and the ACL returned from the getRootACL() method.

      This method is used by ContainerAuthentication to work around the servlet API issue that prevents us from enumerating roles that the user has.

      If such enumeration is impossible, do the best to list as many as possible, then return it. In the worst case, just return an empty list. Doing so would prevent users from using role names as group names (see JENKINS-2716 for such one such report.)

      Returns:
      never null.

    • all

      @NonNull public static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()
      Returns all the registered AuthorizationStrategy descriptors.