Modifier and Type | Field and Description |
---|---|
static org.acegisecurity.acls.sid.Sid |
ANONYMOUS
Sid that represents the anonymous unauthenticated users. |
protected static org.acegisecurity.acls.sid.Sid[] |
AUTOMATIC_SIDS |
static org.acegisecurity.acls.sid.Sid |
EVERYONE
Special
Sid that represents "everyone", even including anonymous users. |
static org.acegisecurity.Authentication |
SYSTEM
Sid that represents the Hudson itself. |
Constructor and Description |
---|
ACL() |
Modifier and Type | Method and Description |
---|---|
void |
checkPermission(Permission p)
Checks if the current security principal has this permission.
|
abstract boolean |
hasPermission(org.acegisecurity.Authentication a,
Permission permission)
Checks if the given principle has the given permission.
|
boolean |
hasPermission(Permission p)
Checks if the current security principal has this permission.
|
static org.acegisecurity.context.SecurityContext |
impersonate(org.acegisecurity.Authentication auth)
Changes the
Authentication associated with the current thread
to the specified one, and returns the previous security context. |
static void |
impersonate(org.acegisecurity.Authentication auth,
Runnable body)
Safer variant of
impersonate(Authentication) that does not require a finally-block. |
public static final org.acegisecurity.acls.sid.Sid EVERYONE
Sid
that represents "everyone", even including anonymous users.
This doesn't need to be included in Authentication.getAuthorities()
,
but ACL
is responsible for checking it nontheless, as if it was the
last entry in the granted authority.
public static final org.acegisecurity.acls.sid.Sid ANONYMOUS
Sid
that represents the anonymous unauthenticated users.
HudsonFilter
sets this up, so this sid remains the same
regardless of the current SecurityRealm
in use.
protected static final org.acegisecurity.acls.sid.Sid[] AUTOMATIC_SIDS
public static final org.acegisecurity.Authentication SYSTEM
Sid
that represents the Hudson itself.
This is used when Hudson is performing computation for itself, instead of acting on behalf of an user, such as doing builds.
public final void checkPermission(@Nonnull Permission p)
This is just a convenience function.
org.acegisecurity.AccessDeniedException
- if the user doesn't have the permission.public final boolean hasPermission(@Nonnull Permission p)
public abstract boolean hasPermission(@Nonnull org.acegisecurity.Authentication a, @Nonnull Permission permission)
Note that SYSTEM
can be passed in as the authentication parameter,
in which case you should probably just assume it has every permission.
@Nonnull public static org.acegisecurity.context.SecurityContext impersonate(@Nonnull org.acegisecurity.Authentication auth)
Authentication
associated with the current thread
to the specified one, and returns the previous security context.
When the impersonation is over, be sure to restore the previous authentication
via SecurityContextHolder.setContext(returnValueFromThisMethod)
;
or just use impersonate(Authentication,Runnable)
.
We need to create a new SecurityContext
instead of SecurityContext.setAuthentication(Authentication)
because the same SecurityContext
object is reused for all the concurrent requests from the same session.
public static void impersonate(@Nonnull org.acegisecurity.Authentication auth, @Nonnull Runnable body)
impersonate(Authentication)
that does not require a finally-block.auth
- authentication, such as SYSTEM
body
- an action to run with this alternate authentication in effectCopyright © 2014. All rights reserved.