hudson.security.ACL
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public abstract class ACL
Gate-keeper that controls access to Hudson's model objects.
| Field Summary | |
|---|---|
static org.acegisecurity.acls.sid.Sid |
ANONYMOUS
Sid that represents the anonymous unauthenticated users. |
protected static org.acegisecurity.acls.sid.Sid[] |
AUTOMATIC_SIDS
|
static org.acegisecurity.acls.sid.Sid |
EVERYONE
Special Sid that represents "everyone", even including anonymous users. |
static org.acegisecurity.Authentication |
SYSTEM
Sid that represents the Hudson itself. |
| Constructor Summary | |
|---|---|
ACL()
|
|
| Method Summary | |
|---|---|
void |
checkPermission(Permission p)
Checks if the current security principal has this permission. |
abstract boolean |
hasPermission(org.acegisecurity.Authentication a,
Permission permission)
Checks if the given principle has the given permission. |
boolean |
hasPermission(Permission p)
Checks if the current security principal has this permission. |
static org.acegisecurity.context.SecurityContext |
impersonate(org.acegisecurity.Authentication auth)
Changes the Authentication associated with the current thread
to the specified one, and returns the previous security context. |
static void |
impersonate(org.acegisecurity.Authentication auth,
Runnable body)
Safer variant of impersonate(Authentication) that does not require a finally-block. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final org.acegisecurity.acls.sid.Sid EVERYONE
Sid that represents "everyone", even including anonymous users.
This doesn't need to be included in Authentication.getAuthorities(),
but ACL is responsible for checking it nontheless, as if it was the
last entry in the granted authority.
public static final org.acegisecurity.acls.sid.Sid ANONYMOUS
Sid that represents the anonymous unauthenticated users.
HudsonFilter sets this up, so this sid remains the same
regardless of the current SecurityRealm in use.
protected static final org.acegisecurity.acls.sid.Sid[] AUTOMATIC_SIDS
public static final org.acegisecurity.Authentication SYSTEM
Sid that represents the Hudson itself.
This is used when Hudson is performing computation for itself, instead of acting on behalf of an user, such as doing builds.
| Constructor Detail |
|---|
public ACL()
| Method Detail |
|---|
public final void checkPermission(Permission p)
This is just a convenience function.
org.acegisecurity.AccessDeniedException - if the user doesn't have the permission.public final boolean hasPermission(Permission p)
public abstract boolean hasPermission(org.acegisecurity.Authentication a,
Permission permission)
Note that SYSTEM can be passed in as the authentication parameter,
in which case you should probably just assume it has every permission.
public static org.acegisecurity.context.SecurityContext impersonate(org.acegisecurity.Authentication auth)
Authentication associated with the current thread
to the specified one, and returns the previous security context.
When the impersonation is over, be sure to restore the previous authentication
via SecurityContextHolder.setContext(returnValueFromThisMethod);
or just use impersonate(Authentication,Runnable).
We need to create a new SecurityContext instead of SecurityContext.setAuthentication(Authentication)
because the same SecurityContext object is reused for all the concurrent requests from the same session.
public static void impersonate(org.acegisecurity.Authentication auth,
Runnable body)
impersonate(Authentication) that does not require a finally-block.
auth - authentication, such as SYSTEMbody - an action to run with this alternate authentication in effect
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||