hudson.model.AbstractDescribableImpl<AuthorizationStrategy>
hudson.security.AuthorizationStrategy
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public abstract class AuthorizationStrategy
Controls authorization throughout Hudson.
This object will be persisted along with Jenkins object.
Hudson by itself won't put the ACL returned from getRootACL() into the serialized object graph,
so if that object contains state and needs to be persisted, it's the responsibility of
AuthorizationStrategy to do so (by keeping them in an instance field.)
The corresponding Describable instance will be asked to create a new AuthorizationStrategy
every time the system configuration is updated. Implementations that keep more state in ACL beyond
the system configuration should use Jenkins.getAuthorizationStrategy() to talk to the current
instance to carry over the state.
SecurityRealm| Nested Class Summary | |
|---|---|
static class |
AuthorizationStrategy.Unsecured
|
| Nested classes/interfaces inherited from interface hudson.ExtensionPoint |
|---|
ExtensionPoint.LegacyInstancesAreScopedToHudson |
| Field Summary | |
|---|---|
static DescriptorList<AuthorizationStrategy> |
LIST
Deprecated. since 1.286 Use all() for read access, and Extension for registration. |
static AuthorizationStrategy |
UNSECURED
AuthorizationStrategy that implements the semantics
of unsecured Hudson where everyone has full control. |
| Constructor Summary | |
|---|---|
AuthorizationStrategy()
|
|
| Method Summary | |
|---|---|
static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> |
all()
Returns all the registered AuthorizationStrategy descriptors. |
ACL |
getACL(AbstractItem item)
Implementation can choose to provide different ACL for different items. |
ACL |
getACL(AbstractProject<?,?> project)
Deprecated. since 1.277 Override getACL(Job) instead. |
ACL |
getACL(Cloud cloud)
Implementation can choose to provide different ACL for different Clouds. |
ACL |
getACL(Computer computer)
Implementation can choose to provide different ACL for different computers. |
ACL |
getACL(Job<?,?> project)
|
ACL |
getACL(Node node)
|
ACL |
getACL(User user)
Implementation can choose to provide different ACL per user. |
ACL |
getACL(View item)
Implementation can choose to provide different ACL for different views. |
abstract Collection<String> |
getGroups()
Returns the list of all group/role names used in this authorization strategy, and the ACL returned from the getRootACL() method. |
abstract ACL |
getRootACL()
Returns the instance of ACL where all the other ACL instances
for all the other model objects eventually delegate. |
| Methods inherited from class hudson.model.AbstractDescribableImpl |
|---|
getDescriptor |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final DescriptorList<AuthorizationStrategy> LIST
all() for read access, and Extension for registration.SecurityRealm implementations.
public static final AuthorizationStrategy UNSECURED
AuthorizationStrategy that implements the semantics
of unsecured Hudson where everyone has full control.
This singleton is safe because AuthorizationStrategy.Unsecured is stateless.
| Constructor Detail |
|---|
public AuthorizationStrategy()
| Method Detail |
|---|
public abstract ACL getRootACL()
ACL where all the other ACL instances
for all the other model objects eventually delegate.
IOW, this ACL will have the ultimate say on the access control.
@Deprecated public ACL getACL(AbstractProject<?,?> project)
getACL(Job) instead.
public ACL getACL(Job<?,?> project)
public ACL getACL(View item)
The default implementation makes the view visible if any of the items are visible or the view is configurable.
public ACL getACL(AbstractItem item)
The default implementation returns getRootACL().
public ACL getACL(User user)
The default implementation returns getRootACL().
public ACL getACL(Computer computer)
The default implementation delegates to getACL(Node)
public ACL getACL(Cloud cloud)
Clouds.
This can be used as a basis for more fine-grained access control.
The default implementation returns getRootACL().
public ACL getACL(Node node)
public abstract Collection<String> getGroups()
getRootACL() method.
This method is used by ContainerAuthentication to work around the servlet API issue
that prevents us from enumerating roles that the user has.
If such enumeration is impossible, do the best to list as many as possible, then return it. In the worst case, just return an empty list. Doing so would prevent users from using role names as group names (see HUDSON-2716 for such one such report.)
public static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()
AuthorizationStrategy descriptors.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||