Search in sources :

Example 1 with FullControlOnceLoggedInAuthorizationStrategy

use of hudson.security.FullControlOnceLoggedInAuthorizationStrategy in project blueocean-plugin by jenkinsci.

the class BlueOceanConfigStatePreloader method getStateJson.

/**
     * {@inheritDoc}
     */
@Override
public String getStateJson() {
    StringWriter writer = new StringWriter();
    Jenkins jenkins = Jenkins.getInstance();
    String version = Jenkins.getVersion() != null ? Jenkins.getVersion().toString() : Jenkins.VERSION;
    AuthorizationStrategy authorizationStrategy = jenkins.getAuthorizationStrategy();
    boolean allowAnonymousRead = true;
    if (authorizationStrategy instanceof FullControlOnceLoggedInAuthorizationStrategy) {
        allowAnonymousRead = ((FullControlOnceLoggedInAuthorizationStrategy) authorizationStrategy).isAllowAnonymousRead();
    }
    new JSONBuilder(writer).object().key("version").value(getBlueOceanPluginVersion()).key("jenkinsConfig").object().key("version").value(version).key("security").object().key("enabled").value(jenkins.isUseSecurity()).key("loginUrl").value(jenkins.getSecurityRealm() == SecurityRealm.NO_AUTHENTICATION ? null : jenkins.getSecurityRealm().getLoginUrl()).key("authorizationStrategy").object().key("allowAnonymousRead").value(allowAnonymousRead).endObject().key("enableJWT").value(BlueOceanConfigProperties.BLUEOCEAN_FEATURE_JWT_AUTHENTICATION).endObject().endObject().key("features").object().key("organizations.enabled").value(Boolean.getBoolean("blueocean.features.organizations.enabled")).endObject().endObject();
    return writer.toString();
}
Also used : Jenkins(jenkins.model.Jenkins) AuthorizationStrategy(hudson.security.AuthorizationStrategy) FullControlOnceLoggedInAuthorizationStrategy(hudson.security.FullControlOnceLoggedInAuthorizationStrategy) FullControlOnceLoggedInAuthorizationStrategy(hudson.security.FullControlOnceLoggedInAuthorizationStrategy) JSONBuilder(net.sf.json.util.JSONBuilder) StringWriter(java.io.StringWriter)

Example 2 with FullControlOnceLoggedInAuthorizationStrategy

use of hudson.security.FullControlOnceLoggedInAuthorizationStrategy in project hudson-2.x by hudson.

the class Hudson method loadTasks.

private synchronized TaskBuilder loadTasks() throws IOException {
    File projectsDir = new File(root, "jobs");
    if (!projectsDir.isDirectory() && !projectsDir.mkdirs()) {
        if (projectsDir.exists()) {
            throw new IOException(projectsDir + " is not a directory");
        }
        throw new IOException("Unable to create " + projectsDir + "\nPermission issue? Please create this directory manually.");
    }
    File[] subdirs = projectsDir.listFiles(new FileFilter() {

        public boolean accept(File child) {
            return child.isDirectory() && Items.getConfigFile(child).exists();
        }
    });
    TaskGraphBuilder g = new TaskGraphBuilder();
    Handle loadHudson = g.requires(InitMilestone.EXTENSIONS_AUGMENTED).attains(InitMilestone.JOB_LOADED).add("Loading global config", new Executable() {

        public void run(Reactor session) throws Exception {
            XmlFile cfg = getConfigFile();
            if (cfg.exists()) {
                // reset some data that may not exist in the disk file
                // so that we can take a proper compensation action later.
                primaryView = null;
                views.clear();
                // load from disk
                cfg.unmarshal(Hudson.this);
            }
            // if we are loading old data that doesn't have this field
            if (slaves == null) {
                slaves = new NodeList();
            }
            clouds.setOwner(Hudson.this);
            items.clear();
        }
    });
    for (final File subdir : subdirs) {
        g.requires(loadHudson).attains(InitMilestone.JOB_LOADED).notFatal().add("Loading job " + subdir.getName(), new Executable() {

            public void run(Reactor session) throws Exception {
                TopLevelItem item = (TopLevelItem) Items.load(Hudson.this, subdir);
                items.put(item.getName(), item);
            }
        });
    }
    g.requires(InitMilestone.JOB_LOADED).add("Finalizing set up", new Executable() {

        public void run(Reactor session) throws Exception {
            rebuildDependencyGraph();
            {
                // recompute label objects - populates the labels mapping.
                for (// Note that not all labels are visible until the slaves have connected.
                Node slave : // Note that not all labels are visible until the slaves have connected.
                slaves) {
                    slave.getAssignedLabels();
                }
                getAssignedLabels();
            }
            // this is both for clean Hudson and for backward compatibility.
            if (views.size() == 0 || primaryView == null) {
                View v = new AllView(Messages.Hudson_ViewName());
                v.owner = Hudson.this;
                views.add(0, v);
                primaryView = v.getViewName();
            }
            // read in old data that doesn't have the security field set
            if (authorizationStrategy == null) {
                if (useSecurity == null || !useSecurity) {
                    authorizationStrategy = AuthorizationStrategy.UNSECURED;
                } else {
                    authorizationStrategy = new FullControlOnceLoggedInAuthorizationStrategy();
                }
            }
            if (securityRealm == null) {
                if (useSecurity == null || !useSecurity) {
                    setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
                } else {
                    setSecurityRealm(new LegacySecurityRealm());
                }
            } else {
                // force the set to proxy
                setSecurityRealm(securityRealm);
            }
            if (useSecurity != null && !useSecurity) {
                // forced reset to the unsecure mode.
                // this works as an escape hatch for people who locked themselves out.
                authorizationStrategy = AuthorizationStrategy.UNSECURED;
                setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
            }
            // Initialize the filter with the crumb issuer
            setCrumbIssuer(crumbIssuer);
            // auto register root actions
            for (Action a : getExtensionList(RootAction.class)) {
                if (!actions.contains(a)) {
                    actions.add(a);
                }
            }
        }
    });
    return g;
}
Also used : FullControlOnceLoggedInAuthorizationStrategy(hudson.security.FullControlOnceLoggedInAuthorizationStrategy) XmlFile(hudson.XmlFile) NodeList(hudson.slaves.NodeList) IOException(java.io.IOException) ExtensionListView(hudson.ExtensionListView) FormException(hudson.model.Descriptor.FormException) RestartNotSupportedException(hudson.lifecycle.RestartNotSupportedException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) ServletException(javax.servlet.ServletException) ReactorException(org.jvnet.hudson.reactor.ReactorException) TimeoutException(java.util.concurrent.TimeoutException) ParseException(java.text.ParseException) JellyException(org.apache.commons.jelly.JellyException) ANTLRException(antlr.ANTLRException) AcegiSecurityException(org.acegisecurity.AcegiSecurityException) BindException(java.net.BindException) AccessDeniedException(org.acegisecurity.AccessDeniedException) TaskGraphBuilder(org.jvnet.hudson.reactor.TaskGraphBuilder) Handle(org.jvnet.hudson.reactor.TaskGraphBuilder.Handle) LegacySecurityRealm(hudson.security.LegacySecurityRealm) FileFilter(java.io.FileFilter) Executable(org.jvnet.hudson.reactor.Executable) Reactor(org.jvnet.hudson.reactor.Reactor) TextFile(hudson.util.TextFile) XmlFile(hudson.XmlFile) File(java.io.File)

Aggregations

FullControlOnceLoggedInAuthorizationStrategy (hudson.security.FullControlOnceLoggedInAuthorizationStrategy)2 ANTLRException (antlr.ANTLRException)1 ExtensionListView (hudson.ExtensionListView)1 XmlFile (hudson.XmlFile)1 RestartNotSupportedException (hudson.lifecycle.RestartNotSupportedException)1 FormException (hudson.model.Descriptor.FormException)1 AuthorizationStrategy (hudson.security.AuthorizationStrategy)1 LegacySecurityRealm (hudson.security.LegacySecurityRealm)1 NodeList (hudson.slaves.NodeList)1 TextFile (hudson.util.TextFile)1 File (java.io.File)1 FileFilter (java.io.FileFilter)1 IOException (java.io.IOException)1 StringWriter (java.io.StringWriter)1 BindException (java.net.BindException)1 ParseException (java.text.ParseException)1 ExecutionException (java.util.concurrent.ExecutionException)1 TimeoutException (java.util.concurrent.TimeoutException)1 ServletException (javax.servlet.ServletException)1 Jenkins (jenkins.model.Jenkins)1