Example 6 with Authentication
use of org.acegisecurity.Authentication in project blueocean-plugin by jenkinsci.
the class JwtImpl method getToken.
@Override
public JwtToken getToken(@Nullable @QueryParameter("expiryTimeInMins") Integer expiryTimeInMins, @Nullable @QueryParameter("maxExpiryTimeInMins") Integer maxExpiryTimeInMins) {
String t = System.getProperty("EXPIRY_TIME_IN_MINS");
long expiryTime = DEFAULT_EXPIRY_IN_SEC;
if (t != null) {
expiryTime = Integer.parseInt(t);
}
int maxExpiryTime = DEFAULT_MAX_EXPIRY_TIME_IN_MIN;
t = System.getProperty("MAX_EXPIRY_TIME_IN_MINS");
if (t != null) {
maxExpiryTime = Integer.parseInt(t);
}
if (maxExpiryTimeInMins != null) {
maxExpiryTime = maxExpiryTimeInMins;
}
if (expiryTimeInMins != null) {
if (expiryTimeInMins > maxExpiryTime) {
throw new ServiceException.BadRequestExpception(String.format("expiryTimeInMins %s can't be greated than %s", expiryTimeInMins, maxExpiryTime));
}
expiryTime = expiryTimeInMins * 60;
}
Authentication authentication = Jenkins.getInstance().getAuthentication();
if (authentication == null) {
throw new ServiceException.UnauthorizedException("Unauthorized: No login session found");
}
String userId = authentication.getName();
User user = User.get(userId, false, Collections.emptyMap());
String email = null;
String fullName = null;
if (user != null) {
fullName = user.getFullName();
userId = user.getId();
Mailer.UserProperty p = user.getProperty(Mailer.UserProperty.class);
if (p != null)
email = p.getAddress();
}
Plugin plugin = Jenkins.getInstance().getPlugin("blueocean-jwt");
String issuer = "blueocean-jwt:" + ((plugin != null) ? plugin.getWrapper().getVersion() : "");
JwtToken jwtToken = new JwtToken();
jwtToken.claim.put("jti", UUID.randomUUID().toString().replace("-", ""));
jwtToken.claim.put("iss", issuer);
jwtToken.claim.put("sub", userId);
jwtToken.claim.put("name", fullName);
long currentTime = System.currentTimeMillis() / 1000;
jwtToken.claim.put("iat", currentTime);
jwtToken.claim.put("exp", currentTime + expiryTime);
jwtToken.claim.put("nbf", currentTime - DEFAULT_NOT_BEFORE_IN_SEC);
//set claim
JSONObject context = new JSONObject();
JSONObject userObject = new JSONObject();
userObject.put("id", userId);
userObject.put("fullName", fullName);
userObject.put("email", email);
context.put("user", userObject);
jwtToken.claim.put("context", context);
return jwtToken;
}
Also used :
JwtToken(io.jenkins.blueocean.auth.jwt.JwtToken)
User(hudson.model.User)
JSONObject(net.sf.json.JSONObject)
Authentication(org.acegisecurity.Authentication)
Mailer(hudson.tasks.Mailer)
Plugin(hudson.Plugin)
Example 7 with Authentication
use of org.acegisecurity.Authentication in project blueocean-plugin by jenkinsci.
the class UserImpl method getPermission.
@Override
public BlueUserPermission getPermission() {
Authentication authentication = Jenkins.getAuthentication();
String name = authentication.getName();
if (isAnonymous(name)) {
return null;
}
User loggedInUser = User.get(name, false, Collections.EMPTY_MAP);
if (loggedInUser == null) {
return null;
}
// round trip to fetch user and authorizations
if (!loggedInUser.getId().equals(user.getId())) {
return null;
}
return new BlueUserPermission() {
@Override
public boolean isAdministration() {
return isAdmin();
}
@Override
public Map<String, Boolean> getPipelinePermission() {
return UserImpl.this.getPipelinePermissions();
}
@Override
public Map<String, Boolean> getCredentialPermission() {
return UserImpl.this.getCredentialPermissions();
}
};
}
Also used :
BlueUserPermission(io.jenkins.blueocean.rest.model.BlueUserPermission)
BlueUser(io.jenkins.blueocean.rest.model.BlueUser)
User(hudson.model.User)
Authentication(org.acegisecurity.Authentication)
Example 8 with Authentication
use of org.acegisecurity.Authentication in project hudson-2.x by hudson.
the class SecurityRealm method doLogout.
/**
* Handles the logout processing.
* <p/>
* <p/>
* The default implementation erases the session and do a few other clean up, then
* redirect the user to the URL specified by {@link #getPostLogOutUrl(StaplerRequest, Authentication)}.
*
* @since 1.314
*/
public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
HttpSession session = req.getSession(false);
if (session != null) {
session.invalidate();
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.clearContext();
//Clear env property.
EnvVars.clearHudsonUserEnvVar();
// reset remember-me cookie
Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, "");
cookie.setPath(req.getContextPath().length() > 0 ? req.getContextPath() : "/");
rsp.addCookie(cookie);
rsp.sendRedirect2(getPostLogOutUrl(req, auth));
}
Also used :
Cookie(javax.servlet.http.Cookie)
HttpSession(javax.servlet.http.HttpSession)
Authentication(org.acegisecurity.Authentication)
Example 9 with Authentication
use of org.acegisecurity.Authentication in project hudson-2.x by hudson.
the class HudsonPrivateSecurityRealm method loginAndTakeBack.
/**
* Lets the current user silently login as the given user and report back accordingly.
*/
private void loginAndTakeBack(StaplerRequest req, StaplerResponse rsp, User u) throws ServletException, IOException {
// ... and let him login
Authentication a = new UsernamePasswordAuthenticationToken(u.getId(), req.getParameter("password1"));
a = this.getSecurityComponents().manager.authenticate(a);
SecurityContextHolder.getContext().setAuthentication(a);
// then back to top
req.getView(this, "success.jelly").forward(req, rsp);
}
Also used :
Authentication(org.acegisecurity.Authentication)
UsernamePasswordAuthenticationToken(org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
Example 10 with Authentication
use of org.acegisecurity.Authentication in project hudson-2.x by hudson.
the class SecurityServiceImpl method runAs.
public void runAs(final Authentication auth, final Runnable task) {
checkNotNull(auth);
checkNotNull(task);
final SecurityContext ctx = SecurityContextHolder.getContext();
final Authentication current = ctx.getAuthentication();
ctx.setAuthentication(auth);
try {
task.run();
} finally {
ctx.setAuthentication(current);
}
}
Also used :
Authentication(org.acegisecurity.Authentication)
SecurityContext(org.acegisecurity.context.SecurityContext)
Aggregations
Authentication (org.acegisecurity.Authentication)19
SecurityContext (org.acegisecurity.context.SecurityContext)6
User (hudson.model.User)4
ACL (hudson.security.ACL)3
Nonnull (javax.annotation.Nonnull)3
Item (hudson.model.Item)2
CliAuthenticator (hudson.security.CliAuthenticator)2
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpSession (javax.servlet.http.HttpSession)2
JSONObject (net.sf.json.JSONObject)2
CmdLineException (org.kohsuke.args4j.CmdLineException)2
Credentials (com.cloudbees.plugins.credentials.Credentials)1
CredentialsStore (com.cloudbees.plugins.credentials.CredentialsStore)1
IdCredentials (com.cloudbees.plugins.credentials.common.IdCredentials)1
Domain (com.cloudbees.plugins.credentials.domains.Domain)1
HashCode (com.google.common.hash.HashCode)1
AbortException (hudson.AbortException)1
ExtensionComponent (hudson.ExtensionComponent)1
