Example 16 with Authentication
use of org.acegisecurity.Authentication in project blueocean-plugin by jenkinsci.
the class GithubPipelineUpdateRequest method update.
@Nonnull
@Override
public BluePipeline update(BluePipeline pipeline) throws IOException {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CONFIGURE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to update Git pipeline: %s. User %s doesn't have Job configure permission", pipeline.getName(), a.getName()));
}
User user = User.current();
if (user == null) {
throw new ServiceException.UnauthorizedException("User is not authenticated");
}
Item item = Jenkins.getInstance().getItemByFullName(pipeline.getFullName());
if (item instanceof OrganizationFolder) {
OrganizationFolder folder = (OrganizationFolder) item;
GitHubSCMNavigator gitHubSCMNavigator = getNavigator(folder);
if (gitHubSCMNavigator != null) {
folder.getNavigators().replace(gitHubSCMNavigator);
if (repos.size() == 1) {
SCMSourceEvent.fireNow(new GithubPipelineCreateRequest.SCMSourceEventImpl(repos.get(0), item, gitHubSCMNavigator.getApiUri(), gitHubSCMNavigator));
} else {
folder.scheduleBuild(new Cause.UserIdCause());
}
}
}
return pipeline;
}
Also used :
Item(hudson.model.Item)
User(hudson.model.User)
OrganizationFolder(jenkins.branch.OrganizationFolder)
Authentication(org.acegisecurity.Authentication)
Cause(hudson.model.Cause)
ACL(hudson.security.ACL)
GitHubSCMNavigator(org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator)
Nonnull(javax.annotation.Nonnull)
Example 17 with Authentication
use of org.acegisecurity.Authentication in project blueocean-plugin by jenkinsci.
the class GitPipelineUpdateRequest method update.
@CheckForNull
@Override
@SuppressWarnings("unchecked")
public BluePipeline update(BluePipeline pipeline) throws IOException {
Item item = Jenkins.getInstance().getItemByFullName(pipeline.getFullName());
if (item instanceof MultiBranchProject) {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CONFIGURE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to update Git pipeline: %s. User %s doesn't have Job configure permission", pipeline.getName(), a.getName()));
}
MultiBranchProject mbp = (MultiBranchProject) item;
BranchSource branchSource = getGitScmSource(mbp);
if (branchSource != null) {
mbp.getSourcesList().replaceBy(Collections.singleton(branchSource));
mbp.scheduleBuild2(0, new CauseAction(new Cause.UserIdCause()));
}
}
return pipeline;
}
Also used :
Item(hudson.model.Item)
Authentication(org.acegisecurity.Authentication)
CauseAction(hudson.model.CauseAction)
MultiBranchProject(jenkins.branch.MultiBranchProject)
ACL(hudson.security.ACL)
BranchSource(jenkins.branch.BranchSource)
CheckForNull(javax.annotation.CheckForNull)
Example 18 with Authentication
use of org.acegisecurity.Authentication in project blueocean-plugin by jenkinsci.
the class BlueOceanRootAction method getTarget.
@Override
public Object getTarget() {
StaplerRequest request = Stapler.getCurrentRequest();
if (request.getOriginalRestOfPath().startsWith("/rest/")) {
if (enableJWT) {
Authentication tokenAuthentication = JwtAuthenticationToken.create(request);
//create a new context and set it to holder to not clobber existing context
SecurityContext securityContext = new SecurityContextImpl();
securityContext.setAuthentication(tokenAuthentication);
SecurityContextHolder.setContext(securityContext);
//TODO: implement this as filter, see PluginServletFilter to clear the context
} else {
HashCode hashCode = Hashing.sha1().newHasher().putString(Jenkins.getAuthentication().getName(), StandardCharsets.UTF_8).putLong(randomBits).hash();
// Base64 encode to ensure no non-ASCII characters get into the header
String refresherToken = Base64.encode(hashCode.asBytes());
Stapler.getCurrentResponse().setHeader("X-Blueocean-Refresher", refresherToken);
}
} else {
//If user doesn't have overall Jenkins read permission then return 403, which results in classic UI redirecting
// user to login page
Jenkins.getInstance().checkPermission(Jenkins.READ);
}
return app;
}
Also used :
SecurityContextImpl(org.acegisecurity.context.SecurityContextImpl)
HashCode(com.google.common.hash.HashCode)
Authentication(org.acegisecurity.Authentication)
StaplerRequest(org.kohsuke.stapler.StaplerRequest)
SecurityContext(org.acegisecurity.context.SecurityContext)
Example 19 with Authentication
use of org.acegisecurity.Authentication in project blueocean-plugin by jenkinsci.
the class AbstractPipelineCreateRequestImpl method create.
@Nonnull
public TopLevelItem create(ModifiableTopLevelItemGroup parent, String name, String descriptorName, Class<? extends TopLevelItemDescriptor> descriptorClass) throws IOException {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CREATE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. User %s doesn't have Job create permission", name, a.getName()));
}
TopLevelItemDescriptor descriptor = Items.all().findByName(descriptorName);
if (descriptor == null || !(descriptorClass.isAssignableFrom(descriptor.getClass()))) {
throw new ServiceException.BadRequestExpception(String.format("Failed to create pipeline: %s, descriptor %s is not found", name, descriptorName));
}
ItemGroup p = Jenkins.getInstance();
if (!descriptor.isApplicableIn(p)) {
throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. pipeline can't be created in Jenkins root folder", name));
}
if (!acl.hasCreatePermission(a, p, descriptor)) {
throw new ServiceException.ForbiddenException("Missing permission: " + Item.CREATE.group.title + "/" + Item.CREATE.name + Item.CREATE + "/" + descriptor.getDisplayName());
}
return parent.createProject(descriptor, name, true);
}
Also used :
ItemGroup(hudson.model.ItemGroup)
ModifiableTopLevelItemGroup(jenkins.model.ModifiableTopLevelItemGroup)
Authentication(org.acegisecurity.Authentication)
TopLevelItemDescriptor(hudson.model.TopLevelItemDescriptor)
ACL(hudson.security.ACL)
Nonnull(javax.annotation.Nonnull)
Aggregations
Authentication (org.acegisecurity.Authentication)19
SecurityContext (org.acegisecurity.context.SecurityContext)6
User (hudson.model.User)4
ACL (hudson.security.ACL)3
Nonnull (javax.annotation.Nonnull)3
Item (hudson.model.Item)2
CliAuthenticator (hudson.security.CliAuthenticator)2
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpSession (javax.servlet.http.HttpSession)2
JSONObject (net.sf.json.JSONObject)2
CmdLineException (org.kohsuke.args4j.CmdLineException)2
Credentials (com.cloudbees.plugins.credentials.Credentials)1
CredentialsStore (com.cloudbees.plugins.credentials.CredentialsStore)1
IdCredentials (com.cloudbees.plugins.credentials.common.IdCredentials)1
Domain (com.cloudbees.plugins.credentials.domains.Domain)1
HashCode (com.google.common.hash.HashCode)1
AbortException (hudson.AbortException)1
ExtensionComponent (hudson.ExtensionComponent)1
