Search in sources :

Example 1 with SecurityContextImpl

use of org.acegisecurity.context.SecurityContextImpl in project blueocean-plugin by jenkinsci.

the class BlueOceanRootAction method getTarget.

@Override
public Object getTarget() {
    StaplerRequest request = Stapler.getCurrentRequest();
    if (request.getOriginalRestOfPath().startsWith("/rest/")) {
        if (enableJWT) {
            Authentication tokenAuthentication = JwtAuthenticationToken.create(request);
            //create a new context and set it to holder to not clobber existing context
            SecurityContext securityContext = new SecurityContextImpl();
            securityContext.setAuthentication(tokenAuthentication);
            SecurityContextHolder.setContext(securityContext);
        //TODO: implement this as filter, see PluginServletFilter to clear the context
        } else {
            HashCode hashCode = Hashing.sha1().newHasher().putString(Jenkins.getAuthentication().getName(), StandardCharsets.UTF_8).putLong(randomBits).hash();
            // Base64 encode to ensure no non-ASCII characters get into the header
            String refresherToken = Base64.encode(hashCode.asBytes());
            Stapler.getCurrentResponse().setHeader("X-Blueocean-Refresher", refresherToken);
        }
    } else {
        //If user doesn't have overall Jenkins read permission then return 403, which results in classic UI redirecting
        // user to login page
        Jenkins.getInstance().checkPermission(Jenkins.READ);
    }
    return app;
}
Also used : SecurityContextImpl(org.acegisecurity.context.SecurityContextImpl) HashCode(com.google.common.hash.HashCode) Authentication(org.acegisecurity.Authentication) StaplerRequest(org.kohsuke.stapler.StaplerRequest) SecurityContext(org.acegisecurity.context.SecurityContext)

Aggregations

HashCode (com.google.common.hash.HashCode)1 Authentication (org.acegisecurity.Authentication)1 SecurityContext (org.acegisecurity.context.SecurityContext)1 SecurityContextImpl (org.acegisecurity.context.SecurityContextImpl)1 StaplerRequest (org.kohsuke.stapler.StaplerRequest)1