use of org.acegisecurity.context.SecurityContextImpl in project blueocean-plugin by jenkinsci.
the class BlueOceanRootAction method getTarget.
@Override
public Object getTarget() {
StaplerRequest request = Stapler.getCurrentRequest();
if (request.getOriginalRestOfPath().startsWith("/rest/")) {
if (enableJWT) {
Authentication tokenAuthentication = JwtAuthenticationToken.create(request);
//create a new context and set it to holder to not clobber existing context
SecurityContext securityContext = new SecurityContextImpl();
securityContext.setAuthentication(tokenAuthentication);
SecurityContextHolder.setContext(securityContext);
//TODO: implement this as filter, see PluginServletFilter to clear the context
} else {
HashCode hashCode = Hashing.sha1().newHasher().putString(Jenkins.getAuthentication().getName(), StandardCharsets.UTF_8).putLong(randomBits).hash();
// Base64 encode to ensure no non-ASCII characters get into the header
String refresherToken = Base64.encode(hashCode.asBytes());
Stapler.getCurrentResponse().setHeader("X-Blueocean-Refresher", refresherToken);
}
} else {
//If user doesn't have overall Jenkins read permission then return 403, which results in classic UI redirecting
// user to login page
Jenkins.getInstance().checkPermission(Jenkins.READ);
}
return app;
}
Aggregations