Java Authentication类代码示例

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * Gets the names of the authorities that this action is associated with.
 *
 * @return the names of the authorities that this action is associated with.
 */
@NonNull
public List<String> getAuthorities() {
    Authentication authentication = Jenkins.getAuthentication();
    GrantedAuthority[] authorities = authentication.getAuthorities();
    if (authorities == null) {
        return Collections.emptyList();
    }
    String id = authentication.getName();
    List<String> result = new ArrayList<>(authorities.length);
    for (GrantedAuthority a : authorities) {
        String n = a.getAuthority();
        if (n != null && !User.idStrategy().equals(n, id)) {
            result.add(n);
        }
    }
    Collections.sort(result, String.CASE_INSENSITIVE_ORDER);
    return result;
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
@RequirePOST
public HttpResponse doImpersonate(StaplerRequest req, @QueryParameter String name) {
    Authentication auth = Jenkins.getAuthentication();
    GrantedAuthority[] authorities = auth.getAuthorities();
    if (authorities == null || StringUtils.isBlank(name)) {
        return HttpResponses.redirectToContextRoot();
    }
    GrantedAuthority authority = null;
    for (GrantedAuthority a : authorities) {
        if (a.getAuthority().equals(name)) {
            authority = a;
            break;
        }
    }
    if (authority == null) {
        return HttpResponses.redirectToContextRoot();
    }
    if (!SecurityRealm.AUTHENTICATED_AUTHORITY.equals(authority)) {
        ACL.impersonate(new ImpersonationAuthentication(auth, authority, SecurityRealm.AUTHENTICATED_AUTHORITY));
    } else {
        ACL.impersonate(new ImpersonationAuthentication(auth, SecurityRealm.AUTHENTICATED_AUTHORITY));
    }
    return HttpResponses.redirectToContextRoot();
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
protected boolean isUpstreamBuildVisibleByDownstreamBuildAuth(@Nonnull WorkflowJob upstreamPipeline, @Nonnull Queue.Task downstreamPipeline) {
    Authentication auth = Tasks.getAuthenticationOf(downstreamPipeline);
    Authentication downstreamPipelineAuth;
    if (auth.equals(ACL.SYSTEM) && !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) {
        downstreamPipelineAuth = Jenkins.ANONYMOUS; // cf. BuildTrigger
    } else {
        downstreamPipelineAuth = auth;
    }

    try (ACLContext _ = ACL.as(downstreamPipelineAuth)) {
        WorkflowJob upstreamPipelineObtainedAsImpersonated = Jenkins.getInstance().getItemByFullName(upstreamPipeline.getFullName(), WorkflowJob.class);
        boolean result = upstreamPipelineObtainedAsImpersonated != null;
        LOGGER.log(Level.FINE, "isUpstreamBuildVisibleByDownstreamBuildAuth({0}, {1}): taskAuth: {2}, downstreamPipelineAuth: {3}, upstreamPipelineObtainedAsImpersonated:{4}, result: {5}",
                new Object[]{upstreamPipeline, downstreamPipeline, auth, downstreamPipelineAuth, upstreamPipelineObtainedAsImpersonated, result});
        return result;
    }
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
@Override
public boolean hasPermission(Authentication a, Permission permission) {
    if(ACL.SYSTEM_USERNAME.equals(a.getName())) {
        return true;
    }
    GrantedAuthority[] authorities = a.getAuthorities();
    if(ArrayUtils.isEmpty(authorities)) {
        return false;
    }
    for(GrantedAuthority authority : authorities) {
        if(StringUtils.endsWith(authority.getAuthority(), GitLabGrantedAuthority.GITLAB_ADMIN_SUFFIX)) {
            return true;
        }
        if(authority instanceof GitLabGrantedAuthority) {
            if(hasPermissionForJob((GitLabGrantedAuthority) authority, permission)) {
                return true;
            }
        }
    }
    return this.project == null && Jenkins.READ == permission;
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
@Override
public SecurityComponents createSecurityComponents() {
    return new SecurityRealm.SecurityComponents(new AuthenticationManager() {
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            if (authentication instanceof DeepinAuthenticationToken) {
                return authentication;
            }

            throw new BadCredentialsException("Unexpected authentication type: " + authentication);
        }
    }, new UserDetailsService() {
        public UserDetails loadUserByUsername(String username)  throws UserMayOrMayNotExistException, DataAccessException {
            throw new UserMayOrMayNotExistException("Cannot verify users in this context");
        }
    });
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
private Set<GhprcWebHook> getWebHooks() {
    final Set<GhprcWebHook> webHooks = new HashSet<GhprcWebHook>();

    // We need this to get access to list of repositories
    Authentication old = SecurityContextHolder.getContext().getAuthentication();
    SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);

    try {
        for (AbstractProject<?, ?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)) {
            GhprcTrigger trigger = job.getTrigger(GhprcTrigger.class);
            if (trigger == null || trigger.getWebHook() == null) {
                continue;
            }
            webHooks.add(trigger.getWebHook());
        }
    } finally {
        SecurityContextHolder.getContext().setAuthentication(old);
    }

    if (webHooks.size() == 0) {
        logger.log(Level.WARNING, "No projects found using GitHub pull request trigger");
    }

    return webHooks;
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * Checks if the given principal has permission to use the permission.
 * 
 * @param auth       the authentication object
 * @param permission the permission
 * @return true if permission is granted
 */
@Override
public boolean hasPermission(Authentication auth, Permission permission) {
    if(hasGlobalPermission(auth, permission)) {
        return true;
    }
    
    if (isLoggedIn(auth)) {
        GitLabUserDetails user = (GitLabUserDetails) auth.getPrincipal();
        
        if (isPermissionSetStandard(user, permission)) {
            return true;
        }
        
        if (isPermissionSetGitLab(user.getId(), groupId, permission)) {
            return true;
        }
    }
    return isPermissionSetAnon(permission);
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * Checks if the given principal has permission to use the permission.
 * 
 * @param auth       the authentication object
 * @param permission the permission
 * @return true if the given principal has permission
 */
@Override
public boolean hasPermission(Authentication auth, Permission permission) {
    if (auth == ACL.SYSTEM) {
        return true;
    }
    
    if(isLoggedIn(auth)) {
        GitLabUserDetails user = (GitLabUserDetails) auth.getPrincipal();
        
        if (isPermissionSetStandard(user, permission)) {
            return true;
        }
    }
    return isPermissionSetAnon(permission);
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * Creates a new instance of the GitLabUserInformation object containing information about the logged in user.
 * 
 * @return the UserPropery object
 */
@Override
public UserProperty newInstance(User user) {
    Authentication auth = Jenkins.getAuthentication();
    
    if (auth instanceof GitLabUserDetails) {
        GitLabUserInfo gitLabUser;
        try {
            gitLabUser = GitLab.getUser(((GitLabUserDetails) auth.getPrincipal()).getId());
            return new GitLabUserProperty(gitLabUser);
        } catch (GitLabApiException e) {
            LOGGER.warning(e.getMessage());
        }
    }
    return new GitLabUserProperty();
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
private RESTController.ErrorCode authenticate(String username, String password, Authentication previousAuth) {

        // Previously authenticated and username not overridden?
        if (username == null && previousAuth != null) {
            return null;
        }

        // Ensure password is given.
        if (password == null) {
            return RESTController.ErrorCode.MISSING_PARAMETER;
        }

        try {
            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
            Authentication authResult = authenticationManager.authenticate(authRequest);
            SecurityContextHolder.getContext().setAuthentication(authResult);
//            LOG.info("Authentication succeeded for user " + username);
        } catch (AuthenticationException x) {
            LOG.info("Authentication failed for user " + username);
            return RESTController.ErrorCode.NOT_AUTHENTICATED;
        }
        return null;
    }
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
private EngineConfiguration(@CheckForNull AbstractBuild<?, ?> build, @CheckForNull Item deployScope,
                            @CheckForNull List<Authentication> deployAuthentications, @NonNull S configuration,
                            @CheckForNull Launcher launcher, @CheckForNull BuildListener listener,
                            @CheckForNull Set<DeploySourceOrigin> sources) {
    configuration.getClass(); // throw NPE if null
    this.build = build;
    this.deployScope = deployScope;
    this.deployAuthentications = deployAuthentications == null
            ? null
            : Collections.unmodifiableList(new ArrayList<Authentication>(deployAuthentications));
    this.configuration = configuration;
    this.launcher = launcher;
    this.listener = listener;
    this.sources =
            sources == null ? null : Collections.unmodifiableSet(new LinkedHashSet<DeploySourceOrigin>(sources));
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
private Set<GhprbRepository> getRepos(String repo){
	HashSet<GhprbRepository> ret = new HashSet<GhprbRepository>();

	// We need this to get access to list of repositories
	Authentication old = SecurityContextHolder.getContext().getAuthentication();
       SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);

	try{
		for(AbstractProject<?,?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)){
			GhprbTrigger trigger = job.getTrigger(GhprbTrigger.class);
			if (trigger == null || trigger.getGhprb() == null) continue;
			GhprbRepository r = trigger.getGhprb().getRepository();
			if(repo.equals(r.getName())){
				ret.add(r);
			}
		}
	}finally{
		SecurityContextHolder.getContext().setAuthentication(old);
	}
	return ret;
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * Finds a Perforce Credential based on the String id.
 *
 * @param id Credential ID
 * @return a P4StandardCredentials credential or null if not found.
 * @deprecated Use {@link #findCredential(String, ItemGroup)} or {@link #findCredential(String, Item)}
 */
@Deprecated
public static P4BaseCredentials findCredential(String id) {
	Class<P4BaseCredentials> type = P4BaseCredentials.class;
	Jenkins scope = Jenkins.getInstance();
	Authentication acl = ACL.SYSTEM;
	DomainRequirement domain = new DomainRequirement();

	List<P4BaseCredentials> list;
	list = CredentialsProvider.lookupCredentials(type, scope, acl, domain);

	for (P4BaseCredentials c : list) {
		if (c.getId().equals(id)) {
			return c;
		}
	}
	return null;
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * This overridden method is differs from the super method by 
 * populating the user details by passing the full response
 * 
 * @see org.acegisecurity.providers.cas.CasAuthenticationProvider#authenticateNow(Authentication authentication)
 */
private CasAuthenticationToken authenticateNow(Authentication authentication) throws AuthenticationException {
    // Validate
    KualiTicketResponse response = (KualiTicketResponse)this.getTicketValidator().confirmTicketValid(authentication.getCredentials().toString());

    // Check proxy list is trusted
    this.getCasProxyDecider().confirmProxyListTrusted(response.getProxyList());
    if (logger.isDebugEnabled()) {
        logger.debug("authenticationNOW:" + response);
    }
    // Lookup user details      
    logger.debug("\n\npopulating authorities\n\n");
    UserDetails userDetails = ((KualiCasAuthoritiesPopulator)this.getCasAuthoritiesPopulator()).getUserDetails(response);        

    // Construct CasAuthenticationToken
    return new CasAuthenticationToken(this.getKey(), userDetails, authentication.getCredentials(),
        userDetails.getAuthorities(), userDetails, response.getProxyList(), response.getProxyGrantingTicketIou());
}
 

import org.acegisecurity.Authentication; //导入依赖的package包/类
/**
 * This method retrieves the Distributed Session Ticket
 * 
 * @return the Distributed Session Ticket if valid or null
 */
private String getDST() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String sDST = null;
    
    if (authentication != null) {
        GrantedAuthority[] authorities = authentication.getAuthorities();
        if (logger.isDebugEnabled()) {
            logger.debug("Granted Authority Count:" + authorities.length);
        }
        
        for (int i = 0; i < authorities.length; i++) {
            if (logger.isDebugEnabled()) {
                logger.debug("Authority:" + authorities[i]);
            }
            if (authorities[i].toString().startsWith(DistributedSession.getPrefix())) {
                sDST = authorities[0].toString();
            }
        }
    }
    else {
        logger.debug("Authentication is NULL");            
    }
    
    return sDST;
}