Java SecurityContextHolder类代码示例

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@CheckForNull
public Run<?, ?> getRun() {
    if (StringUtils.isBlank(buildId)) {
        return null;
    }
    final Job<?, ?> job = getJob();
    if (job != null) {
        SecurityContext old = ACL.impersonate(ACL.SYSTEM);
        try {
            return job.getBuild(buildId);
        } catch (Exception e) {
            logger.log(Level.WARNING, "Unable to retrieve run " + jobName + ":" + buildId, e);
        } finally {
            SecurityContextHolder.setContext(old);
        }
    }
    return null;
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {


    if(1 + 1 == 2) {
        SecurityContext oldCtx = SecurityContextHolder.getContext();
        SecurityContextHolder.setContext(null); //
        try {
            super.doFilter(req, res, chain);
        } finally {
            SecurityContextHolder.setContext(oldCtx);
        }
    }
    else {
        super.doFilter(req, res, chain);
    }
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
private Set<GhprcWebHook> getWebHooks() {
    final Set<GhprcWebHook> webHooks = new HashSet<GhprcWebHook>();

    // We need this to get access to list of repositories
    Authentication old = SecurityContextHolder.getContext().getAuthentication();
    SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);

    try {
        for (AbstractProject<?, ?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)) {
            GhprcTrigger trigger = job.getTrigger(GhprcTrigger.class);
            if (trigger == null || trigger.getWebHook() == null) {
                continue;
            }
            webHooks.add(trigger.getWebHook());
        }
    } finally {
        SecurityContextHolder.getContext().setAuthentication(old);
    }

    if (webHooks.size() == 0) {
        logger.log(Level.WARNING, "No projects found using GitHub pull request trigger");
    }

    return webHooks;
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
private RESTController.ErrorCode authenticate(String username, String password, Authentication previousAuth) {

        // Previously authenticated and username not overridden?
        if (username == null && previousAuth != null) {
            return null;
        }

        // Ensure password is given.
        if (password == null) {
            return RESTController.ErrorCode.MISSING_PARAMETER;
        }

        try {
            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
            Authentication authResult = authenticationManager.authenticate(authRequest);
            SecurityContextHolder.getContext().setAuthentication(authResult);
//            LOG.info("Authentication succeeded for user " + username);
        } catch (AuthenticationException x) {
            LOG.info("Authentication failed for user " + username);
            return RESTController.ErrorCode.NOT_AUTHENTICATED;
        }
        return null;
    }
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
private Set<GhprbRepository> getRepos(String repo){
	HashSet<GhprbRepository> ret = new HashSet<GhprbRepository>();

	// We need this to get access to list of repositories
	Authentication old = SecurityContextHolder.getContext().getAuthentication();
       SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);

	try{
		for(AbstractProject<?,?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)){
			GhprbTrigger trigger = job.getTrigger(GhprbTrigger.class);
			if (trigger == null || trigger.getGhprb() == null) continue;
			GhprbRepository r = trigger.getGhprb().getRepository();
			if(repo.equals(r.getName())){
				ret.add(r);
			}
		}
	}finally{
		SecurityContextHolder.getContext().setAuthentication(old);
	}
	return ret;
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
/**
 * This method retrieves the Distributed Session Ticket
 * 
 * @return the Distributed Session Ticket if valid or null
 */
private String getDST() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String sDST = null;
    
    if (authentication != null) {
        GrantedAuthority[] authorities = authentication.getAuthorities();
        if (logger.isDebugEnabled()) {
            logger.debug("Granted Authority Count:" + authorities.length);
        }
        
        for (int i = 0; i < authorities.length; i++) {
            if (logger.isDebugEnabled()) {
                logger.debug("Authority:" + authorities[i]);
            }
            if (authorities[i].toString().startsWith(DistributedSession.getPrefix())) {
                sDST = authorities[0].toString();
            }
        }
    }
    else {
        logger.debug("Authentication is NULL");            
    }
    
    return sDST;
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
public Job<?, ?> getProject( String job, StaplerRequest req, StaplerResponse rsp )
    throws HttpResponses.HttpResponseException
{
    Job<?, ?> p;

    SecurityContext orig = ACL.impersonate( ACL.SYSTEM );
    try
    {
        p = Jenkins.getInstance().getItemByFullName( job, Job.class );
    }
    finally
    {
        SecurityContextHolder.setContext( orig );
    }

    if ( p == null )
    {
        throw org.kohsuke.stapler.HttpResponses.notFound();
    }

    return p;
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
public void processGitHubPayload(final String eventType, final String payloadData) {
    SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
    final WebhookPayload payload = makePayload(eventType, payloadData);
    LOGGER.info("Received kicking off build for " + payload.getProjectUrl());
    for (final DynamicProject job : makeDynamicProjectRepo().getJobsFor(payload.getProjectUrl())) {

        if (payload.needsBuild(job)) {
            LOGGER.info("starting job " + job.getName());
            this.queue.execute(() -> {
                try {
                    job.scheduleBuild(0, payload.getCause(), new NoDuplicatesParameterAction(getParametersValues(job, payload.getBranch())));
                } catch (final Exception e) {
                    LOGGER.log(Level.INFO, "Error scheduling build for " + payload.getProjectUrl(), e);
                }
            });
        }
    }
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@Test
public void testRebuildNotAuthorized() throws Exception {
    FreeStyleProject projectA = jenkins.createFreeStyleProject("A");
    jenkins.createFreeStyleProject("B");
    projectA.getPublishersList().add(new BuildPipelineTrigger("B", null));

    jenkins.getInstance().rebuildDependencyGraph();
    DeliveryPipelineView view = new DeliveryPipelineView("View");
    jenkins.getInstance().addView(view);

    jenkins.getInstance().setSecurityRealm(jenkins.createDummySecurityRealm());
    GlobalMatrixAuthorizationStrategy gmas = new GlobalMatrixAuthorizationStrategy();
    gmas.add(Permission.READ, "devel");
    jenkins.getInstance().setAuthorizationStrategy(gmas);

    SecurityContext oldContext = ACL.impersonate(User.get("devel").impersonate());
    try {
        view.triggerRebuild("B", "1");
        fail();
    } catch (AuthenticationException e) {
        //Should throw this
    }
    SecurityContextHolder.setContext(oldContext);
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
/**
 * Function to finds the build with the unique build id.
 *
 * @param jobName
 *      The jenkins job or project name
 * @param buildNumber
 *      The jenkins build number
 * @return
 *      the build Run if found, otherwise return null
 */
public static Run<?,?> findBuild(String jobName, int buildNumber) {

    SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
    try {
        AbstractProject<?,?> project = Jenkins.getActiveInstance().getItemByFullName(jobName, AbstractProject.class);
        if (project != null){
            Run<?,?> run = project.getBuildByNumber(buildNumber);
            if (run != null) {
                return run;
            }
        }
        return null;
    } finally {
        SecurityContextHolder.setContext(oldContext);
    }
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
/**
 * {@inheritDoc}
 */
@Override
public CommonDataElement retrieveDataElement(Long dataElementId, Float dataElementVersion)
throws ConnectionException {
    // Satish Patel informed me that the cadsrApi clears out the SecurityContext after they're done with it,
    // they are working on a fix but as a workaround I need to store the context and set it again after
    // I am done with all of the caDSR domain objects.  --TJ
    SecurityContext originalContext = SecurityContextHolder.getContext();
    try {
        List<Object> cadsrDataElements = searchDataElement(dataElementId, dataElementVersion);
        gov.nih.nci.cadsr.domain.DataElement latestCadsrDataElement = getLatestDataElement(cadsrDataElements);
        return convertCadsrDataElementToDataElements(latestCadsrDataElement);
    } catch (Exception e) {
        throw new ConnectionException("Couldn't connect to the caDSR server", e);
    } finally {
        // Restore context as described above.
        SecurityContextHolder.setContext(originalContext);
    }
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@Override
@Before
public void setUp() throws Exception {
    super.setUp();
    authentication.setUsername("user");
    SecurityContextHolder.getContext().setAuthentication(authentication);
    ActionContext.getContext().setSession(new HashMap<String, Object>());
    sessionHelper = SessionHelper.getInstance();
    userWorkspace = new UserWorkspace();
    studySubscription = new StudySubscription();
    Study study = new Study();
    study.setShortTitleText("fakeStudy");
    studySubscription.setStudy(study);
    studySubscription.setId(Long.valueOf(1));
    Query query1 = new Query();
    query1.setName("query1");
    Query query2 = new Query();
    query2.setName("query2");
    studySubscription.getQueryCollection().add(query1);
    studySubscription.getQueryCollection().add(query2);
    userWorkspace.getSubscriptionCollection().add(studySubscription);
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@Test
public void testGetters() {
    SecurityContextHolder.getContext().setAuthentication(null);
    assertNull(action.getDisplayableWorkspace());
    assertNull(action.getStudySubscription());
    assertNull(action.getStudy());
    assertEquals(action.getStudy(), action.getCurrentStudy());
    assertNull(action.getQueryResult());
    assertNull(action.getGenomicDataQueryResult());
    SecurityContextHolder.getContext().setAuthentication(new AcegiAuthenticationStub());
    action.prepare();
    assertNotNull(action.getDisplayableWorkspace());
    assertNotNull(action.getStudySubscription());
    assertNotNull(action.getStudy());
    GenomicDataQueryResult genomicDataQueryResult = new GenomicDataQueryResult();
    action.setGenomicDataQueryResult(genomicDataQueryResult);
    assertEquals(genomicDataQueryResult, action.getGenomicDataQueryResult());
    action.setStudySubscription(null);
    action.prepare();
    assertNull(action.getQueryResult());
    assertNull(action.getGenomicDataQueryResult());
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@Test
public void testExecute() {
    ActionContext.getContext().setSession(new HashMap<String, Object>());
    SecurityContextHolder.getContext().setAuthentication(null);
    assertEquals(Action.ERROR, action.execute());
    // Must add authentication to pass the action.
    SecurityContextHolder.getContext().setAuthentication(new AcegiAuthenticationStub());
    SessionHelper.getInstance().setStudyManager(true);
    action.prepare();
    assertEquals(Action.ERROR, action.execute());
    assertTrue(action.hasActionErrors());
    action.clearActionErrors();
    StudyConfiguration study = new StudyConfiguration();
    study.setId(1L);
    action.setStudyConfiguration(study);
    assertEquals(Action.SUCCESS, action.execute());
    assertTrue(studyManagementServiceStub.copyCalled);
}
 

import org.acegisecurity.context.SecurityContextHolder; //导入依赖的package包/类
@Test
public void testMaliciousCharacterRemoval() {
    String maliciousNameIn = "StudyName<iframe src=javascript:alert(70946)";
    String goodNameIn = "StudyName";
    String nameOut = "StudyName";

    ActionContext.getContext().setSession(new HashMap<String, Object>());
    SecurityContextHolder.getContext().setAuthentication(null);
    assertEquals(Action.ERROR, action.execute());
    // Must add authentication to pass the action.
    SecurityContextHolder.getContext().setAuthentication(new AcegiAuthenticationStub());
    SessionHelper.getInstance().setStudyManager(true);
    action.getStudyConfiguration().getStudy().setShortTitleText(maliciousNameIn);
    assertEquals(Action.SUCCESS, action.execute());
    assertTrue(studyManagementServiceStub.saveCalled);
    assertEquals(nameOut, action.getStudyConfiguration().getStudy().getShortTitleText());

    action.getStudyConfiguration().getStudy().setShortTitleText(goodNameIn);
    assertEquals(Action.SUCCESS, action.execute());
    assertTrue(studyManagementServiceStub.saveCalled);
    assertEquals(nameOut, action.getStudyConfiguration().getStudy().getShortTitleText());

}