Java Authentication.getAuthorities方法代码示例

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
/**
 * Gets the names of the authorities that this action is associated with.
 *
 * @return the names of the authorities that this action is associated with.
 */
@NonNull
public List<String> getAuthorities() {
    Authentication authentication = Jenkins.getAuthentication();
    GrantedAuthority[] authorities = authentication.getAuthorities();
    if (authorities == null) {
        return Collections.emptyList();
    }
    String id = authentication.getName();
    List<String> result = new ArrayList<>(authorities.length);
    for (GrantedAuthority a : authorities) {
        String n = a.getAuthority();
        if (n != null && !User.idStrategy().equals(n, id)) {
            result.add(n);
        }
    }
    Collections.sort(result, String.CASE_INSENSITIVE_ORDER);
    return result;
}
 

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
@RequirePOST
public HttpResponse doImpersonate(StaplerRequest req, @QueryParameter String name) {
    Authentication auth = Jenkins.getAuthentication();
    GrantedAuthority[] authorities = auth.getAuthorities();
    if (authorities == null || StringUtils.isBlank(name)) {
        return HttpResponses.redirectToContextRoot();
    }
    GrantedAuthority authority = null;
    for (GrantedAuthority a : authorities) {
        if (a.getAuthority().equals(name)) {
            authority = a;
            break;
        }
    }
    if (authority == null) {
        return HttpResponses.redirectToContextRoot();
    }
    if (!SecurityRealm.AUTHENTICATED_AUTHORITY.equals(authority)) {
        ACL.impersonate(new ImpersonationAuthentication(auth, authority, SecurityRealm.AUTHENTICATED_AUTHORITY));
    } else {
        ACL.impersonate(new ImpersonationAuthentication(auth, SecurityRealm.AUTHENTICATED_AUTHORITY));
    }
    return HttpResponses.redirectToContextRoot();
}
 

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
@Override
public boolean hasPermission(Authentication a, Permission permission) {
    if(ACL.SYSTEM_USERNAME.equals(a.getName())) {
        return true;
    }
    GrantedAuthority[] authorities = a.getAuthorities();
    if(ArrayUtils.isEmpty(authorities)) {
        return false;
    }
    for(GrantedAuthority authority : authorities) {
        if(StringUtils.endsWith(authority.getAuthority(), GitLabGrantedAuthority.GITLAB_ADMIN_SUFFIX)) {
            return true;
        }
        if(authority instanceof GitLabGrantedAuthority) {
            if(hasPermissionForJob((GitLabGrantedAuthority) authority, permission)) {
                return true;
            }
        }
    }
    return this.project == null && Jenkins.READ == permission;
}
 

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
/**
 * This method retrieves the Distributed Session Ticket
 * 
 * @return the Distributed Session Ticket if valid or null
 */
private String getDST() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String sDST = null;
    
    if (authentication != null) {
        GrantedAuthority[] authorities = authentication.getAuthorities();
        if (logger.isDebugEnabled()) {
            logger.debug("Granted Authority Count:" + authorities.length);
        }
        
        for (int i = 0; i < authorities.length; i++) {
            if (logger.isDebugEnabled()) {
                logger.debug("Authority:" + authorities[i]);
            }
            if (authorities[i].toString().startsWith(DistributedSession.getPrefix())) {
                sDST = authorities[0].toString();
            }
        }
    }
    else {
        logger.debug("Authentication is NULL");            
    }
    
    return sDST;
}
 

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
    int result = ACCESS_ABSTAIN;
    Iterator iter = config.getConfigAttributes();

    while (iter.hasNext()) {
        ConfigAttribute attribute = (ConfigAttribute) iter.next();

        if (this.supports(attribute)) {
            result = ACCESS_DENIED;

            // Attempt to find a matching granted authority
            for (int i = 0; i < authentication.getAuthorities().length; i++) {
                if ((attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority()))) {
                    result = ACCESS_GRANTED;
                }
            }
        }
        if (result == ACCESS_DENIED) return result;
    }

    return result;
}
 

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
/**
 * {@inheritDoc}
 */
@Override
public String getIconFileName() {
    Authentication a = Jenkins.getAuthentication();
    if (a instanceof ImpersonationAuthentication) {
        return null;
    }
    GrantedAuthority[] authorities = a.getAuthorities();
    return authorities != null && authorities.length > 0 && User.idStrategy().equals(a.getName(), user.getId())
            ? "plugin/impersonation/images/24x24/impersonate.png"
            : null;
}
 

import org.acegisecurity.Authentication; //导入方法依赖的package包/类
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
    Object returnedObject) throws AccessDeniedException {
    Iterator iter = config.getConfigAttributes();

    
  securityMap =  securityHelper.getPostMethodInvocationSecurityMap(methodInvocation, returnedObject);
 
    while (iter.hasNext()) {
    	
        ConfigAttribute attr = (ConfigAttribute) iter.next();

        if (this.supports(attr)) {
            // Need to process the Collection for this invocation
            if (returnedObject == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Return object is null, skipping");
                }
                return null;
            }

            
            // Get GrantedAuthorities from Authentication Object and Match them with the SecurityMap
            GrantedAuthority[] authorities = authentication.getAuthorities();
            Collection<String> grantedAuthoritiesStringCollection = new ArrayList<String>();
            for(int i=0;i<authorities.length;i++){
            	grantedAuthoritiesStringCollection.add(authorities[i].getAuthority());
            }
            
            
            Collection securityRolesCollection = new ArrayList();
            Set keySet = securityMap.keySet();
    		Iterator iterator = keySet.iterator();
    		while(iterator.hasNext()){
    			String className = (String)iterator.next();
    			Collection classname = (Collection) securityMap.get(className);
    			Iterator authoritiesIterator = classname.iterator();
    			while(authoritiesIterator.hasNext()){
    				String privilege = (String)authoritiesIterator.next();
    				String authority = className + "_" + privilege;
    				securityRolesCollection.add(authority);		
    			}			
    		}
    		
    		boolean accessDenied = false;
    		
            Iterator securityRolesCollectionIterator = securityRolesCollection.iterator();
            while(securityRolesCollectionIterator.hasNext()){
            	String string = (String) securityRolesCollectionIterator.next();
            	if(!grantedAuthoritiesStringCollection.contains(string)){
            		accessDenied = true;
            	}
            }
            
            if(accessDenied){
            	throw new AccessDeniedException("User does not have access to some or all of returned object.");
            }
            
            return returnedObject;
        }
    }
    return returnedObject;
}