public abstract class AuthorizationStrategy extends AbstractDescribableImpl<AuthorizationStrategy> implements ExtensionPoint
This object will be persisted along with Jenkins
object.
Hudson by itself won't put the ACL returned from getRootACL()
into the serialized object graph,
so if that object contains state and needs to be persisted, it's the responsibility of
AuthorizationStrategy
to do so (by keeping them in an instance field.)
The corresponding Describable
instance will be asked to create a new AuthorizationStrategy
every time the system configuration is updated. Implementations that keep more state in ACL beyond
the system configuration should use Jenkins.getAuthorizationStrategy()
to talk to the current
instance to carry over the state.
SecurityRealm
Modifier and Type | Class and Description |
---|---|
static class |
AuthorizationStrategy.Unsecured |
ExtensionPoint.LegacyInstancesAreScopedToHudson
Modifier and Type | Field and Description |
---|---|
static DescriptorList<AuthorizationStrategy> |
LIST
|
static AuthorizationStrategy |
UNSECURED
AuthorizationStrategy that implements the semantics
of unsecured Hudson where everyone has full control. |
Constructor and Description |
---|
AuthorizationStrategy() |
Modifier and Type | Method and Description |
---|---|
static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> |
all()
Returns all the registered
AuthorizationStrategy descriptors. |
ACL |
getACL(AbstractItem item)
Implementation can choose to provide different ACL for different items.
|
ACL |
getACL(AbstractProject<?,?> project)
Deprecated.
since 1.277
Override
getACL(Job) instead. |
ACL |
getACL(Cloud cloud)
Implementation can choose to provide different ACL for different
Cloud s. |
ACL |
getACL(Computer computer)
Implementation can choose to provide different ACL for different computers.
|
ACL |
getACL(Job<?,?> project) |
ACL |
getACL(Node node) |
ACL |
getACL(User user)
Implementation can choose to provide different ACL per user.
|
ACL |
getACL(View item)
Implementation can choose to provide different ACL for different views.
|
abstract Collection<String> |
getGroups()
Returns the list of all group/role names used in this authorization strategy,
and the ACL returned from the
getRootACL() method. |
abstract ACL |
getRootACL()
|
getDescriptor
@Deprecated public static final DescriptorList<AuthorizationStrategy> LIST
SecurityRealm
implementations.public static final AuthorizationStrategy UNSECURED
AuthorizationStrategy
that implements the semantics
of unsecured Hudson where everyone has full control.
This singleton is safe because AuthorizationStrategy.Unsecured
is stateless.
@Deprecated @Nonnull public ACL getACL(@Nonnull AbstractProject<?,?> project)
getACL(Job)
instead.@Nonnull public ACL getACL(@Nonnull View item)
The default implementation makes the view visible if any of the items are visible or the view is configurable.
@Nonnull public ACL getACL(@Nonnull AbstractItem item)
The default implementation returns getRootACL()
.
@Nonnull public ACL getACL(@Nonnull User user)
The default implementation returns getRootACL()
.
@Nonnull public ACL getACL(@Nonnull Computer computer)
The default implementation delegates to getACL(Node)
@Nonnull public ACL getACL(@Nonnull Cloud cloud)
Cloud
s.
This can be used as a basis for more fine-grained access control.
The default implementation returns getRootACL()
.
@Nonnull public abstract Collection<String> getGroups()
getRootACL()
method.
This method is used by ContainerAuthentication
to work around the servlet API issue
that prevents us from enumerating roles that the user has.
If such enumeration is impossible, do the best to list as many as possible, then return it. In the worst case, just return an empty list. Doing so would prevent users from using role names as group names (see HUDSON-2716 for such one such report.)
@Nonnull public static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()
AuthorizationStrategy
descriptors.Copyright © 2019. All rights reserved.