Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JEP-227][JENKINS-39324] Replace Acegi Security with Spring Security APIs #490

Merged
merged 13 commits into from
Oct 27, 2023
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@
import java.util.Set;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.security.core.Authentication;

/**
* A {@link ParameterDefinition} for a parameter that supplies a {@link Credentials}.
Expand Down Expand Up @@ -173,7 +173,7 @@ public StandardListBoxModel doFillDefaultValueItems(@AncestorInPath Item context
final StandardListBoxModel result = new StandardListBoxModel();
result.includeEmptyValue();
if (acl.hasPermission(CredentialsProvider.USE_ITEM)) {
result.includeAs(CredentialsProvider.getDefaultAuthenticationOf(context), context, typeClass, domainRequirements);
result.includeAs(CredentialsProvider.getDefaultAuthenticationOf2(context), context, typeClass, domainRequirements);
}
return result;
}
Expand All @@ -185,9 +185,9 @@ public StandardListBoxModel doFillValueItems(@AncestorInPath Item context,
@QueryParameter boolean includeUser) {
Jenkins jenkins = Jenkins.get();
final ACL acl = context == null ? jenkins.getACL() : context.getACL();
final Authentication authentication = Jenkins.getAuthentication();
final Authentication itemAuthentication = CredentialsProvider.getDefaultAuthenticationOf(context);
final boolean isSystem = ACL.SYSTEM.equals(authentication);
final Authentication authentication = Jenkins.getAuthentication2();
final Authentication itemAuthentication = CredentialsProvider.getDefaultAuthenticationOf2(context);
final boolean isSystem = ACL.SYSTEM2.equals(authentication);
final Class<? extends StandardCredentials> typeClass = decodeType(credentialType);
final List<DomainRequirement> domainRequirements = Collections.emptyList();
final StandardListBoxModel result = new StandardListBoxModel();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@
import java.util.Collections;
import java.util.List;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Stapler;
import org.springframework.security.core.Authentication;

/**
* A {@link ParameterValue} produced from a {@link CredentialsParameterDefinition}.
Expand Down Expand Up @@ -89,24 +89,24 @@ public <C extends IdCredentials> C lookupCredentials(@NonNull Class<C> type, @No

public <C extends IdCredentials> C lookupCredentials(@NonNull Class<C> type, @NonNull Run run,
List<DomainRequirement> domainRequirements) {
Authentication authentication = Jenkins.getAuthentication();
Authentication authentication = Jenkins.getAuthentication2();
final Executor executor = run.getExecutor();
if (executor != null) {
final WorkUnit workUnit = executor.getCurrentWorkUnit();
if (workUnit != null) {
authentication = workUnit.context.item.authenticate();
authentication = workUnit.context.item.authenticate2();
}
}
List<C> candidates = new ArrayList<>();
final boolean isSystem = ACL.SYSTEM.equals(authentication);
final boolean isSystem = ACL.SYSTEM2.equals(authentication);
if (!isSystem && run.getParent().hasPermission(CredentialsProvider.USE_OWN)) {
candidates.addAll(CredentialsProvider
.lookupCredentials(type, run.getParent(), authentication, domainRequirements));
}
if (run.getParent().hasPermission(CredentialsProvider.USE_ITEM) || isSystem
|| isDefaultValue) {
candidates.addAll(
CredentialsProvider.lookupCredentials(type, run.getParent(), ACL.SYSTEM, domainRequirements));
CredentialsProvider.lookupCredentials(type, run.getParent(), ACL.SYSTEM2, domainRequirements));
}
return CredentialsMatchers.firstOrNull(candidates, CredentialsMatchers.withId(value));
}
Expand All @@ -120,14 +120,14 @@ public String describe() {
throw new IllegalStateException("Should only be called from value.jelly");
}
StandardCredentials c = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM,
CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM2,
Collections.emptyList()), CredentialsMatchers.withId(value));
if (c != null) {
return CredentialsNameProvider.name(c);
}
c = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(),
Jenkins.getAuthentication(),
Jenkins.getAuthentication2(),
Collections.emptyList()), CredentialsMatchers.withId(value));
if (c != null) {
return CredentialsNameProvider.name(c);
Expand All @@ -144,14 +144,14 @@ public String iconClassName() {
throw new IllegalStateException("Should only be called from value.jelly");
}
StandardCredentials c = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM,
CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM2,
Collections.emptyList()), CredentialsMatchers.withId(value));
if (c != null) {
return c.getDescriptor().getIconClassName();
}
c = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(),
Jenkins.getAuthentication(),
Jenkins.getAuthentication2(),
Collections.emptyList()), CredentialsMatchers.withId(value));
if (c != null) {
return c.getDescriptor().getIconClassName();
Expand All @@ -167,7 +167,7 @@ public String url() {
if (run == null) {
throw new IllegalStateException("Should only be called from value.jelly");
}
try (ACLContext ctx = ACL.as(ACL.SYSTEM)) {
try (ACLContext ignored = ACL.as2(ACL.SYSTEM2)) {
for (CredentialsStore store : CredentialsProvider.lookupStores(run.getParent())) {
String url = url(store);
if (url != null) {
Expand Down
Loading