@Test
@PresetData(PresetData.DataSet.NO_ANONYMOUS_READACCESS)
public void testRunnableAgainstAllContexts() throws Exception {
Runnable r =
new Runnable() {
public void run() {
runnableThreadContext = SecurityContextHolder.getContext();
}
};
SecurityContextHolder.setContext(systemContext);
Future systemResult = wrappedService.submit(r);
// Assert the runnable completed successfully
assertNull(systemResult.get());
// Assert the context inside the runnable thread was set to ACL.SYSTEM
assertEquals(systemContext, runnableThreadContext);
SecurityContextHolder.setContext(userContext);
Future userResult = wrappedService.submit(r);
// Assert the runnable completed successfully
assertNull(userResult.get());
// Assert the context inside the runnable thread was set to the user's context
assertEquals(userContext, runnableThreadContext);
SecurityContextHolder.setContext(nullContext);
Future nullResult = wrappedService.submit(r);
// Assert the runnable completed successfully
assertNull(nullResult.get());
// Assert the context inside the runnable thread was set to the null context
assertEquals(nullContext, runnableThreadContext);
}
private void handlePullRequestEvent(String payload) throws IOException {
GitHub gitHub = createGitHub(JSONObject.fromObject(payload));
if (gitHub == null) {
return;
}
GHEventPayload.PullRequest pullRequest =
gitHub.parseEventPayload(new StringReader(payload), GHEventPayload.PullRequest.class);
if (SUPPORTED_EVENTS.contains(pullRequest.getAction())) {
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (AbstractProject<?, ?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)) {
PullRequestBuildTrigger trigger = job.getTrigger(PullRequestBuildTrigger.class);
if (trigger != null && trigger.getBuildHandler() instanceof PullRequestBuildHandler) {
((PullRequestBuildHandler) trigger.getBuildHandler()).handle(pullRequest, gitHub);
}
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
} else {
LOGGER.warning(
MessageFormat.format(
"Unsupported pull request action: ''{0}''", pullRequest.getAction()));
}
}
@Test
@PresetData(PresetData.DataSet.NO_ANONYMOUS_READACCESS)
public void testFailedRunnableResetsContext() throws Exception {
Runnable r =
new Runnable() {
public void run() {
SecurityContextHolder.setContext(nullContext);
throw new RuntimeException("Simulate a failure");
}
};
SecurityContextHolder.setContext(systemContext);
try {
wrappedService.execute(r);
} catch (AssertionError expectedException) {
// Assert the current context is once again ACL.SYSTEM
assertEquals(systemContext, SecurityContextHolder.getContext());
}
SecurityContextHolder.setContext(userContext);
try {
wrappedService.execute(r);
} catch (AssertionError expectedException) {
// Assert the current context is once again the userContext
assertEquals(userContext, SecurityContextHolder.getContext());
}
}
public void generateMergeRequestBuild(
String json, Job project, StaplerRequest req, StaplerResponse rsp) {
GitLabMergeRequest request = GitLabMergeRequest.create(json);
if ("closed".equals(request.getObjectAttribute().getState())) {
LOGGER.log(Level.INFO, "Closed Merge Request, no build started");
return;
}
if ("merged".equals(request.getObjectAttribute().getState())) {
LOGGER.log(Level.INFO, "Accepted Merge Request, no build started");
return;
}
if ("update".equals(request.getObjectAttribute().getAction())) {
LOGGER.log(
Level.INFO,
"Existing Merge Request, build will be trigged by buildOpenMergeRequests instead");
return;
}
if (request.getObjectAttribute().getLastCommit() != null) {
Run mergeBuild =
getBuildBySHA1(project, request.getObjectAttribute().getLastCommit().getId(), true);
if (mergeBuild != null) {
LOGGER.log(
Level.INFO,
"Last commit in Merge Request has already been built in build #" + mergeBuild.getId());
return;
}
}
if (request.getObjectAttribute().getDescription().contains("[ci-skip]")) {
LOGGER.log(
Level.INFO,
"Skipping MR " + request.getObjectAttribute().getTitle() + " due to ci-skip.");
return;
}
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
GitLabPushTrigger trigger = null;
if (project instanceof ParameterizedJobMixIn.ParameterizedJob) {
ParameterizedJobMixIn.ParameterizedJob p = (ParameterizedJobMixIn.ParameterizedJob) project;
for (Trigger t : p.getTriggers().values()) {
if (t instanceof GitLabPushTrigger) {
trigger = (GitLabPushTrigger) t;
}
}
}
if (trigger == null) {
return;
}
trigger.onPost(request);
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
}
public UMOSecurityContext create(UMOAuthentication authentication) {
SecurityContext context = new SecurityContextImpl();
context.setAuthentication(((AcegiAuthenticationAdapter) authentication).getDelegate());
if (authentication.getProperties() != null) {
if ((authentication.getProperties().containsKey("securityMode"))) {
SecurityContextHolder.setStrategyName(
(String) authentication.getProperties().get("securityMode"));
}
}
SecurityContextHolder.setContext(context);
return new AcegiSecurityContext(context);
}
@Override
public List<GitStatus.ResponseContributor> onNotifyCommit(URIish uri, String... branches) {
List<GitStatus.ResponseContributor> result = new ArrayList<GitStatus.ResponseContributor>();
boolean notified = false;
// run in high privilege to see all the projects anonymous users don't see.
// this is safe because when we actually schedule a build, it's a build that can
// happen at some random time anyway.
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
for (SCMSource source : owner.getSCMSources()) {
if (source instanceof GitSCMSource) {
GitSCMSource git = (GitSCMSource) source;
URIish remote;
try {
remote = new URIish(git.getRemote());
} catch (URISyntaxException e) {
// ignore
continue;
}
if (GitStatus.looselyMatches(uri, remote)) {
LOGGER.info("Triggering the indexing of " + owner.getFullDisplayName());
owner.onSCMSourceUpdated(source);
result.add(
new GitStatus.ResponseContributor() {
@Override
public void addHeaders(StaplerRequest req, StaplerResponse rsp) {
rsp.addHeader("Triggered", owner.getAbsoluteUrl());
}
@Override
public void writeBody(PrintWriter w) {
w.println("Scheduled indexing of " + owner.getFullDisplayName());
}
});
notified = true;
}
}
}
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
if (!notified) {
result.add(
new GitStatus.MessageResponseContributor("No git consumers for URI " + uri.toString()));
}
return result;
}
/**
* Test that a user is prevented from bypassing permissions on other jobs when configuring a
* copyartifact build step.
*/
@LocalData
public void testPermission() throws Exception {
SecurityContextHolder.clearContext();
assertNull("Job should not be accessible to anonymous", hudson.getItem("testJob"));
assertEquals(
"Should ignore/clear value for inaccessible project",
"",
new CopyArtifact("testJob", null, null, null, false, false).getProjectName());
// Login as user with access to testJob:
SecurityContextHolder.getContext()
.setAuthentication(new UsernamePasswordAuthenticationToken("joe", "joe"));
assertEquals(
"Should allow use of testJob for joe",
"testJob",
new CopyArtifact("testJob", null, null, null, false, false).getProjectName());
}
/** This is where the user comes back to at the end of the OpenID redirect ping-pong. */
public HttpResponse doFinishLogin(StaplerRequest request) throws IOException {
String code = request.getParameter("code");
if (code == null || code.trim().length() == 0) {
Log.info("doFinishLogin: missing code.");
return HttpResponses.redirectToContextRoot();
}
Log.info("test");
HttpPost httpost =
new HttpPost(
githubUri
+ "/login/oauth/access_token?"
+ "client_id="
+ clientID
+ "&"
+ "client_secret="
+ clientSecret
+ "&"
+ "code="
+ code);
DefaultHttpClient httpclient = new DefaultHttpClient();
org.apache.http.HttpResponse response = httpclient.execute(httpost);
HttpEntity entity = response.getEntity();
String content = EntityUtils.toString(entity);
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
String accessToken = extractToken(content);
if (accessToken != null && accessToken.trim().length() > 0) {
String githubServer = githubUri.replaceFirst("http.*\\/\\/", "");
// only set the access token if it exists.
GithubAuthenticationToken auth = new GithubAuthenticationToken(accessToken, githubServer);
SecurityContextHolder.getContext().setAuthentication(auth);
GHUser self = auth.getGitHub().getMyself();
User u = User.current();
u.setFullName(self.getName());
u.addProperty(new Mailer.UserProperty(self.getEmail()));
} else {
Log.info("Github did not return an access token.");
}
String referer = (String) request.getSession().getAttribute(REFERER_ATTRIBUTE);
if (referer != null) return HttpResponses.redirectTo(referer);
return HttpResponses
.redirectToContextRoot(); // referer should be always there, but be defensive
}
public String checkEmployer() {
User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
// employerSearchList = searchService.findAllEmployer(search);
employerSearchList1 = searchService.findAllEmployerList(search);
profiles = searchService.findListOfEmployeeProfiles(profile, user.getId());
if (profiles.size() != 0) {
currentProfile = employeeProfileService.getDefaultProfileForUser(user.getId());
contactTypesList = privacygroupService.loadAllPrivacyGroupsOfUser(currentProfile.getId());
}
Iterator<Employer> it = employerSearchList1.iterator();
try {
while (it.hasNext()) {
// Get element
emplrProfileImages = it.next();
if (emplrProfileImages.getPicture() != null) {
image = (String) emplrProfileImages.getAmazonFileURL().get(0);
}
if (emplrProfileImages.getResizedMidPicture() != null) {
resizedMidPicture = (String) emplrProfileImages.getAmazonFileURL().get(1);
emplrProfileImages.setResizedMidPicture(resizedMidPicture);
}
if (emplrProfileImages.getResizedMinPicture() != null) {
resizedMinPicture = (String) emplrProfileImages.getAmazonFileURL().get(2);
emplrProfileImages.setResizedMinPicture(resizedMinPicture);
}
}
} catch (Exception e) {
e.printStackTrace();
}
return "success";
}
/**
* @param username
* @return
* @throws UsernameNotFoundException
* @throws DataAccessException
*/
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
GHUser user = null;
GithubAuthenticationToken authToken =
(GithubAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
if (authToken == null) throw new UsernameNotFoundException("No known user: "******"user(" + username + ") is also an organization");
}
user = authToken.loadUser(username);
if (user != null) return new GithubOAuthUserDetails(user);
else throw new UsernameNotFoundException("No known user: "******"loadUserByUsername (username="******")", e);
}
}
/** For internal use. */
@SuppressWarnings("RV_RETURN_VALUE_IGNORED_BAD_PRACTICE")
public final void start() {
final SecurityContext securityContext = SecurityContextHolder.getContext();
executorService()
.submit(
new Runnable() {
public void run() {
lastNewsTime = start = System.currentTimeMillis();
SecurityContext orig = SecurityContextHolder.getContext();
try {
SecurityContextHolder.setContext(securityContext);
compute();
if (status != CANCELED && status != ERROR) {
status = 1;
}
} catch (Exception x) {
LOG.log(Level.WARNING, "failed to compute " + uri, x);
status = ERROR;
} finally {
SecurityContextHolder.setContext(orig);
LOG.log(
Level.FINE,
"{0} finished in {1}msec with status {2}",
new Object[] {uri, System.currentTimeMillis() - start, status});
}
}
});
}
/** The login process starts from here. */
public HttpResponse doCommenceLogin(
StaplerRequest req,
StaplerResponse rsp,
@QueryParameter String from,
@QueryParameter String ticket)
throws ServletException, IOException {
// TODO write login method
String puid = authenticateInWwpass(ticket, certFile, keyFile);
WwpassIdentity u;
try {
u = loadUserByUsername(puid);
} catch (UsernameNotFoundException e) {
if (allowsSignup()) {
req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserAllowsSignup());
} else {
req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserDisableSignup());
}
req.getView(this, "login.jelly").forward(req, rsp);
throw e;
}
if (!u.isAccountNonLocked() || !u.isEnabled()) {
// throw new LockedException("Account is not activated for " + puid);
throw new Failure(Messages.WwpassSecurityRealm_AccountNotActivated());
}
Authentication a = new WwpassAuthenticationToken(u.getNickname());
a = this.getSecurityComponents().manager.authenticate(a);
SecurityContextHolder.getContext().setAuthentication(a);
return new HttpRedirect(Jenkins.getInstance().getRootUrl());
}
@Override
@SuppressWarnings("unchecked")
public GroupDetails loadGroupByGroupname(String groupname)
throws UsernameNotFoundException, DataAccessException {
final Set<String> groups;
if (getLDAPURL() != null) {
// TODO: obtain a DN instead so that we can obtain multiple attributes later
String searchBase = groupSearchBase != null ? groupSearchBase : "";
String searchFilter = groupSearchFilter != null ? groupSearchFilter : GROUP_SEARCH;
groups =
ldapTemplate.searchForSingleAttributeValues(
searchBase, searchFilter, new String[] {groupname}, "cn");
} else {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
GrantedAuthority[] authorities = authContext.get(auth.getName());
SearchTemplate searchTemplate = new GroupSearchTemplate(groupname);
groups = proxyTemplate.searchForSingleAttributeValues(searchTemplate, authorities);
}
if (groups.isEmpty()) throw new UsernameNotFoundException(groupname);
return new GroupDetails() {
@Override
public String getName() {
return groups.iterator().next();
}
};
}
/** {@inheritDoc} */
@Override
public boolean onNotify(UUID uuid, long revision, Set<String> paths) {
final String id = uuid.toString();
synchronized (recentUpdates) {
Long recentUpdate = recentUpdates.get(id);
if (recentUpdate != null && revision == recentUpdate) {
LOGGER.log(
Level.FINE,
"Received duplicate post-commit hook from {0} for revision {1} on paths {2}",
new Object[] {uuid, revision, paths});
return false;
}
recentUpdates.put(id, revision);
}
LOGGER.log(
Level.INFO,
"Received post-commit hook from {0} for revision {1} on paths {2}",
new Object[] {uuid, revision, paths});
boolean notified = false;
// run in high privilege to see all the projects anonymous users don't see.
// this is safe because when we actually schedule a build, it's a build that can
// happen at some random time anyway.
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (SCMSourceOwner owner : SCMSourceOwners.all()) {
for (SCMSource source : owner.getSCMSources()) {
if (source instanceof SubversionSCMSource) {
if (id.equals(((SubversionSCMSource) source).getUuid())) {
LOGGER.log(
Level.INFO,
"SCM changes detected relevant to {0}. Notifying update",
owner.getFullDisplayName());
owner.onSCMSourceUpdated(source);
notified = true;
}
}
}
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
if (!notified) {
LOGGER.log(Level.INFO, "No subversion consumers for UUID {0}", uuid);
}
return notified;
}
public String listAllProfileFeedbacks() {
user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
allProfilesFeedback = feedbackService.findAllProfilesFeedback(feedback, user.getId());
allProfilesFeedbackCount = allProfilesFeedback.size();
return "success";
}
public void generatePushBuild(String json, Job project, StaplerRequest req, StaplerResponse rsp) {
GitLabPushRequest request = GitLabPushRequest.create(json);
String repositoryUrl = request.getRepository().getUrl();
if (repositoryUrl == null) {
LOGGER.log(Level.WARNING, "No repository url found.");
return;
}
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
GitLabPushTrigger trigger = null;
if (project instanceof ParameterizedJobMixIn.ParameterizedJob) {
ParameterizedJobMixIn.ParameterizedJob p = (ParameterizedJobMixIn.ParameterizedJob) project;
for (Trigger t : p.getTriggers().values()) {
if (t instanceof GitLabPushTrigger) {
trigger = (GitLabPushTrigger) t;
}
}
}
if (trigger == null) {
return;
}
if (trigger.getCiSkip() && request.getLastCommit() != null) {
if (request.getLastCommit().getMessage().contains("[ci-skip]")) {
LOGGER.log(Level.INFO, "Skipping due to ci-skip.");
return;
}
}
trigger.onPost(request);
if (!trigger.getTriggerOpenMergeRequestOnPush().equals("never")) {
// Fetch and build open merge requests with the same source branch
buildOpenMergeRequests(trigger, request.getProject_id(), request.getRef());
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
}
/**
* Lets the current user silently login as the given user and report back accordingly.
*/
private void loginAndTakeBack(StaplerRequest req, StaplerResponse rsp, User u) throws ServletException, IOException {
// ... and let him login
Authentication a = new UsernamePasswordAuthenticationToken(u.getId(),req.getParameter("password1"));
a = this.getSecurityComponents().manager.authenticate(a);
SecurityContextHolder.getContext().setAuthentication(a);
// then back to top
req.getView(this,"success.jelly").forward(req,rsp);
}
public void before() throws Throwable {
setPluginManager(null);
super.before();
ScheduledThreadPoolExecutor service = new ScheduledThreadPoolExecutor(NUM_THREADS);
// Create a system level context with ACL.SYSTEM
systemContext = ACL.impersonate(ACL.SYSTEM);
User u = User.get("bob");
// Create a sample user context
userContext = new NonSerializableSecurityContext(u.impersonate());
// Create a null context
SecurityContextHolder.clearContext();
nullContext = SecurityContextHolder.getContext();
// Create a wrapped service
wrappedService = new SecurityContextExecutorService(service);
}
public synchronized <T> T run(SessionCallable<T> callable) throws Exception {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
try {
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
T result = callable.call(session);
save();
return result;
} catch (Exception e) {
LOGGER.log(Level.WARNING, "Exception while running " + callable + " on " + processId, e);
throw e;
} finally {
SecurityContextHolder.getContext().setAuthentication(auth);
Thread.currentThread().setContextClassLoader(cl);
}
}
/** Lets the current user silently login as the given user and report back accordingly. */
@SuppressWarnings("ACL.impersonate")
private void loginAndTakeBack(StaplerRequest req, StaplerResponse rsp, User u)
throws ServletException, IOException {
// ... and let him login
Authentication a = new WwpassAuthenticationToken(u.getId());
a = this.getSecurityComponents().manager.authenticate(a);
SecurityContextHolder.getContext().setAuthentication(a);
// then back to top
req.getView(this, "success.jelly").forward(req, rsp);
}
private void fail(
ServletRequest request, ServletResponse response, AuthenticationException failed)
throws IOException, ServletException {
SecurityContextHolder.getContext().setAuthentication(null);
if (logger.isDebugEnabled()) {
logger.debug(failed);
}
authenticationEntryPoint.commence(request, response, failed);
}
public void doIndex(StaplerRequest req) throws IOException {
String payload = IOUtils.toString(req.getReader());
LOGGER.fine("Full details of the POST was " + payload);
JSONObject o = JSONObject.fromObject(payload);
String repoUrl = o.getString("repository_ssl_path");
LOGGER.info("Received POST for " + repoUrl);
// run in high privilege to see all the projects anonymous users don't see.
// this is safe because when we actually schedule a build, it's a build that can
// happen at some random time anyway.
// TODO replace with ACL.impersonate as LTS is > 1.461
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (AbstractProject<?, ?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)) {
boolean found = false;
SCM scm = job.getScm();
if (scm instanceof SubversionSCM) {
found = hasRepository(repoUrl, (SubversionSCM) scm);
} else if (scm instanceof GitSCM) {
found = hasRepository(repoUrl, (GitSCM) scm);
} else if (scm instanceof MercurialSCM) {
found = hasRepository(repoUrl, (MercurialSCM) scm);
}
if (found) {
LOGGER.info(job.getFullDisplayName() + " triggered by web hook.");
job.scheduleBuild(new WebHookCause());
}
LOGGER.fine(
"Skipped "
+ job.getFullDisplayName()
+ " because it doesn't have a matching repository.");
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
}
private void deleteInstances(GHPullRequest pullRequest) throws IOException {
PullRequestManager pullRequestManager = PullRequestManager.getInstance();
List<PullRequestData> pullRequestDataList = new ArrayList<PullRequestData>();
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (AbstractProject<?, ?> project :
Jenkins.getInstance().getAllItems(AbstractProject.class)) {
PullRequestData data =
pullRequestManager.removePullRequestData(pullRequest.getHtmlUrl().toString(), project);
if (data != null) {
pullRequestDataList.add(data);
}
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
PullRequestCleanup.deleteInstances(pullRequestDataList, pullRequest);
}
private void handleIssueCommentEvent(String payload) throws IOException {
GitHub gitHub = createGitHub(JSONObject.fromObject(payload));
if (gitHub == null) {
return;
}
GHEventPayload.IssueComment issueComment =
gitHub.parseEventPayload(new StringReader(payload), GHEventPayload.IssueComment.class);
if (LOGGER.isLoggable(Level.FINER)) {
LOGGER.finer(
MessageFormat.format(
"Comment on {0} from {1}: {2}",
issueComment.getIssue().getUrl(),
issueComment.getComment().getUser(),
issueComment.getComment().getBody()));
}
if (!"created".equals(issueComment.getAction())) {
if (LOGGER.isLoggable(Level.FINER)) {
LOGGER.finer("Unsupported issue_comment action: " + issueComment.getAction());
}
return;
}
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (AbstractProject<?, ?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)) {
PullRequestBuildTrigger trigger = job.getTrigger(PullRequestBuildTrigger.class);
if (trigger != null && trigger.getBuildHandler() instanceof PullRequestBuildHandler) {
((PullRequestBuildHandler) trigger.getBuildHandler()).handle(issueComment, gitHub);
}
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
}
/**
* When the source project name is parameterized, cannot check at configure time whether the
* project is accessible. In this case, permission check is done when the build runs. Only jobs
* accessible to all authenticated users are allowed.
*/
@LocalData
public void testPermissionWhenParameterized() throws Exception {
FreeStyleProject p = createProject("test$JOB", "", "", false, false, false);
// Build step should succeed when this parameter expands to a job accessible
// to authenticated users (even if triggered by anonymous, as in this case):
SecurityContextHolder.clearContext();
FreeStyleBuild b =
p.scheduleBuild2(
0, new UserCause(), new ParametersAction(new StringParameterValue("JOB", "Job2")))
.get();
assertFile(true, "foo2.txt", b);
assertBuildStatusSuccess(b);
// Build step should fail for a job not accessible to all authenticated users,
// even when accessible to the user starting the job, as in this case:
SecurityContextHolder.getContext()
.setAuthentication(new UsernamePasswordAuthenticationToken("joe", "joe"));
b =
p.scheduleBuild2(
0, new UserCause(), new ParametersAction(new StringParameterValue("JOB", "Job")))
.get();
assertFile(false, "foo.txt", b);
assertBuildStatus(Result.FAILURE, b);
}
private Set<GhprbRepository> getRepos(String repo) {
final Set<GhprbRepository> ret = new HashSet<GhprbRepository>();
// We need this to get access to list of repositories
Authentication old = SecurityContextHolder.getContext().getAuthentication();
SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
try {
for (AbstractProject<?, ?> job : Jenkins.getInstance().getAllItems(AbstractProject.class)) {
GhprbTrigger trigger = job.getTrigger(GhprbTrigger.class);
if (trigger == null || trigger.getRepository() == null) {
continue;
}
GhprbRepository r = trigger.getRepository();
if (repo.equals(r.getName())) {
ret.add(r);
}
}
} finally {
SecurityContextHolder.getContext().setAuthentication(old);
}
return ret;
}
public void setUp() {
GrantedAuthority[] roles =
new GrantedAuthority[] {
new GrantedAuthorityImpl("manager"), new GrantedAuthorityImpl("vp")
};
Authentication authentication =
new UsernamePasswordAuthenticationToken(new Object(), new Object(), roles);
SecurityContext context = new SecurityContextImpl();
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
}
public void put(String url) throws IOException {
DBObject token = getToken(url);
GithubAuthenticationToken auth =
(GithubAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
GitHub gh = auth.getGitHub();
if (token != null) {
delete(token);
}
String accessToken = Secret.fromString(auth.getAccessToken()).getEncryptedValue();
BasicDBObject doc =
new BasicDBObject("user", gh.getMyself().getLogin())
.append("access_token", accessToken)
.append("repo_url", url);
save(doc);
}
public String searchAllEmployers() {
LOGGER.info("Entered searchAllEmployers");
User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
employerSearchList = searchService.findListOfEmployers(employerName, employerLocation);
profiles = searchService.findListOfEmployeeProfiles(profile, user.getId());
if (profiles.size() != 0) {
currentProfile = employeeProfileService.getDefaultProfileForUser(user.getId());
contactTypesList = privacygroupService.loadAllPrivacyGroupsOfUser(currentProfile.getId());
}
return "success";
}
@Test
@PresetData(PresetData.DataSet.NO_ANONYMOUS_READACCESS)
public void testCallableCollectionAgainstAllContexts() throws Exception {
Collection<Callable<SecurityContext>> callables = new LinkedList<Callable<SecurityContext>>();
Callable<SecurityContext> c =
new Callable<SecurityContext>() {
public SecurityContext call() throws Exception {
return SecurityContextHolder.getContext();
}
};
callables.add(c);
callables.add(c);
callables.add(c);
SecurityContextHolder.setContext(systemContext);
Collection<Future<SecurityContext>> results = wrappedService.invokeAll(callables);
for (Future<SecurityContext> result : results) {
// Assert each thread context was identical to the initial service context
SecurityContext value = result.get();
assertEquals(systemContext, value);
}
SecurityContextHolder.setContext(userContext);
results = wrappedService.invokeAll(callables);
for (Future<SecurityContext> result : results) {
// Assert each thread context was identical to the initial service context
assertEquals(userContext, result.get());
}
SecurityContextHolder.setContext(nullContext);
results = wrappedService.invokeAll(callables);
for (Future<SecurityContext> result : results) {
// Assert each thread context was identical to the initial service context
assertEquals(nullContext, result.get());
}
}
