hudson.security
Class AuthorizationStrategy

java.lang.Object
  extended by hudson.model.AbstractDescribableImpl<AuthorizationStrategy>
      extended by hudson.security.AuthorizationStrategy
All Implemented Interfaces:
ExtensionPoint, Describable<AuthorizationStrategy>
Direct Known Subclasses:
AuthorizationStrategy.Unsecured, FullControlOnceLoggedInAuthorizationStrategy, GlobalMatrixAuthorizationStrategy

public abstract class AuthorizationStrategy
extends AbstractDescribableImpl<AuthorizationStrategy>
implements ExtensionPoint

Controls authorization throughout Hudson.

Persistence

This object will be persisted along with Hudson object. Hudson by itself won't put the ACL returned from getRootACL() into the serialized object graph, so if that object contains state and needs to be persisted, it's the responsibility of AuthorizationStrategy to do so (by keeping them in an instance field.)

Re-configuration

The corresponding Describable instance will be asked to create a new AuthorizationStrategy every time the system configuration is updated. Implementations that keep more state in ACL beyond the system configuration should use Hudson.getAuthorizationStrategy() to talk to the current instance to carry over the state.

Author:
Kohsuke Kawaguchi
See Also:
SecurityRealm

Nested Class Summary
static class AuthorizationStrategy.Unsecured
           
 
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
 
Field Summary
static DescriptorList<AuthorizationStrategy> LIST
          Deprecated. since 1.286 Use all() for read access, and Extension for registration.
static AuthorizationStrategy UNSECURED
          AuthorizationStrategy that implements the semantics of unsecured Hudson where everyone has full control.
 
Constructor Summary
AuthorizationStrategy()
           
 
Method Summary
static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()
          Returns all the registered AuthorizationStrategy descriptors.
 ACL getACL(AbstractItem item)
          Implementation can choose to provide different ACL for different items.
 ACL getACL(AbstractProject<?,?> project)
          Deprecated. since 1.277 Override getACL(Job) instead.
 ACL getACL(Cloud cloud)
          Implementation can choose to provide different ACL for different Clouds.
 ACL getACL(Computer computer)
          Implementation can choose to provide different ACL for different computers.
 ACL getACL(Job<?,?> project)
           
 ACL getACL(Node node)
           
 ACL getACL(User user)
          Implementation can choose to provide different ACL per user.
 ACL getACL(View item)
          Implementation can choose to provide different ACL for different views.
abstract  Collection<String> getGroups()
          Returns the list of all group/role names used in this authorization strategy, and the ACL returned from the getRootACL() method.
abstract  ACL getRootACL()
          Returns the instance of ACL where all the other ACL instances for all the other model objects eventually delegate.
 
Methods inherited from class hudson.model.AbstractDescribableImpl
getDescriptor
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LIST

public static final DescriptorList<AuthorizationStrategy> LIST
Deprecated. since 1.286 Use all() for read access, and Extension for registration.
All registered SecurityRealm implementations.


UNSECURED

public static final AuthorizationStrategy UNSECURED
AuthorizationStrategy that implements the semantics of unsecured Hudson where everyone has full control.

This singleton is safe because AuthorizationStrategy.Unsecured is stateless.

Constructor Detail

AuthorizationStrategy

public AuthorizationStrategy()
Method Detail

getRootACL

public abstract ACL getRootACL()
Returns the instance of ACL where all the other ACL instances for all the other model objects eventually delegate.

IOW, this ACL will have the ultimate say on the access control.


getACL

@Deprecated
public ACL getACL(AbstractProject<?,?> project)
Deprecated. since 1.277 Override getACL(Job) instead.


getACL

public ACL getACL(Job<?,?> project)

getACL

public ACL getACL(View item)
Implementation can choose to provide different ACL for different views. This can be used as a basis for more fine-grained access control.

The default implementation returns the ACL of the ViewGroup.

Since:
1.220

getACL

public ACL getACL(AbstractItem item)
Implementation can choose to provide different ACL for different items. This can be used as a basis for more fine-grained access control.

The default implementation returns getRootACL().

Since:
1.220

getACL

public ACL getACL(User user)
Implementation can choose to provide different ACL per user. This can be used as a basis for more fine-grained access control.

The default implementation returns getRootACL().

Since:
1.221

getACL

public ACL getACL(Computer computer)
Implementation can choose to provide different ACL for different computers. This can be used as a basis for more fine-grained access control.

The default implementation delegates to getACL(Node)

Since:
1.220

getACL

public ACL getACL(Cloud cloud)
Implementation can choose to provide different ACL for different Clouds. This can be used as a basis for more fine-grained access control.

The default implementation returns getRootACL().

Since:
1.252

getACL

public ACL getACL(Node node)

getGroups

public abstract Collection<String> getGroups()
Returns the list of all group/role names used in this authorization strategy, and the ACL returned from the getRootACL() method.

This method is used by ContainerAuthentication to work around the servlet API issue that prevents us from enumerating roles that the user has.

If such enumeration is impossible, do the best to list as many as possible, then return it. In the worst case, just return an empty list. Doing so would prevent users from using role names as group names (see HUDSON-2716 for such one such report.)

Returns:
never null.

all

public static DescriptorExtensionList<AuthorizationStrategy,Descriptor<AuthorizationStrategy>> all()
Returns all the registered AuthorizationStrategy descriptors.



Copyright © 2004-2013 Hudson. All Rights Reserved.