Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
LinuxSuRen
jenkins
提交
4f828a32
J
jenkins
项目概览
LinuxSuRen
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
4f828a32
编写于
6月 28, 2013
作者:
K
Kohsuke Kawaguchi
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
expand the detail reporting
上级
b8343469
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
57 addition
and
21 deletion
+57
-21
core/src/main/java/hudson/security/AccessDeniedException2.java
...src/main/java/hudson/security/AccessDeniedException2.java
+36
-0
core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
...rc/main/java/hudson/security/AccessDeniedHandlerImpl.java
+6
-7
core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
.../java/hudson/security/HudsonAuthenticationEntryPoint.java
+14
-13
core/src/main/java/jenkins/security/ExceptionTranslationFilter.java
...ain/java/jenkins/security/ExceptionTranslationFilter.java
+1
-1
未找到文件。
core/src/main/java/hudson/security/AccessDeniedException2.java
浏览文件 @
4f828a32
...
...
@@ -2,6 +2,10 @@ package hudson.security;
import
org.acegisecurity.AccessDeniedException
;
import
org.acegisecurity.Authentication
;
import
org.acegisecurity.GrantedAuthority
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.PrintWriter
;
/**
* {@link AccessDeniedException} with more information.
...
...
@@ -28,4 +32,36 @@ public class AccessDeniedException2 extends AccessDeniedException {
this
.
authentication
=
authentication
;
this
.
permission
=
permission
;
}
/**
* Reports the details of the access failure in HTTP headers to assist diagnosis.
*/
public
void
reportAsHeaders
(
HttpServletResponse
rsp
)
{
rsp
.
addHeader
(
"X-You-Are-Authenticated-As"
,
authentication
.
getName
());
for
(
GrantedAuthority
auth
:
authentication
.
getAuthorities
())
{
rsp
.
addHeader
(
"X-You-Are-In-Group"
,
auth
.
getAuthority
());
}
rsp
.
addHeader
(
"X-Required-Permission"
,
permission
.
getId
());
for
(
Permission
p
=
permission
.
impliedBy
;
p
!=
null
;
p
=
p
.
impliedBy
)
{
rsp
.
addHeader
(
"X-Permission-Implied-By"
,
p
.
getId
());
}
}
/**
* Reports the details of the access failure.
* This method is similar to {@link #reportAsHeaders(HttpServletResponse)} for the intention
* but instead of using HTTP headers, this version is meant to go inside the payload.
*/
public
void
report
(
PrintWriter
w
)
{
w
.
println
(
"You are authenticated as: "
+
authentication
.
getName
());
w
.
println
(
"Groups that you are in:"
);
for
(
GrantedAuthority
auth
:
authentication
.
getAuthorities
())
{
w
.
println
(
" "
+
auth
.
getAuthority
());
}
w
.
println
(
"Permission you need to have (but didn't): "
+
permission
.
getId
());
for
(
Permission
p
=
permission
.
impliedBy
;
p
!=
null
;
p
=
p
.
impliedBy
)
{
w
.
println
(
" ... which is implied by: "
+
p
.
getId
());
}
}
}
core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
浏览文件 @
4f828a32
...
...
@@ -26,19 +26,14 @@ package hudson.security;
import
jenkins.model.Jenkins
;
import
org.acegisecurity.AccessDeniedException
;
import
org.acegisecurity.ui.AccessDeniedHandler
;
import
org.kohsuke.stapler.Stapler
;
import
org.kohsuke.stapler.WebApp
;
import
javax.servlet.ServletException
;
import
javax.servlet.ServletRequest
;
import
javax.servlet.ServletResponse
;
import
javax.servlet.ServletConfig
;
import
javax.servlet.ServletContext
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.IOException
;
import
java.util.Enumeration
;
import
java.util.Vector
;
/**
* Handles {@link AccessDeniedException} happened during request processing.
...
...
@@ -47,12 +42,16 @@ import java.util.Vector;
* @author Kohsuke Kawaguchi
*/
public
class
AccessDeniedHandlerImpl
implements
AccessDeniedHandler
{
public
void
handle
(
ServletRequest
request
,
ServletResponse
response
,
AccessDeniedException
accessDeniedException
)
throws
IOException
,
ServletException
{
public
void
handle
(
ServletRequest
request
,
ServletResponse
response
,
AccessDeniedException
cause
)
throws
IOException
,
ServletException
{
HttpServletRequest
req
=
(
HttpServletRequest
)
request
;
HttpServletResponse
rsp
=
(
HttpServletResponse
)
response
;
rsp
.
setStatus
(
HttpServletResponse
.
SC_FORBIDDEN
);
req
.
setAttribute
(
"exception"
,
accessDeniedException
);
req
.
setAttribute
(
"exception"
,
cause
);
if
(
cause
instanceof
AccessDeniedException2
)
{
((
AccessDeniedException2
)
cause
).
reportAsHeaders
(
rsp
);
}
WebApp
.
get
(
Jenkins
.
getInstance
().
servletContext
).
getSomeStapler
()
.
invoke
(
req
,
rsp
,
Jenkins
.
getInstance
(),
"/accessDenied"
);
...
...
core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
浏览文件 @
4f828a32
...
...
@@ -25,7 +25,6 @@ package hudson.security;
import
com.google.common.base.Strings
;
import
org.acegisecurity.AuthenticationException
;
import
org.acegisecurity.GrantedAuthority
;
import
org.acegisecurity.InsufficientAuthenticationException
;
import
org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint
;
...
...
@@ -82,18 +81,12 @@ public class HudsonAuthenticationEntryPoint extends AuthenticationProcessingFilt
rsp
.
setStatus
(
SC_FORBIDDEN
);
rsp
.
setContentType
(
"text/html;charset=UTF-8"
);
AccessDeniedException2
cause
=
null
;
// report the diagnosis information if possible
if
(
reason
instanceof
InsufficientAuthenticationException
)
{
if
(
reason
.
getCause
()
instanceof
AccessDeniedException2
)
{
AccessDeniedException2
cause
=
(
AccessDeniedException2
)
reason
.
getCause
();
rsp
.
addHeader
(
"X-You-Are-Authenticated-As"
,
cause
.
authentication
.
getName
());
for
(
GrantedAuthority
auth
:
cause
.
authentication
.
getAuthorities
())
{
rsp
.
addHeader
(
"X-You-Are-In-Group"
,
auth
.
getAuthority
());
}
rsp
.
addHeader
(
"X-Required-Permission"
,
cause
.
permission
.
getId
());
for
(
Permission
p
=
cause
.
permission
.
impliedBy
;
p
!=
null
;
p
=
p
.
impliedBy
)
{
rsp
.
addHeader
(
"X-Permission-Implied-By"
,
p
.
getId
());
}
cause
=
(
AccessDeniedException2
)
reason
.
getCause
();
cause
.
reportAsHeaders
(
rsp
);
}
}
...
...
@@ -108,9 +101,17 @@ public class HudsonAuthenticationEntryPoint extends AuthenticationProcessingFilt
"<meta http-equiv='refresh' content='1;url=%1$s'/>"
+
"<script>window.location.replace('%1$s');</script>"
+
"</head>"
+
"<body style='background-color:white; color:white;'>"
+
"Authentication required</body></html>"
,
loginForm
);
"<body style='background-color:white; color:white;'>\n"
+
"\n\n"
+
"Authentication required\n"
+
"<!--\n"
,
loginForm
);
if
(
cause
!=
null
)
cause
.
report
(
out
);
out
.
printf
(
"-->\n\n"
+
"</body></html>"
);
// Turn Off "Show Friendly HTTP Error Messages" Feature on the Server Side.
// See http://support.microsoft.com/kb/294807
for
(
int
i
=
0
;
i
<
10
;
i
++)
...
...
core/src/main/java/jenkins/security/ExceptionTranslationFilter.java
浏览文件 @
4f828a32
...
...
@@ -220,7 +220,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
// existing Authentication is no longer considered valid
SecurityContextHolder
.
getContext
().
setAuthentication
(
null
);
authenticationEntryPoint
.
commence
(
httpRequest
,
(
HttpServletResponse
)
response
,
reason
);
authenticationEntryPoint
.
commence
(
httpRequest
,
response
,
reason
);
}
public
void
setAccessDeniedHandler
(
AccessDeniedHandler
accessDeniedHandler
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录