Skip to content

J
jenkins

LinuxSuRen / jenkins
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
J
jenkins

体验新版 GitCode,发现更多精彩内容 >>

提交 bded790f 编写于 作者: K Kohsuke Kawaguchi
浏览文件
操作

User.impersonate() now does the loadUserDetailsByName call. 

So ApiTokenFilter no longer needs to do that.
上级 b173e8d4
隐藏空白更改
内联 并排
Showing with 24 addition and 22 deletion
core/src/main/java/hudson/model/User.java
浏览文件 @ bded790f
......@@ -250,10 +250,17 @@ public class User extends AbstractModelObject implements AccessControlled, Descr
/**
* Creates an {@link Authentication} object that represents this user.
*
*
* This method checks with {@link SecurityRealm} if the user is a valid user that can login to the security realm.
* If {@link SecurityRealm} is a kind that does not support querying information about other users, this will
* use {@link LastGrantedAuthoritiesProperty} to pick up the granted authorities as of the last time the user has
* logged in.
*
* @throws UsernameNotFoundException
* If this user is not a valid user in the backend {@link SecurityRealm}.
* @since 1.419
*/
public Authentication impersonate() {
public Authentication impersonate() throws UsernameNotFoundException {
try {
UserDetails u = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(id);
return new UsernamePasswordAuthenticationToken(u.getUsername(), "", u.getAuthorities());
......
core/src/main/java/jenkins/security/ApiTokenFilter.java
浏览文件 @ bded790f
......@@ -2,9 +2,7 @@ package jenkins.security;
import hudson.model.User;
import hudson.security.ACL;
import hudson.security.UserMayOrMayNotExistException;
import hudson.util.Scrambler;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
......@@ -45,32 +43,29 @@ public class ApiTokenFilter implements Filter {
int idx = uidpassword.indexOf(':');
if (idx >= 0) {
String username = uidpassword.substring(0, idx);
try {
Jenkins.getInstance().getSecurityRealm().loadUserByUsername(username);
} catch (UserMayOrMayNotExistException x) {
// OK, give them the benefit of the doubt.
} catch (UsernameNotFoundException x) {
// Not/no longer a user; deny the API token. (But do not leak the information that this happened.)
chain.doFilter(request, response);
return;
} catch (DataAccessException x) {
throw new ServletException(x);
}
String password = uidpassword.substring(idx+1);
// attempt to authenticate as API token
User u = User.get(username);
ApiTokenProperty t = u.getProperty(ApiTokenProperty.class);
if (t!=null && t.matchesPassword(password)) {
// even if we fail to match the password, we aren't rejecting it.
// as the user might be passing in a real password.
SecurityContext oldContext = ACL.impersonate(u.impersonate());
try {
request.setAttribute(ApiTokenProperty.class.getName(), u);
chain.doFilter(request,response);
// even if we fail to match the password, we aren't rejecting it.
// as the user might be passing in a real password.
SecurityContext oldContext = ACL.impersonate(u.impersonate());
try {
request.setAttribute(ApiTokenProperty.class.getName(), u);
chain.doFilter(request,response);
return;
} finally {
SecurityContextHolder.setContext(oldContext);
}
} catch (UsernameNotFoundException x) {
// Not/no longer a user; deny the API token. (But do not leak the information that this happened.)
chain.doFilter(request, response);
return;
} finally {
SecurityContextHolder.setContext(oldContext);
} catch (DataAccessException x) {
throw new ServletException(x);
}
}
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册