[JEP-227] Replace Acegi Security with Spring Security APIs

This is the implementation of jenkinsci/jenkins#4848 for Credentials API. This will allow consumers of the credentials API to remove references to deprecated acegi APIs.
Vlatombe · Oct 23, 2023 · 8d1c500 · 8d1c500
1 parent ff276f7
commit 8d1c500
Show file tree

Hide file tree

Showing 17 changed files with 604 additions and 148 deletions.
diff --git a/src/main/java/com/cloudbees/plugins/credentials/CredentialsParameterDefinition.java b/src/main/java/com/cloudbees/plugins/credentials/CredentialsParameterDefinition.java
@@ -17,13 +17,13 @@
 import java.util.Set;
 import jenkins.model.Jenkins;
 import net.sf.json.JSONObject;
-import org.acegisecurity.Authentication;
 import org.apache.commons.lang.StringUtils;
 import org.jenkinsci.Symbol;
 import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.StaplerRequest;
+import org.springframework.security.core.Authentication;
 
 /**
  * A {@link ParameterDefinition} for a parameter that supplies a {@link Credentials}.
@@ -173,7 +173,7 @@ public StandardListBoxModel doFillDefaultValueItems(@AncestorInPath Item context
             final StandardListBoxModel result = new StandardListBoxModel();
             result.includeEmptyValue();
             if (acl.hasPermission(CredentialsProvider.USE_ITEM)) {
-                result.includeAs(CredentialsProvider.getDefaultAuthenticationOf(context), context, typeClass, domainRequirements);
+                result.includeAs(CredentialsProvider.getDefaultAuthenticationOf2(context), context, typeClass, domainRequirements);
             }
             return result;
         }
@@ -185,9 +185,9 @@ public StandardListBoxModel doFillValueItems(@AncestorInPath Item context,
                                                      @QueryParameter boolean includeUser) {
             Jenkins jenkins = Jenkins.get();
             final ACL acl = context == null ? jenkins.getACL() : context.getACL();
-            final Authentication authentication = Jenkins.getAuthentication();
-            final Authentication itemAuthentication = CredentialsProvider.getDefaultAuthenticationOf(context);
-            final boolean isSystem = ACL.SYSTEM.equals(authentication);
+            final Authentication authentication = Jenkins.getAuthentication2();
+            final Authentication itemAuthentication = CredentialsProvider.getDefaultAuthenticationOf2(context);
+            final boolean isSystem = ACL.SYSTEM2.equals(authentication);
             final Class<? extends StandardCredentials> typeClass = decodeType(credentialType);
             final List<DomainRequirement> domainRequirements = Collections.emptyList();
             final StandardListBoxModel result = new StandardListBoxModel();

diff --git a/src/main/java/com/cloudbees/plugins/credentials/CredentialsParameterValue.java b/src/main/java/com/cloudbees/plugins/credentials/CredentialsParameterValue.java
@@ -21,10 +21,10 @@
 import java.util.Collections;
 import java.util.List;
 import jenkins.model.Jenkins;
-import org.acegisecurity.Authentication;
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.Stapler;
+import org.springframework.security.core.Authentication;
 
 /**
  * A {@link ParameterValue} produced from a {@link CredentialsParameterDefinition}.
@@ -89,24 +89,24 @@ public <C extends IdCredentials> C lookupCredentials(@NonNull Class<C> type, @No
 
     public <C extends IdCredentials> C lookupCredentials(@NonNull Class<C> type, @NonNull Run run,
                                                          List<DomainRequirement> domainRequirements) {
-        Authentication authentication = Jenkins.getAuthentication();
+        Authentication authentication = Jenkins.getAuthentication2();
         final Executor executor = run.getExecutor();
         if (executor != null) {
             final WorkUnit workUnit = executor.getCurrentWorkUnit();
             if (workUnit != null) {
-                authentication = workUnit.context.item.authenticate();
+                authentication = workUnit.context.item.authenticate2();
             }
         }
         List<C> candidates = new ArrayList<>();
-        final boolean isSystem = ACL.SYSTEM.equals(authentication);
+        final boolean isSystem = ACL.SYSTEM2.equals(authentication);
         if (!isSystem && run.getParent().hasPermission(CredentialsProvider.USE_OWN)) {
             candidates.addAll(CredentialsProvider
                     .lookupCredentials(type, run.getParent(), authentication, domainRequirements));
         }
         if (run.getParent().hasPermission(CredentialsProvider.USE_ITEM) || isSystem
                 || isDefaultValue) {
             candidates.addAll(
-                    CredentialsProvider.lookupCredentials(type, run.getParent(), ACL.SYSTEM, domainRequirements));
+                    CredentialsProvider.lookupCredentials(type, run.getParent(), ACL.SYSTEM2, domainRequirements));
         }
         return CredentialsMatchers.firstOrNull(candidates, CredentialsMatchers.withId(value));
     }
@@ -120,14 +120,14 @@ public String describe() {
             throw new IllegalStateException("Should only be called from value.jelly");
         }
         StandardCredentials c = CredentialsMatchers.firstOrNull(
-                CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM,
+                CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM2,
                         Collections.emptyList()), CredentialsMatchers.withId(value));
         if (c != null) {
             return CredentialsNameProvider.name(c);
         }
         c = CredentialsMatchers.firstOrNull(
                 CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(),
-                        Jenkins.getAuthentication(),
+                        Jenkins.getAuthentication2(),
                         Collections.emptyList()), CredentialsMatchers.withId(value));
         if (c != null) {
             return CredentialsNameProvider.name(c);
@@ -144,14 +144,14 @@ public String iconClassName() {
             throw new IllegalStateException("Should only be called from value.jelly");
         }
         StandardCredentials c = CredentialsMatchers.firstOrNull(
-                CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM,
+                CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(), ACL.SYSTEM2,
                         Collections.emptyList()), CredentialsMatchers.withId(value));
         if (c != null) {
             return c.getDescriptor().getIconClassName();
         }
         c = CredentialsMatchers.firstOrNull(
                 CredentialsProvider.lookupCredentials(StandardCredentials.class, run.getParent(),
-                        Jenkins.getAuthentication(),
+                        Jenkins.getAuthentication2(),
                         Collections.emptyList()), CredentialsMatchers.withId(value));
         if (c != null) {
             return c.getDescriptor().getIconClassName();
@@ -167,7 +167,7 @@ public String url() {
         if (run == null) {
             throw new IllegalStateException("Should only be called from value.jelly");
         }
-        try (ACLContext ctx = ACL.as(ACL.SYSTEM)) {
+        try (ACLContext ignored = ACL.as2(ACL.SYSTEM2)) {
             for (CredentialsStore store : CredentialsProvider.lookupStores(run.getParent())) {
                 String url = url(store);
                 if (url != null) {