Skip to content
Permalink
Browse files

[JENKINS-22247] Provide an extension point to define user id case sen…

…sitivity contract

* Fix up bad merge
  • Loading branch information
stephenc committed Mar 18, 2014
1 parent a018bba commit 7459ac07044fd159f573a7b216f3e0986161ddd0
Showing with 18 additions and 6 deletions.
  1. +18 −6 core/src/main/java/hudson/model/User.java
@@ -253,19 +253,31 @@ public synchronized void addProperty(UserProperty p) throws IOException {

/**
* Creates an {@link Authentication} object that represents this user.
*
*
* This method checks with {@link SecurityRealm} if the user is a valid user that can login to the security realm.
* If {@link SecurityRealm} is a kind that does not support querying information about other users, this will
* use {@link LastGrantedAuthoritiesProperty} to pick up the granted authorities as of the last time the user has
* logged in.
*
* @throws UsernameNotFoundException
* If this user is not a valid user in the backend {@link SecurityRealm}.
* @since 1.419
*/
public Authentication impersonate() {
public Authentication impersonate() throws UsernameNotFoundException {
try {
UserDetails u = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(id);
UserDetails u = new ImpersonatingUserDetailsService(
Jenkins.getInstance().getSecurityRealm().getSecurityComponents().userDetails).loadUserByUsername(id);
return new UsernamePasswordAuthenticationToken(u.getUsername(), "", u.getAuthorities());
} catch (UserMayOrMayNotExistException e) {
// backend can't load information about other users. so use the stored information if available
} catch (UsernameNotFoundException e) {
// ignore
// if the user no longer exists in the backend, we need to refuse impersonating this user
throw e;
} catch (DataAccessException e) {
// ignore
// seems like it's in the same boat as UserMayOrMayNotExistException
}
// TODO: use the stored GrantedAuthorities

// seems like a legitimate user we have no idea about. proceed with minimum access
return new UsernamePasswordAuthenticationToken(id, "",
new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
}

0 comments on commit 7459ac0

Please sign in to comment.
You can’t perform that action at this time.