public class AclAwareWhitelist extends Whitelist
ACL.SYSTEM user is making them.
First there is a list of unrestricted signatures; these can always be run.
Then there is a (probably much smaller) list of restricted signatures.
These can be run only when the current user is a real user or even Jenkins.ANONYMOUS, but not when ACL.SYSTEM.
Restricted methods should be limited to those which actually perform a permissions check, typically using ACL.checkPermission(hudson.security.Permission).
Allowing the system pseudo-user to run these would be dangerous, since we do not know “on whose behalf” a script is running, and this “user” is permitted to do anything.
| Constructor and Description |
|---|
AclAwareWhitelist(Whitelist unrestricted,
Whitelist restricted)
Creates a delegating whitelist.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
permitsConstructor(Constructor<?> constructor,
Object[] args) |
boolean |
permitsFieldGet(Field field,
Object receiver) |
boolean |
permitsFieldSet(Field field,
Object receiver,
Object value) |
boolean |
permitsMethod(Method method,
Object receiver,
Object[] args)
Checks whether a given virtual method may be invoked.
|
boolean |
permitsStaticFieldGet(Field field) |
boolean |
permitsStaticFieldSet(Field field,
Object value) |
boolean |
permitsStaticMethod(Method method,
Object[] args) |
public AclAwareWhitelist(Whitelist unrestricted, Whitelist restricted)
unrestricted - a general whitelist; anything permitted by this one will be permitted in any contextrestricted - a whitelist of method/constructor calls (field accesses never consulted) for which ACL checks are expectedpublic boolean permitsMethod(Method method, Object receiver, Object[] args)
WhitelistNote that method should not be implementing or overriding a method in a supertype;
in such a case the caller must pass that supertype method instead.
In other words, call site selection is the responsibility of the caller (such as GroovySandbox), not the whitelist.
permitsMethod in class Whitelistmethod - a method defined in the JVMreceiver - this, the receiver of the method callargs - zero or more argumentspublic boolean permitsConstructor(Constructor<?> constructor, Object[] args)
permitsConstructor in class Whitelistpublic boolean permitsStaticMethod(Method method, Object[] args)
permitsStaticMethod in class Whitelistpublic boolean permitsFieldGet(Field field, Object receiver)
permitsFieldGet in class Whitelistpublic boolean permitsFieldSet(Field field, Object receiver, Object value)
permitsFieldSet in class Whitelistpublic boolean permitsStaticFieldGet(Field field)
permitsStaticFieldGet in class Whitelistpublic boolean permitsStaticFieldSet(Field field, Object value)
permitsStaticFieldSet in class WhitelistCopyright © 2016. All rights reserved.