Package com.netflix.spinnaker.security

Class AuthenticatedRequest

  • public class AuthenticatedRequest
extends java.lang.Object

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static interface  AuthenticatedRequest.PrincipalExtractor
      Determines the current user principal and how to interpret that principal to extract user identity and allowed accounts.

    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static <V> V allowAnonymous​(java.util.concurrent.Callable<V> closure)
      Allow a given HTTP call to be anonymous.
      static void clear()  
      static java.util.Optional<java.lang.String> get​(com.netflix.spinnaker.kork.common.Header header)  
      static java.util.Optional<java.lang.String> get​(java.lang.String header)  
      static java.util.Map<java.lang.String,​java.util.Optional<java.lang.String>> getAuthenticationHeaders()  
      static java.util.Optional<java.lang.String> getSpinnakerAccounts()  
      static java.util.Optional<java.lang.String> getSpinnakerApplication()  
      static java.util.Optional<java.lang.String> getSpinnakerExecutionId()  
      static java.util.Optional<java.lang.String> getSpinnakerExecutionType()  
      static java.util.Optional<java.lang.String> getSpinnakerRequestId()
      Returns or creates a spinnaker request ID.
      static java.util.Optional<java.lang.String> getSpinnakerUser()  
      static java.util.Optional<java.lang.String> getSpinnakerUserOrigin()  
      static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure)
      Propagates the current users authentication context when for the supplied action
      static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure, boolean restoreOriginalContext)
      Propagates the current users authentication context when for the supplied action
      static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure, boolean restoreOriginalContext, java.lang.Object principal)
      Deprecated.
      use runAs instead to switch to a different user
      static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure, java.lang.Object principal)
      Deprecated.
      use runAs instead to switch to a different user
      static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username, boolean restoreOriginalContext, java.util.concurrent.Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action
      static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username, java.util.Collection<java.lang.String> allowedAccounts, boolean restoreOriginalContext, java.util.concurrent.Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action
      static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username, java.util.Collection<java.lang.String> allowedAccounts, java.util.concurrent.Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action
      static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username, java.util.concurrent.Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action
      static void set​(com.netflix.spinnaker.kork.common.Header header, java.lang.String value)  
      static void set​(java.lang.String header, java.lang.String value)  
      static void setAccounts​(java.lang.String accounts)  
      static void setApplication​(java.lang.String value)  
      static void setExecutionId​(java.lang.String value)  
      static void setExecutionType​(java.lang.String value)  
      static void setPrincipalExtractor​(AuthenticatedRequest.PrincipalExtractor principalExtractor)
      Replaces the PrincipalExtractor for ALL callers of AutheticatedRequest.
      static void setRequestId​(java.lang.String value)  
      static void setUser​(java.lang.String user)  
      static void setUserOrigin​(java.lang.String value)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AuthenticatedRequest

        public AuthenticatedRequest()

    • Method Detail

      • setPrincipalExtractor

        public static void setPrincipalExtractor​(AuthenticatedRequest.PrincipalExtractor principalExtractor)
        Replaces the PrincipalExtractor for ALL callers of AutheticatedRequest.

        This is a gross and terrible thing, and exists because we made everything in AuthenticatedRequest static. This exists as a terrible DI mechanism to support supplying a different opinion on how to pull details from the current user principal, and should only be called at app initialization time to inject that opinion.

        Parameters:
        principalExtractor - the PrincipalExtractor to use for AuthenticatedRequest.

      • allowAnonymous

        public static <V> V allowAnonymous​(java.util.concurrent.Callable<V> closure)
        Allow a given HTTP call to be anonymous. Normally, all requests to Spinnaker services should be authenticated (i.e. include USER & ACCOUNTS HTTP headers). However, in specific cases it is necessary to make an anonymous call. If an anonymous call is made that is not wrapped in this method, it will result in a log message and a metric being logged (indicating a potential bug). Use this method to avoid the log and metric. To make an anonymous call wrap it in this function, e.g. 
        AuthenticatedRequest.allowAnonymous(() -> { // do HTTP call here });

      • runAs

        public static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username,
                                                         java.util.concurrent.Callable<V> closure)
        Prepare an authentication context to run as the supplied user wrapping the supplied action

        The original authentication context is restored after the action completes.

        Type Parameters:
        V - the return type of the supplied action
        Parameters:
        username - the username to run as
        closure - the action to run as the user
        Returns:
        an action that will run the supplied action as the supplied user

      • runAs

        public static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username,
                                                         boolean restoreOriginalContext,
                                                         java.util.concurrent.Callable<V> closure)
        Prepare an authentication context to run as the supplied user wrapping the supplied action
        Type Parameters:
        V - the return type of the supplied action
        Parameters:
        username - the username to run as
        restoreOriginalContext - whether the original authentication context should be restored after the action completes
        closure - the action to run as the user
        Returns:
        an action that will run the supplied action as the supplied user

      • runAs

        public static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username,
                                                         java.util.Collection<java.lang.String> allowedAccounts,
                                                         java.util.concurrent.Callable<V> closure)
        Prepare an authentication context to run as the supplied user wrapping the supplied action

        The original authentication context is restored after the action completes.

        Type Parameters:
        V - the return type of the supplied action
        Parameters:
        username - the username to run as
        allowedAccounts - the allowed accounts for the user as an authorization fallback
        closure - the action to run as the user
        Returns:
        an action that will run the supplied action as the supplied user

      • runAs

        public static <V> java.util.concurrent.Callable<V> runAs​(java.lang.String username,
                                                         java.util.Collection<java.lang.String> allowedAccounts,
                                                         boolean restoreOriginalContext,
                                                         java.util.concurrent.Callable<V> closure)
        Prepare an authentication context to run as the supplied user wrapping the supplied action
        Type Parameters:
        V - the return type of the supplied action
        Parameters:
        username - the username to run as
        allowedAccounts - the allowed accounts for the user as an authorization fallback
        restoreOriginalContext - whether the original authentication context should be restored after the action completes
        closure - the action to run as the user
        Returns:
        an action that will run the supplied action as the supplied user

      • propagate

        public static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure)
        Propagates the current users authentication context when for the supplied action

        The original authentication context is restored after the action completes.

        Type Parameters:
        V - the return type of the supplied action
        Parameters:
        closure - the action to run
        Returns:
        an action that will run propagating the current users authentication context

      • propagate

        public static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure,
                                                             boolean restoreOriginalContext)
        Propagates the current users authentication context when for the supplied action
        Type Parameters:
        V - the return type of the supplied action
        Parameters:
        closure - the action to run
        restoreOriginalContext - whether the original authentication context should be restored after the action completes
        Returns:
        an action that will run propagating the current users authentication context

      • propagate

        @Deprecated
public static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure,
                                                             java.lang.Object principal)
        Deprecated.
        use runAs instead to switch to a different user

      • propagate

        @Deprecated
public static <V> java.util.concurrent.Callable<V> propagate​(java.util.concurrent.Callable<V> closure,
                                                             boolean restoreOriginalContext,
                                                             java.lang.Object principal)
        Deprecated.
        use runAs instead to switch to a different user

      • getAuthenticationHeaders

        public static java.util.Map<java.lang.String,​java.util.Optional<java.lang.String>> getAuthenticationHeaders()

      • getSpinnakerUser

        public static java.util.Optional<java.lang.String> getSpinnakerUser()

      • getSpinnakerAccounts

        public static java.util.Optional<java.lang.String> getSpinnakerAccounts()

      • getSpinnakerRequestId

        public static java.util.Optional<java.lang.String> getSpinnakerRequestId()
        Returns or creates a spinnaker request ID.

        If a request ID already exists, it will be propagated without change. If a request ID does not already exist:

        1. If an execution ID exists, it will create a hierarchical request ID using the execution ID, followed by a UUID. 2. If an execution ID does not exist, it will create a simple UUID request id.

      • getSpinnakerExecutionType

        public static java.util.Optional<java.lang.String> getSpinnakerExecutionType()

      • getSpinnakerUserOrigin

        public static java.util.Optional<java.lang.String> getSpinnakerUserOrigin()

      • getSpinnakerExecutionId

        public static java.util.Optional<java.lang.String> getSpinnakerExecutionId()

      • getSpinnakerApplication

        public static java.util.Optional<java.lang.String> getSpinnakerApplication()

      • get

        public static java.util.Optional<java.lang.String> get​(com.netflix.spinnaker.kork.common.Header header)

      • get

        public static java.util.Optional<java.lang.String> get​(java.lang.String header)

      • setAccounts

        public static void setAccounts​(java.lang.String accounts)

      • setUser

        public static void setUser​(java.lang.String user)

      • setUserOrigin

        public static void setUserOrigin​(java.lang.String value)

      • setRequestId

        public static void setRequestId​(java.lang.String value)

      • setExecutionId

        public static void setExecutionId​(java.lang.String value)

      • setApplication

        public static void setApplication​(java.lang.String value)

      • setExecutionType

        public static void setExecutionType​(java.lang.String value)

      • set

        public static void set​(com.netflix.spinnaker.kork.common.Header header,
                       java.lang.String value)

      • set

        public static void set​(java.lang.String header,
                       java.lang.String value)

      • clear

        public static void clear()