Package com.netflix.spinnaker.security

Class AuthenticatedRequest

java.lang.Object
com.netflix.spinnaker.security.AuthenticatedRequest
public class AuthenticatedRequest extends Object

  • Constructor Details

    • AuthenticatedRequest

      public AuthenticatedRequest()

  • Method Details

    • setPrincipalExtractor

      public static void setPrincipalExtractor(AuthenticatedRequest.PrincipalExtractor principalExtractor)
      Replaces the PrincipalExtractor for ALL callers of AutheticatedRequest.

      This is a gross and terrible thing, and exists because we made everything in AuthenticatedRequest static. This exists as a terrible DI mechanism to support supplying a different opinion on how to pull details from the current user principal, and should only be called at app initialization time to inject that opinion.

      Parameters:
      principalExtractor - the PrincipalExtractor to use for AuthenticatedRequest.

    • allowAnonymous

      public static <V> V allowAnonymous(Callable<V> closure)
      Allow a given HTTP call to be anonymous. Normally, all requests to Spinnaker services should be authenticated (i.e. include USER & ACCOUNTS HTTP headers). However, in specific cases it is necessary to make an anonymous call. If an anonymous call is made that is not wrapped in this method, it will result in a log message and a metric being logged (indicating a potential bug). Use this method to avoid the log and metric. To make an anonymous call wrap it in this function, e.g. 
      AuthenticatedRequest.allowAnonymous(() -> { // do HTTP call here });

    • runAs

      public static <V> Callable<V> runAs(String username, Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action

      The original authentication context is restored after the action completes.

      Type Parameters:
      V - the return type of the supplied action
      Parameters:
      username - the username to run as
      closure - the action to run as the user
      Returns:
      an action that will run the supplied action as the supplied user

    • runAs

      public static <V> Callable<V> runAs(String username, boolean restoreOriginalContext, Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action
      Type Parameters:
      V - the return type of the supplied action
      Parameters:
      username - the username to run as
      restoreOriginalContext - whether the original authentication context should be restored after the action completes
      closure - the action to run as the user
      Returns:
      an action that will run the supplied action as the supplied user

    • runAs

      public static <V> Callable<V> runAs(String username, Collection<String> allowedAccounts, Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action

      The original authentication context is restored after the action completes.

      Type Parameters:
      V - the return type of the supplied action
      Parameters:
      username - the username to run as
      allowedAccounts - the allowed accounts for the user as an authorization fallback
      closure - the action to run as the user
      Returns:
      an action that will run the supplied action as the supplied user

    • runAs

      public static <V> Callable<V> runAs(String username, Collection<String> allowedAccounts, boolean restoreOriginalContext, Callable<V> closure)
      Prepare an authentication context to run as the supplied user wrapping the supplied action
      Type Parameters:
      V - the return type of the supplied action
      Parameters:
      username - the username to run as
      allowedAccounts - the allowed accounts for the user as an authorization fallback
      restoreOriginalContext - whether the original authentication context should be restored after the action completes
      closure - the action to run as the user
      Returns:
      an action that will run the supplied action as the supplied user

    • propagate

      public static <V> Callable<V> propagate(Callable<V> closure)
      Propagates the current users authentication context when for the supplied action

      The original authentication context is restored after the action completes.

      Type Parameters:
      V - the return type of the supplied action
      Parameters:
      closure - the action to run
      Returns:
      an action that will run propagating the current users authentication context

    • propagate

      public static <V> Callable<V> propagate(Callable<V> closure, boolean restoreOriginalContext)
      Propagates the current users authentication context when for the supplied action
      Type Parameters:
      V - the return type of the supplied action
      Parameters:
      closure - the action to run
      restoreOriginalContext - whether the original authentication context should be restored after the action completes
      Returns:
      an action that will run propagating the current users authentication context

    • propagate

      @Deprecated public static <V> Callable<V> propagate(Callable<V> closure, Object principal)
      Deprecated.
      use runAs instead to switch to a different user

    • propagate

      @Deprecated public static <V> Callable<V> propagate(Callable<V> closure, boolean restoreOriginalContext, Object principal)
      Deprecated.
      use runAs instead to switch to a different user

    • getAuthenticationHeaders

      public static Map<String,Optional<String>> getAuthenticationHeaders()

    • getSpinnakerUser

      public static Optional<String> getSpinnakerUser()

    • getSpinnakerAccounts

      public static Optional<String> getSpinnakerAccounts()

    • getSpinnakerRequestId

      public static Optional<String> getSpinnakerRequestId()
      Returns or creates a spinnaker request ID.

      If a request ID already exists, it will be propagated without change. If a request ID does not already exist:

      1. If an execution ID exists, it will create a hierarchical request ID using the execution ID, followed by a UUID. 2. If an execution ID does not exist, it will create a simple UUID request id.

    • getSpinnakerExecutionType

      public static Optional<String> getSpinnakerExecutionType()

    • getSpinnakerUserOrigin

      public static Optional<String> getSpinnakerUserOrigin()

    • getSpinnakerExecutionId

      public static Optional<String> getSpinnakerExecutionId()

    • getSpinnakerApplication

      public static Optional<String> getSpinnakerApplication()

    • get

      public static Optional<String> get(com.netflix.spinnaker.kork.common.Header header)

    • get

      public static Optional<String> get(String header)

    • setAccounts

      public static void setAccounts(String accounts)

    • setUser

      public static void setUser(String user)

    • setUserOrigin

      public static void setUserOrigin(String value)

    • setRequestId

      public static void setRequestId(String value)

    • setExecutionId

      public static void setExecutionId(String value)

    • setApplication

      public static void setApplication(String value)

    • setExecutionType

      public static void setExecutionType(String value)

    • set

      public static void set(com.netflix.spinnaker.kork.common.Header header, String value)

    • set

      public static void set(String header, String value)

    • clear

      public static void clear()