On 06/13/2013 04:58 AM, Sandell, Robert wrote:
def oldAuth = SecurityContextHolder.getContext().getAuthentication()
User otherUser = User.get("username")
SecurityContextHolder.getContext().setAuthentication(otherUser.impersonate())
build.addAction(new CauseAction(new Cause.UserIdCause()))
SecurityContextHolder.getContext().setAuthentication(oldAuth)
This is wrong (security hole), and not just because you forgot the finally
block. Use ACL.impersonate and read its Javadoc for explanation.
--
You received this message because you are subscribed to the Google Groups "Jenkins
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
