jenkinsci · jvz · Oct 7, 2019 · Oct 1, 2019
@@ -14,15 +14,14 @@
 import hudson.model.User;
 import hudson.model.queue.WorkUnit;
 import hudson.security.ACL;
+import hudson.security.ACLContext;
 import hudson.util.VariableResolver;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import jenkins.model.Jenkins;
 import org.acegisecurity.Authentication;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextHolder;
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.Stapler;
@@ -173,17 +172,14 @@ public String url() {
         if (run == null) {
             throw new IllegalStateException("Should only be called from value.jelly");
         }
-            SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
-            try {
-                for (CredentialsStore store : CredentialsProvider.lookupStores(run.getParent())) {
-                    String url = url(store);
-                    if (url != null) {
-                        return url;
-                    }
+        try (ACLContext ctx = ACL.as(ACL.SYSTEM)) {
+            for (CredentialsStore store : CredentialsProvider.lookupStores(run.getParent())) {
+                String url = url(store);
+                if (url != null) {
+                    return url;
                 }
-            } finally {
-                SecurityContextHolder.setContext(oldContext);
             }
+        }
         for (CredentialsStore store: CredentialsProvider.lookupStores(User.current())) {
             String url = url(store);
             if (url != null) {

@@ -55,6 +55,7 @@
 import hudson.model.User;
 import hudson.model.queue.Tasks;
 import hudson.security.ACL;
+import hudson.security.ACLContext;
 import hudson.security.Permission;
 import hudson.security.PermissionGroup;
 import hudson.security.PermissionScope;
@@ -89,8 +90,6 @@
 import jenkins.util.Timer;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.userdetails.UsernameNotFoundException;
 import org.apache.commons.io.IOUtils;
@@ -1668,8 +1667,7 @@ public static void saveAll() throws IOException {
             Timer.get().execute(new Runnable() {
             @Override
             public void run() {
-                SecurityContext ctx = ACL.impersonate(ACL.SYSTEM);
-                try {
+                try (ACLContext ctx = ACL.as(ACL.SYSTEM)) {
                     if (jenkins.getInitLevel().compareTo(InitMilestone.JOB_LOADED) < 0) {
                         LOGGER.log(Level.INFO, "Forced save credentials stores: Initialization has not completed");
                         while (jenkins.getInitLevel().compareTo(InitMilestone.JOB_LOADED) < 0) {
@@ -1740,7 +1738,6 @@ public void run() {
                     }
                 } finally {
                     LOGGER.log(Level.INFO, "Forced save credentials stores: Completed");
-                    SecurityContextHolder.setContext(ctx);
                 }
             }
         });

@@ -171,7 +171,6 @@ public List<DomainCredentials> getDomainCredentials() {
      * @return all the credentials.
      * @since 1.5
      */
-    @SuppressWarnings("deprecation")
     @NonNull
     public synchronized Map<Domain, List<Credentials>> getDomainCredentialsMap() {
         return domainCredentialsMap = DomainCredentials.migrateListToMap(domainCredentialsMap, credentials);

@@ -121,7 +121,7 @@ public String getIconFileName() {
      */
     @NonNull
     public List<CredentialsStore> getParentStores() {
-        List<CredentialsStore> result = new ArrayList<CredentialsStore>();
+        List<CredentialsStore> result = new ArrayList<>();
         for (CredentialsStore s : CredentialsProvider.lookupStores(getContext())) {
             if (context != s.getContext() && s.hasPermission(CredentialsProvider.VIEW)) {
                 result.add(s);
@@ -137,7 +137,7 @@ public List<CredentialsStore> getParentStores() {
      */
     @NonNull
     public List<CredentialsStore> getLocalStores() {
-        List<CredentialsStore> result = new ArrayList<CredentialsStore>();
+        List<CredentialsStore> result = new ArrayList<>();
         for (CredentialsStore s : CredentialsProvider.lookupStores(getContext())) {
             if (context == s.getContext() && s.hasPermission(CredentialsProvider.VIEW)) {
                 result.add(s);
@@ -154,7 +154,7 @@ public List<CredentialsStore> getLocalStores() {
     @NonNull
     @SuppressWarnings("unused") // Jelly EL
     public List<CredentialsStoreAction> getStoreActions() {
-        List<CredentialsStoreAction> result = new ArrayList<CredentialsStoreAction>();
+        List<CredentialsStoreAction> result = new ArrayList<>();
         for (final CredentialsStore s : CredentialsProvider.lookupStores(getContext())) {
             if (context == s.getContext() && s.hasPermission(CredentialsProvider.VIEW)) {
                 CredentialsStoreAction action = s.getStoreAction();
@@ -176,7 +176,7 @@ public List<CredentialsStoreAction> getStoreActions() {
     @SuppressWarnings("unused") // Stapler XML/JSON API
     @Exported(name = "stores")
     public Map<String,CredentialsStoreAction> getStoreActionsMap() {
-        Map<String,CredentialsStoreAction> result = new TreeMap<String, CredentialsStoreAction>();
+        Map<String,CredentialsStoreAction> result = new TreeMap<>();
         for (CredentialsStoreAction a: getStoreActions()) {
             result.put(a.getUrlName(), a);
         }
@@ -260,11 +260,8 @@ public Api getApi() {
      * @return the credential entries.
      */
     public List<TableEntry> getTableEntries() {
-        List<TableEntry> result = new ArrayList<TableEntry>();
-        Item item = context instanceof Item ? (Item) context : null;
-        ItemGroup group = context instanceof ItemGroup ? (ItemGroup) context
-                : context instanceof User ? Jenkins.get() : null;
-        Set<String> ids = new HashSet<String>();
+        List<TableEntry> result = new ArrayList<>();
+        Set<String> ids = new HashSet<>();
         for (CredentialsStore p : CredentialsProvider.lookupStores(context)) {
             if (p.hasPermission(CredentialsProvider.VIEW)) {
                 for (Domain domain : p.getDomains()) {

@@ -175,7 +175,6 @@ public List<Credentials> getCredentials() {
          *
          * @since 3.10
          */
-        @SuppressWarnings("deprecation")
         @NonNull
         public synchronized Map<Domain, List<Credentials>> getDomainCredentialsMap() {
             return domainCredentialsMap = DomainCredentials.migrateListToMap(domainCredentialsMap, credentials);

@@ -50,7 +50,6 @@
 import org.jvnet.hudson.test.TestExtension;
 import org.kohsuke.stapler.DataBoundConstructor;
 
-import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;

@@ -43,7 +43,6 @@
 import java.util.Collections;
 import java.util.List;
 import jenkins.model.Jenkins;
-import org.hamcrest.Matcher;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;

@@ -40,7 +40,6 @@
 import hudson.model.ParametersAction;
 import hudson.model.ParametersDefinitionProperty;
 import java.util.Collections;
-import java.util.concurrent.Future;
 import jenkins.model.Jenkins;
 import org.junit.Before;
 import org.junit.Rule;