Set current user to anon during cause deserilization so UserIdCause d…

…oesn't access the disk for current user (#259)
groupon · Feb 1, 2017 · 1069eed · 1069eed
1 parent 03d6d27
commit 1069eed
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/src/main/java/com/groupon/jenkins/mongo/CauseActionConverter.java b/src/main/java/com/groupon/jenkins/mongo/CauseActionConverter.java
@@ -27,6 +27,10 @@ of this software and associated documentation files (the "Software"), to deal
 import com.mongodb.BasicDBObjectBuilder;
 import com.mongodb.DBObject;
 import hudson.model.CauseAction;
+import jenkins.model.Jenkins;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.context.SecurityContext;
+import org.acegisecurity.context.SecurityContextHolder;
 import org.mongodb.morphia.converters.SimpleValueConverter;
 import org.mongodb.morphia.converters.TypeConverter;
 import org.mongodb.morphia.mapping.MappedField;
@@ -41,26 +45,29 @@ public CauseActionConverter() {
     }
 
     @Override
-    public CauseAction decode(Class targetClass, Object fromDBObject, MappedField optionalExtraInfo) {
+    public CauseAction decode(final Class targetClass, final Object fromDBObject, final MappedField optionalExtraInfo) {
         if (fromDBObject == null) return null;
-
-        List causes = new ArrayList();
-        List rawList = (List) ((DBObject) fromDBObject).get("causes");
-        for (Object obj : rawList) {
-            DBObject dbObj = (DBObject) obj;
-            Object cause = getMapper().fromDBObject(optionalExtraInfo.getSubClass(), dbObj, getMapper().createEntityCache());
+        final SecurityContext securityContext = SecurityContextHolder.getContext();
+        final Authentication currentAuth = securityContext.getAuthentication();
+        securityContext.setAuthentication(Jenkins.ANONYMOUS);
+        final List causes = new ArrayList();
+        final List rawList = (List) ((DBObject) fromDBObject).get("causes");
+        for (final Object obj : rawList) {
+            final DBObject dbObj = (DBObject) obj;
+            final Object cause = getMapper().fromDBObject(optionalExtraInfo.getSubClass(), dbObj, getMapper().createEntityCache());
             causes.add(cause);
         }
+        securityContext.setAuthentication(currentAuth);
         return new CauseAction(causes);
     }
 
     @Override
-    public Object encode(Object value, MappedField optionalExtraInfo) {
+    public Object encode(final Object value, final MappedField optionalExtraInfo) {
         if (value == null) return null;
-        CauseAction action = (CauseAction) value;
-        List causes = new BasicDBList();
+        final CauseAction action = (CauseAction) value;
+        final List causes = new BasicDBList();
 
-        for (Object obj : action.getCauses()) {
+        for (final Object obj : action.getCauses()) {
             causes.add(getMapper().toDBObject(obj));
         }
         return BasicDBObjectBuilder.start("causes", causes).add("className", CauseAction.class.getName()).get();