jenkinsci · jglick · Feb 10, 2025 · Jan 27, 2025
@@ -33,7 +33,7 @@
 import hudson.security.Permission;
 import hudson.util.AlternativeUiTextProvider;
 import jenkins.branch.Branch;
-import org.acegisecurity.Authentication;
+import org.springframework.security.core.Authentication;
 import org.jenkinsci.plugins.workflow.job.WorkflowJob;
 import org.jenkinsci.plugins.workflow.job.WorkflowJobProperty;
 import org.kohsuke.stapler.export.Exported;
@@ -64,18 +64,18 @@
     @NonNull
     @Override public ACL decorateACL(@NonNull final ACL acl) {
         return new ACL() {
-            @Override public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission) {
+            @Override public boolean hasPermission2(@NonNull Authentication a, @NonNull Permission permission) {
                 // This project is managed by its parent and may not be directly configured or deleted by users.
                 // Note that Item.EXTENDED_READ may still be granted, so you can still see Snippet Generator, etc.
-                if (ACL.SYSTEM.equals(a)) {
+                if (ACL.SYSTEM2.equals(a)) {
                     return true; // e.g., ComputedFolder.updateChildren
                 } else if (permission == Item.CONFIGURE) {
                     return false;
                 } else if (permission == Item.DELETE && !(branch instanceof Branch.Dead)) {
                     // allow early manual clean-up of dead branches
                     return false;
                 } else {
-                    return acl.hasPermission(a, permission);
+                    return acl.hasPermission2(a, permission);
                 }
             }
         };

@@ -51,7 +51,7 @@
 import jenkins.scm.api.SCMSourceDescriptor;
 import static org.hamcrest.Matchers.*;
 
-import org.acegisecurity.Authentication;
+import org.springframework.security.core.Authentication;
 import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;
 import org.jenkinsci.plugins.workflow.job.WorkflowJob;
 import org.jenkinsci.plugins.workflow.job.WorkflowRun;
@@ -166,8 +166,8 @@ public static void assertRevisionAction(WorkflowRun build) {
         r.waitUntilNoActivity();
         WorkflowRun b1 = p.getLastBuild();
         assertEquals(1, b1.getNumber());
-        Authentication auth = User.getById("dev", true).impersonate();
-        assertFalse(p.getACL().hasPermission(auth, Item.DELETE));
+        Authentication auth = User.getById("dev", true).impersonate2();
+        assertFalse(p.getACL().hasPermission2(auth, Item.DELETE));
         assertTrue(p.isBuildable());
         sampleGitRepo.git("checkout", "master");
         sampleGitRepo.git("branch", "-D", "feature");
@@ -181,7 +181,7 @@ public static void assertRevisionAction(WorkflowRun build) {
         mp.scheduleBuild2(0).getFuture().get();
         WorkflowMultiBranchProjectTest.showIndexing(mp);
         assertEquals(2, mp.getItems().size());
-        assertTrue(p.getACL().hasPermission(auth, Item.DELETE));
+        assertTrue(p.getACL().hasPermission2(auth, Item.DELETE));
         assertFalse(p.isBuildable());
         mp.setOrphanedItemStrategy(new DefaultOrphanedItemStrategy(true, "", "0"));
         mp.scheduleBuild2(0).getFuture().get();

@@ -35,7 +35,7 @@
 import jenkins.branch.OrganizationFolder;
 import jenkins.plugins.git.GitSampleRepoRule;
 import jenkins.scm.api.SCMSource;
-import org.acegisecurity.Authentication;
+import org.springframework.security.core.Authentication;
 import static org.hamcrest.Matchers.*;
 import org.jenkinsci.plugins.workflow.job.WorkflowJob;
 import org.jenkinsci.plugins.workflow.job.WorkflowRun;
@@ -81,18 +81,18 @@ public class WorkflowMultiBranchProjectFactoryTest {
         assertEquals(1, sources.size());
         assertEquals("GitSCMSource", sources.get(0).getClass().getSimpleName());
         // Verify permissions:
-        Authentication admin = User.getById("admin", true).impersonate();
+        Authentication admin = User.getById("admin", true).impersonate2();
         ACL acl = one.getACL();
-        assertTrue(acl.hasPermission(ACL.SYSTEM, Item.CONFIGURE));
-        assertTrue(acl.hasPermission(ACL.SYSTEM, Item.DELETE));
-        assertFalse(acl.hasPermission(admin, Item.CONFIGURE));
-        assertFalse(acl.hasPermission(admin, View.CONFIGURE));
-        assertFalse(acl.hasPermission(admin, View.CREATE));
-        assertFalse(acl.hasPermission(admin, View.DELETE));
-        assertFalse(acl.hasPermission(admin, Item.DELETE));
-        assertTrue(acl.hasPermission(admin, Item.EXTENDED_READ));
-        assertTrue(acl.hasPermission(admin, Item.READ));
-        assertTrue(acl.hasPermission(admin, View.READ));
+        assertTrue(acl.hasPermission2(ACL.SYSTEM2, Item.CONFIGURE));
+        assertTrue(acl.hasPermission2(ACL.SYSTEM2, Item.DELETE));
+        assertFalse(acl.hasPermission2(admin, Item.CONFIGURE));
+        assertFalse(acl.hasPermission2(admin, View.CONFIGURE));
+        assertFalse(acl.hasPermission2(admin, View.CREATE));
+        assertFalse(acl.hasPermission2(admin, View.DELETE));
+        assertFalse(acl.hasPermission2(admin, Item.DELETE));
+        assertTrue(acl.hasPermission2(admin, Item.EXTENDED_READ));
+        assertTrue(acl.hasPermission2(admin, Item.READ));
+        assertTrue(acl.hasPermission2(admin, View.READ));
         // Check that the master branch project works:
         r.waitUntilNoActivity();
         WorkflowJob p = WorkflowMultiBranchProjectTest.findBranchProject((WorkflowMultiBranchProject) one, "master");