-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Platform: All, OS: All
Changes in 1.249 break previous behavior that could prevent anonymous from read
access. However, now the main page doesn't seem to be protected which doesn't
force container-based authentication to kick-in. Instead, you're redirected to
"/login?from=%2Fhudson%2F" regardless of webcontext. I install hudson under
/hudson, so /login... gives me a 404.
If I give anonymous read access, then I can see the main page and hit the login
link.
Previous behavior allowed me to not enable any access to anonymous in
matrix-based security. When going to /hudson, container-based security would
redirect to my login form correctly.
See also:
1. https://hudson.dev.java.net/issues/show_bug.cgi?id=2275
2. https://hudson.dev.java.net/servlets/ReadMsg?list=users&msgNo=11994
- is duplicated by
-
JENKINS-2275 Hudson login?from=
-
- Closed
-
Code changed in hudson
User: : kohsuke
Path:
trunk/hudson/main/core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
trunk/hudson/main/test/src/test/java/hudson/bugs/LoginRedirectTest.java
trunk/hudson/main/war/pom.xml
trunk/www/changelog.html
http://fisheye4.cenqua.com/changelog/hudson/?cs=11875
Log:
[FIXED JENKINS-2290] On security-enabled Hudson, redirection for a login didn't work correctly since 1.249.