Details
-
Type:
Improvement
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Component/s: matrix-auth-plugin
-
Labels:None
-
Similar Issues:
Description
It's possible to specify both 'Foo' and 'FOO' for assigning permissions to the same user in a case insensitive auth realm and have only one of them be effective.
Matrix Auth should add support for the case sensitivity API added in 1.566 (JENKINS-22247), treating both Foo and FOO equally if using a case insensitive auth realm.
Attachments
Issue Links
- depends on
-
JENKINS-22247 Provide an extension point to define user id case sensitivity contract
-
- Resolved
-
- is duplicated by
-
JENKINS-29248 uid should be caseinsensitve in Matrix-based security
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Resolved
-
- links to
Activity
Hi,
Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing.
Best regards,
Wilm
Hi,
On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:
(Full stack uploaded as an attachment: NPE.txt)
Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate
WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException
java.lang.NullPointerException
at java.lang.String$CaseInsensitiveComparator.compare(String.java:1193)
at java.lang.String$CaseInsensitiveComparator.compare(String.java:1186)
at java.lang.String.compareToIgnoreCase(String.java:1239)
at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40)
at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34)
at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176)
at jenkins.model.IdStrategy.equals(IdStrategy.java:90)
at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238)
at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)
at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
[...snip...]
The NPE does not affect anything. It will be fixed towards 1.8.
Many thanks!
Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.
Code changed in jenkins
User: Stephen Connolly
Path:
pom.xml
src/main/java/hudson/security/AuthorizationMatrixProperty.java
src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java
http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43
Log:
Merge pull request #9 from jenkinsci/case-sensitivity-support
JENKINS-23805Add support for the security realm's provided case sensitivityCompare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18