Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23805

Add support for case insensitive auth realms to matrix auth

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • matrix-auth-plugin
    • None

      It's possible to specify both 'Foo' and 'FOO' for assigning permissions to the same user in a case insensitive auth realm and have only one of them be effective.

      Matrix Auth should add support for the case sensitivity API added in 1.566 (JENKINS-22247), treating both Foo and FOO equally if using a case insensitive auth realm.

        1. global-config.png
          global-config.png
          71 kB
        2. NPE.txt
          26 kB
        3. project-config.png
          project-config.png
          32 kB

          [JENKINS-23805] Add support for case insensitive auth realms to matrix auth

          Daniel Beck added a comment -

          Rewrote description to address the actual issue.

          Daniel Beck added a comment - Rewrote description to address the actual issue.

          I think the issue can be closed with JENKINS-22247, right?

          Patric Steffen added a comment - I think the issue can be closed with JENKINS-22247 , right?

          Daniel Beck added a comment -

          ffw_patric: I don't think so, see JENKINS-23872 and its comments.

          Daniel Beck added a comment - ffw_patric : I don't think so, see JENKINS-23872 and its comments.

          Hi, can you tell me the current status of this request?

          Patric Steffen added a comment - Hi, can you tell me the current status of this request?

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/security/AuthorizationMatrixProperty.java
          src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
          http://jenkins-ci.org/commit/matrix-auth-plugin/e9868798f857a254ab447be9e5b134497a38c2fd
          Log:
          [FIXED JENKINS-23805] Add support for case insensitive auth realms to matrix auth

          • Fix findbugs issues on new core

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/security/AuthorizationMatrixProperty.java src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java http://jenkins-ci.org/commit/matrix-auth-plugin/e9868798f857a254ab447be9e5b134497a38c2fd Log: [FIXED JENKINS-23805] Add support for case insensitive auth realms to matrix auth Fix findbugs issues on new core

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          pom.xml
          src/main/java/hudson/security/AuthorizationMatrixProperty.java
          src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
          src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
          src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java
          http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43
          Log:
          Merge pull request #9 from jenkinsci/case-sensitivity-support

          JENKINS-23805 Add support for the security realm's provided case sensitivity

          Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: pom.xml src/main/java/hudson/security/AuthorizationMatrixProperty.java src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43 Log: Merge pull request #9 from jenkinsci/case-sensitivity-support JENKINS-23805 Add support for the security realm's provided case sensitivity Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18

          Hi,

          Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing.

          Best regards,

          Wilm

          Wilm Schomburg added a comment - Hi, Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing. Best regards, Wilm

          Alexandre Feblot added a comment - - edited

          Hi,

          On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:

           (Full stack uploaded as an attachment: NPE.txt)

          Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate
          WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException
          java.lang.NullPointerException
              at java.lang.String$CaseInsensitiveComparator.compare(String.java:1193)
              at java.lang.String$CaseInsensitiveComparator.compare(String.java:1186)
              at java.lang.String.compareToIgnoreCase(String.java:1239)
              at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40)
              at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34)
              at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176)
              at jenkins.model.IdStrategy.equals(IdStrategy.java:90)
              at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238)
              at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
              at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
              at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
              at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
              at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)
              at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
              at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
              [...snip...]
          

          Alexandre Feblot added a comment - - edited Hi, On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:  (Full stack uploaded as an attachment: NPE.txt) Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException java.lang.NullPointerException at java.lang. String $CaseInsensitiveComparator.compare( String .java:1193) at java.lang. String $CaseInsensitiveComparator.compare( String .java:1186) at java.lang. String .compareToIgnoreCase( String .java:1239) at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40) at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34) at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176) at jenkins.model.IdStrategy.equals(IdStrategy.java:90) at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238) at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258) at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104) at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83) at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57) at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51) at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80) at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74) [...snip...]

          Daniel Beck added a comment -

          The NPE does not affect anything. It will be fixed towards 1.8.

          Daniel Beck added a comment - The NPE does not affect anything. It will be fixed towards 1.8.

          Alexandre Feblot added a comment - - edited

          Many thanks!

          Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.

          Alexandre Feblot added a comment - - edited Many thanks! Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.

            stephenconnolly Stephen Connolly
            ffw_patric Patric Steffen
            Votes:
            3 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: