Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23805

Add support for case insensitive auth realms to matrix auth

    XMLWordPrintable

Details

    Description

      It's possible to specify both 'Foo' and 'FOO' for assigning permissions to the same user in a case insensitive auth realm and have only one of them be effective.

      Matrix Auth should add support for the case sensitivity API added in 1.566 (JENKINS-22247), treating both Foo and FOO equally if using a case insensitive auth realm.

      Attachments

        1. global-config.png
          global-config.png
          71 kB
        2. NPE.txt
          26 kB
        3. project-config.png
          project-config.png
          32 kB

        Issue Links

          depends on

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-22247 Provide an extension point to define user id case sensitivity contract

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-29248 uid should be caseinsensitve in Matrix-based security

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-28535 AD authentication upper case logon name

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-23844 Matrix based security should apply to case insensitive user name.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-29129 Matrix user identification based on AD groups should be case insensitive and based on a user defined AD field (not exclusively CN)

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link PR 9

          Activity

            Ascending order - Click to sort in descending order
            View 12 older comments
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            pom.xml
            src/main/java/hudson/security/AuthorizationMatrixProperty.java
            src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
            src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
            src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java
            http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43
            Log:
            Merge pull request #9 from jenkinsci/case-sensitivity-support

            JENKINS-23805 Add support for the security realm's provided case sensitivity

            Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: pom.xml src/main/java/hudson/security/AuthorizationMatrixProperty.java src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43 Log: Merge pull request #9 from jenkinsci/case-sensitivity-support JENKINS-23805 Add support for the security realm's provided case sensitivity Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18
            wilm Wilm Schomburg added a comment -

            Hi,

            Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing.

            Best regards,

            Wilm

            wilm Wilm Schomburg added a comment - Hi, Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing. Best regards, Wilm
            alexf Alexandre Feblot added a comment - - edited

            Hi,

            On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:

             (Full stack uploaded as an attachment: NPE.txt)

            Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate
WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException
java.lang.NullPointerException
    at java.lang.String$CaseInsensitiveComparator.compare(String.java:1193)
    at java.lang.String$CaseInsensitiveComparator.compare(String.java:1186)
    at java.lang.String.compareToIgnoreCase(String.java:1239)
    at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40)
    at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34)
    at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176)
    at jenkins.model.IdStrategy.equals(IdStrategy.java:90)
    at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238)
    at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
    at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
    at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
    at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
    at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)
    at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
    at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
    [...snip...]
            alexf Alexandre Feblot added a comment - - edited Hi, On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:  (Full stack uploaded as an attachment: NPE.txt) Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException java.lang.NullPointerException at java.lang. String $CaseInsensitiveComparator.compare( String .java:1193) at java.lang. String $CaseInsensitiveComparator.compare( String .java:1186) at java.lang. String .compareToIgnoreCase( String .java:1239) at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40) at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34) at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176) at jenkins.model.IdStrategy.equals(IdStrategy.java:90) at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238) at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258) at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104) at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83) at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57) at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51) at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80) at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74) [...snip...]
            danielbeck Daniel Beck added a comment -

            The NPE does not affect anything. It will be fixed towards 1.8.

            danielbeck Daniel Beck added a comment - The NPE does not affect anything. It will be fixed towards 1.8.
            alexf Alexandre Feblot added a comment - - edited

            Many thanks!

            Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.

            alexf Alexandre Feblot added a comment - - edited Many thanks! Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.

            People

              stephenconnolly Stephen Connolly
              ffw_patric Patric Steffen
              Votes:
              3 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: