Details
Description
Original request: SecurityListener should be notified when ApiTokenFilter approves or denies a REST authentication attempt. jglick says that the logic should be reviewed from scratch.
TL;DR:
- Investigate how it works
- Send events when it does not
Acceptance criteria:
- We cover REST, CLI, Web UI...
- Data should be forwarded to SecurityListener and logged here: https://github.com/jenkinsci/jenkins/blob/08def67a18eee51de9f3f99bc2a792fee1c160e0/core/src/main/java/jenkins/security/SecurityListener.java#L91
- Anybody should be able to attach to the Security Listener and get the information (via plugin or so)
- Nice2have: Review Javadoc of the engine and ensure it is still correct
- Nice2have: Document the login flow in Wiki (or Jenkins.io developer docs)
- What should happen:
- When you login, you get event
- When the authentication is sent, you get event. Includes REST API (password != API token) and Web calls. Example: https://github.com/jenkinsci/jenkins/blob/729016989e13632bc980957d05060510efddf41f/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java#L116
Not in scope:
- SecurityListener Audit Trail patch is not in the scope. May be used as reference impl if we need to add new API
Attachments
Issue Links
- depends on
-
JENKINS-20999 Extension point for tracking login-related events
-
- Resolved
-
- links to
Activity
| Field | Original Value | New Value |
|---|---|---|
| Link |
This issue depends on |
| Workflow | JNJira [ 161218 ] | JNJira + In-Review [ 180611 ] |
| Description | {{SecurityListener}} should be notified when {{ApiTokenFilter}} approves or denies a REST authentication attempt. |
{{Original request: SecurityListener}} should be notified when {{ApiTokenFilter}} approves or denies a REST authentication attempt. [~jglick] says that the logic should be reviewed from scratch. Acceptance criteria: * We cover REST, CLI, Web UI... * Data should be forwarded to SecurityListener and logged here: [https://github.com/jenkinsci/jenkins/blob/08def67a18eee51de9f3f99bc2a792fee1c160e0/core/src/main/java/jenkins/security/SecurityListener.java#L91] * Anybody should be able to attach to the Security Listener and get the information (via plugin or so) * Nice2have: Review Javadoc of the engine and ensure it is still correct * What should happen: ** When you login, you get event ** When the authentication is sent, you get event. Includes REST API (password != API token) and Web calls. Example: [https://github.com/jenkinsci/jenkins/blob/729016989e13632bc980957d05060510efddf41f/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java#L116] Not in scope: * SecurityListener Audit Trail patch is not in the scope. May be used as reference impl if we need to add new API |
| Description |
{{Original request: SecurityListener}} should be notified when {{ApiTokenFilter}} approves or denies a REST authentication attempt. [~jglick] says that the logic should be reviewed from scratch. Acceptance criteria: * We cover REST, CLI, Web UI... * Data should be forwarded to SecurityListener and logged here: [https://github.com/jenkinsci/jenkins/blob/08def67a18eee51de9f3f99bc2a792fee1c160e0/core/src/main/java/jenkins/security/SecurityListener.java#L91] * Anybody should be able to attach to the Security Listener and get the information (via plugin or so) * Nice2have: Review Javadoc of the engine and ensure it is still correct * What should happen: ** When you login, you get event ** When the authentication is sent, you get event. Includes REST API (password != API token) and Web calls. Example: [https://github.com/jenkinsci/jenkins/blob/729016989e13632bc980957d05060510efddf41f/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java#L116] Not in scope: * SecurityListener Audit Trail patch is not in the scope. May be used as reference impl if we need to add new API |
{{Original request: SecurityListener}} should be notified when {{ApiTokenFilter}} approves or denies a REST authentication attempt. [~jglick] says that the logic should be reviewed from scratch. TL;DR: * Investigate how it works * Send events when it does not Acceptance criteria: * We cover REST, CLI, Web UI... * Data should be forwarded to SecurityListener and logged here: [https://github.com/jenkinsci/jenkins/blob/08def67a18eee51de9f3f99bc2a792fee1c160e0/core/src/main/java/jenkins/security/SecurityListener.java#L91] * Anybody should be able to attach to the Security Listener and get the information (via plugin or so) * Nice2have: Review Javadoc of the engine and ensure it is still correct * What should happen: ** When you login, you get event ** When the authentication is sent, you get event. Includes REST API (password != API token) and Web calls. Example: [https://github.com/jenkinsci/jenkins/blob/729016989e13632bc980957d05060510efddf41f/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java#L116] Not in scope: * SecurityListener Audit Trail patch is not in the scope. May be used as reference impl if we need to add new API |
| Assignee | Wadeck Follonier [ wfollonier ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Description |
{{Original request: SecurityListener}} should be notified when {{ApiTokenFilter}} approves or denies a REST authentication attempt. [~jglick] says that the logic should be reviewed from scratch. TL;DR: * Investigate how it works * Send events when it does not Acceptance criteria: * We cover REST, CLI, Web UI... * Data should be forwarded to SecurityListener and logged here: [https://github.com/jenkinsci/jenkins/blob/08def67a18eee51de9f3f99bc2a792fee1c160e0/core/src/main/java/jenkins/security/SecurityListener.java#L91] * Anybody should be able to attach to the Security Listener and get the information (via plugin or so) * Nice2have: Review Javadoc of the engine and ensure it is still correct * What should happen: ** When you login, you get event ** When the authentication is sent, you get event. Includes REST API (password != API token) and Web calls. Example: [https://github.com/jenkinsci/jenkins/blob/729016989e13632bc980957d05060510efddf41f/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java#L116] Not in scope: * SecurityListener Audit Trail patch is not in the scope. May be used as reference impl if we need to add new API |
{{Original request: SecurityListener}} should be notified when {{ApiTokenFilter}} approves or denies a REST authentication attempt. [~jglick] says that the logic should be reviewed from scratch. TL;DR: * Investigate how it works * Send events when it does not Acceptance criteria: * We cover REST, CLI, Web UI... * Data should be forwarded to SecurityListener and logged here: [https://github.com/jenkinsci/jenkins/blob/08def67a18eee51de9f3f99bc2a792fee1c160e0/core/src/main/java/jenkins/security/SecurityListener.java#L91] * Anybody should be able to attach to the Security Listener and get the information (via plugin or so) * Nice2have: Review Javadoc of the engine and ensure it is still correct * Nice2have: Document the login flow in Wiki (or Jenkins.io developer docs) * What should happen: ** When you login, you get event ** When the authentication is sent, you get event. Includes REST API (password != API token) and Web calls. Example: [https://github.com/jenkinsci/jenkins/blob/729016989e13632bc980957d05060510efddf41f/core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java#L116] Not in scope: * SecurityListener Audit Trail patch is not in the scope. May be used as reference impl if we need to add new API |
| Remote Link | This issue links to "#3074 (Web Link)" [ 17949 ] |
| Remote Link | This issue links to "#1192 (jenkins-io) (Web Link)" [ 17950 ] |
| Status | In Progress [ 3 ] | In Review [ 10005 ] |
| Resolution | Fixed [ 1 ] | |
| Status | In Review [ 10005 ] | Resolved [ 5 ] |