Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28440

Allow to reject specific configurations via REST and CLI

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None
    • Jenkins >= 1.545

      Plugins could reject configurations via REST and CLI in Jenkins < 1.545 by throwing exceptions in readResolve.
      Authorize Project plugin performs authentications with this behavior.

      Jenkins 1.545 suppresses exceptions in readResolve in JENKINS-21024 (also backported to Jenkins 1.532.3).
      This results that throwing exceptions in readResolve prevents reading configurations into memories via REST / CLI but cannot prevents saving them to the disk.
      Authorize-project doesn't perform authentications when Jenkins reads configurations from the disk and allows bypassing authentications.

      Jenkins 1.551 introduced XStream2#addCriticalField in SECURITY-107 (also backported to Jenkins 1.532.2) which triggers critical errors by exceptions in readResolve but only applied to system configurations, not applied project configurations via REST / CLI. (Exceptions are suppressed in CopyOnWriteList)

      Jenkins should provides a way for plugins to reject configurations via REST / CLI.

          [JENKINS-28440] Allow to reject specific configurations via REST and CLI

          ikedam created issue -
          ikedam made changes -
          Link New: This issue is blocking JENKINS-28298 [ JENKINS-28298 ]

          ikedam added a comment -

          This might mean Authorize Project plugin should provide another way for authentication.

          ikedam added a comment - This might mean Authorize Project plugin should provide another way for authentication.

          ikedam added a comment -

          ikedam added a comment - https://github.com/jenkinsci/jenkins/pull/1715
          ikedam made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Link New: This issue is related to JENKINS-21024 [ JENKINS-21024 ]

          Code changed in jenkins
          User: ikedam
          Path:
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/be67b45a31f2987dd20cdbdfd4b4997f5250d66f
          Log:
          JENKINS-28440 Added tests to reproduce and explain JENKINS-28440.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/be67b45a31f2987dd20cdbdfd4b4997f5250d66f Log: JENKINS-28440 Added tests to reproduce and explain JENKINS-28440 .

          Code changed in jenkins
          User: ikedam
          Path:
          core/src/main/java/hudson/util/CopyOnWriteList.java
          core/src/main/java/hudson/util/RobustCollectionConverter.java
          core/src/main/java/hudson/util/RobustMapConverter.java
          core/src/main/java/hudson/util/RobustReflectionConverter.java
          core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
          core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
          http://jenkins-ci.org/commit/jenkins/2082b08e2a0e54856370af9e3dda342475dff334
          Log:
          [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustMapConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java http://jenkins-ci.org/commit/jenkins/2082b08e2a0e54856370af9e3dda342475dff334 Log: [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI.
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

          Code changed in jenkins
          User: ikedam
          Path:
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/7958928aedab9695379f17e6462f8b8236910497
          Log:
          JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/7958928aedab9695379f17e6462f8b8236910497 Log: JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI.

            ikedam ikedam
            ikedam ikedam
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: