Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32797

Access to check for unprotected/never secured paths

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      Currently no method exists (that I could find) to allow authentication plugins working on top of Jenkins to test a path to see if it does not require authentication; Jenkins does it (in part, at least) using Jenkins.getTarget() (https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/model/Jenkins.java#L3875). This function does too much for some plugins, e.g. NegotiateSSO, because it first checks for read permissions.

      I propose breaking the functionality of Jenkins.getTarget() into several functions, allowing a plugin to access the checks for paths that shouldn't be protected. The attached diff file gives an example (diff base is commit e014700, on jenkinsci/jenkins).

      The other solutions that have been given to me so far involve maintaining a list of exceptions, which seems unwise to me.

            Unassigned Unassigned
            farmgeek4life Bryson Gibbons
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: