-
New Feature
-
Resolution: Fixed
-
Major
-
None
- Separate the authorization configuration from the project configuration. This allows Jenkins to decide the authorization of builds during configuring projects.
- When a plugin lists up credentials,
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Job project) { Authentication auth = Tasks.getAuthenticationOf(project); return new StandardUsernameListBoxModel() .includeEmptyValue() .includeAs(auth, project, StandardUsernameCredentials.class); }
- Even if the authorization is changed after the project configuration is saved, it doesn't cause a security issue as the access to the credential is blocked at build time.
Issues:
- How to control permissions to configure jobs
- You don't want to allow other users configure jobs when you use "Run as Specific User".
- Should the configuration file be separated from config.xml?
- is related to
-
JENKINS-31870 Unable to use LDAP user credentials in build configuration
-
- Closed
-
-
JENKINS-13190 Add ACLPermissionOverride Extension Point to grant additional permissions to an ACL regardless of the AuthorizationStrategy being used
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-
[JENKINS-35081] Separate authorization configuration page
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
http://jenkins-ci.org/commit/authorize-project-plugin/7a04dbe7a2158b873e450b01e3f03ea715d82247
Log:
JENKINS-35081 Remove redundant null check
- Thanks findbugs for finding that one
Code changed in jenkins
User: ikedam
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/action.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/index.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/authorize.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/help-noNeedReauthentication.html
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/help-noNeedReauthentication_ja.html
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy/global-security.jelly
src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/4b8379e73e3e1eb2359636500c5be3d642bdd965
Log:
Merge pull request #26 from stephenc/jenkins-35081
JENKINS-35081 Split the configuration of authentication into a separate screen
Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/25b5015c42a1...4b8379e73e3e
ikedam
added a comment - Preparing additional changes to release:
https://github.com/jenkinsci/authorize-project-plugin/pull/27
ikedam
added a comment - Preparing additional changes to release:
https://github.com/jenkinsci/authorize-project-plugin/pull/27 Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages_ja.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages_ja.properties
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/c0aae28565e5e5e7b96c127c5399aa2b8d6b746c
Log:
JENKINS-35081 Additonal changes for #26
- Users with ADMINISTER permission can always change configurations.
- Rename `hasConfigurePermission` to `hasJobConfigurePermission` and introduce `hasAuthorizeConfigurePermission`.
- Unify `readResolve` into `AuthorizeProjectStrategy`.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
http://jenkins-ci.org/commit/authorize-project-plugin/6c1e7421fe9c874194daa093d17414f8e8b867e9
Log:
JENKINS-35081 Make `readResolve` `protected`
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/c7c59a201cf57e6d9d3c99ab542ab24b3944cb93
Log:
JENKINS-35081 Use AccessControlled for findAncestorObject. Allows bypassing permission checks only to system administrators.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages_ja.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages_ja.properties
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/627d9cbd8583c41476944d4d49498678266bf895
Log:
Merge pull request #27 from ikedam/feature/JENKINS-35081_AdditionalChange
JENKINS-35081 Additonal changes for #26
Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/4b8379e73e3e...627d9cbd8583
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
http://jenkins-ci.org/commit/authorize-project-plugin/ac37f3fcff7a354e17996422dd33e7fc0cdcd3aa
Log:
JENKINS-35081 Fixed the reverted logic of doCheckPasswordRequested.
ikedam
added a comment - stephenconnolly
Really sorry for having you wait for long time.
I released this change as authorize-project-1.3.0. It will be available in the update center in a day.
ikedam
added a comment - stephenconnolly
Really sorry for having you wait for long time.
I released this change as authorize-project-1.3.0. It will be available in the update center in a day. 
Code changed in jenkins
User: Stephen Connolly
Path:
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/dba0d59890693da379a6338248b7ce44b20ebe97
Log:
JENKINS-35081Fix failing testAuthorizationProjectStrategy that uses a Descriptor which is not extending AuthorizationProjectStrategyDescriptor
will not be instantiated. For this reason I removed the parts of the test that are now invalid