Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39360

Allow ALLOWED_JNLPJARS_FILES to be configurable by plugins

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core, swarm-plugin
    • None

      We currently use the [Swarm](https://wiki.jenkins-ci.org/display/JENKINS/Swarm+Plugin) plugin to configure our agents to connect to the master and one of the things we have to do is presetup the agent with the proper version of the swarm-client jar.

      One thing I wanted to do was update the swarm plugin to allow you to retrieve the swarm-client.jar in the same manner as we can the slave.jar. When I looked at the code though I don't think this is possible due to the code in the core.

      The current process looks like this:

      • Download swarm-client.jar from internet
      • Download slave.jar from master
      • Run java process with -cp slave.jar:swarm-client.jar

      I would like it to look like:

      • Download swarm-client.jar from master
      • Download slave.jar from master
      • Run java process with -cp slave.jar:swarm-client.jar

      End goal is to allow me to configure my agents by retrieving any necessary components from the master, including plugin client dependencies such as the swarm-client.jar.

      References:
      [Slave.java](https://github.com/jenkinsci/jenkins/blob/57fc2185da383e904a2a714f2d945426a92bfc3e/core/src/main/java/hudson/model/Slave.java#L619)
      [Swarm Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Swarm+Plugin)

          [JENKINS-39360] Allow ALLOWED_JNLPJARS_FILES to be configurable by plugins

          Oleg Nenashev added a comment -

          Originally there was a plan to make it configurable, but the approach has been rejected by the Security team IIRC.
          CC danielbeck

          Oleg Nenashev added a comment - Originally there was a plan to make it configurable, but the approach has been rejected by the Security team IIRC. CC danielbeck

          Daniel Beck added a comment -

          I see no need to make this configurable. It should be straightforward to achieve a similar result with UnprotectedRootAction / DirectoryBrowserSupport (just don't be an idiot and allow path traversal). The approach chosen in Jenkins was to retain compatibility with existing URLs, but if it's a different file, it should be straightforward enough.

          Daniel Beck added a comment - I see no need to make this configurable. It should be straightforward to achieve a similar result with UnprotectedRootAction / DirectoryBrowserSupport (just don't be an idiot and allow path traversal). The approach chosen in Jenkins was to retain compatibility with existing URLs, but if it's a different file, it should be straightforward enough.

          Oleg Nenashev added a comment -

          KK does not maintain this plugin anymore. Moving to unassigned to set the expectation

          Oleg Nenashev added a comment - KK does not maintain this plugin anymore. Moving to unassigned to set the expectation

          Basil Crow added a comment -

          Fixed in #62 and released in 3.10. You can now download the Swarm Client from the Jenkins master via:

          http://<jenkins-url>/swarm/swarm-client.jar

          Basil Crow added a comment - Fixed in #62 and released in 3.10. You can now download the Swarm Client from the Jenkins master via: http://<jenkins-url>/swarm/swarm-client.jar

            Unassigned Unassigned
            antoniobeyah Antonio Beyah
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: