Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47768

Prevent "authenticated" to appear twice in LastGrantedAuthorities

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved (View Workflow)
    • Trivial
    • Resolution: Fixed
    • core
    • None

    Description

      Currently there is no check in the LastGrantedAuthorities when we add the "authenticated" role to the list we return. In case the SecurityRealm already provide such role, we must ensure there is only "authenticated" role at the end.

      Attachments

        Activity

          wfollonier Wadeck Follonier added a comment - - edited

          The test present in the PR #87 could be simplified a bit if we correct that behavior.

          wfollonier Wadeck Follonier added a comment - - edited The test present in the PR  #87 could be simplified a bit if we correct that behavior.

          Code changed in jenkins
          User: Wadeck Follonier
          Path:
          core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
          test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy
          test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.java
          http://jenkins-ci.org/commit/jenkins/9735043b6192df3ba37a5a30d146fb807c3fc9ef
          Log:
          JENKINS-47768 - Avoid having "authenticated" twice in the group membership of a user (LastGrantedAuthorities) (#3123)

          • Avoid having "authenticated" twice in the group membership of a user
          • this occur when the SecurityRealm potentially already grants that role (like in github-oauth-plugin)
          • - changed as requested by Oleg
          • the list has a maximum of roles.length and in reality it's either roles.length or (roles.length-1), so the maximum is ok
          • - fix problem of missing the "authenticated" authority
          • - convert the Groovy script to a Java version
          • the Groovy test was not run by default (IIUC Groovy scripts are not compiled if placed in java src folder)
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.java http://jenkins-ci.org/commit/jenkins/9735043b6192df3ba37a5a30d146fb807c3fc9ef Log: JENKINS-47768 - Avoid having "authenticated" twice in the group membership of a user (LastGrantedAuthorities) (#3123) Avoid having "authenticated" twice in the group membership of a user this occur when the SecurityRealm potentially already grants that role (like in github-oauth-plugin) - changed as requested by Oleg the list has a maximum of roles.length and in reality it's either roles.length or (roles.length-1), so the maximum is ok - fix problem of missing the "authenticated" authority - convert the Groovy script to a Java version the Groovy test was not run by default (IIUC Groovy scripts are not compiled if placed in java src folder)
          oleg_nenashev Oleg Nenashev added a comment -

          The fix has been integrated towards 2.90

          oleg_nenashev Oleg Nenashev added a comment - The fix has been integrated towards 2.90

          People

            wfollonier Wadeck Follonier
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: