Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47768

Prevent "authenticated" to appear twice in LastGrantedAuthorities

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Trivial Trivial
    • core
    • None

      Currently there is no check in the LastGrantedAuthorities when we add the "authenticated" role to the list we return. In case the SecurityRealm already provide such role, we must ensure there is only "authenticated" role at the end.

          [JENKINS-47768] Prevent "authenticated" to appear twice in LastGrantedAuthorities

          Wadeck Follonier added a comment - - edited

          The test present in the PR #87 could be simplified a bit if we correct that behavior.

          Wadeck Follonier added a comment - - edited The test present in the PR  #87 could be simplified a bit if we correct that behavior.

          Code changed in jenkins
          User: Wadeck Follonier
          Path:
          core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
          test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy
          test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.java
          http://jenkins-ci.org/commit/jenkins/9735043b6192df3ba37a5a30d146fb807c3fc9ef
          Log:
          JENKINS-47768 - Avoid having "authenticated" twice in the group membership of a user (LastGrantedAuthorities) (#3123)

          • Avoid having "authenticated" twice in the group membership of a user
          • this occur when the SecurityRealm potentially already grants that role (like in github-oauth-plugin)
          • - changed as requested by Oleg
          • the list has a maximum of roles.length and in reality it's either roles.length or (roles.length-1), so the maximum is ok
          • - fix problem of missing the "authenticated" authority
          • - convert the Groovy script to a Java version
          • the Groovy test was not run by default (IIUC Groovy scripts are not compiled if placed in java src folder)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.java http://jenkins-ci.org/commit/jenkins/9735043b6192df3ba37a5a30d146fb807c3fc9ef Log: JENKINS-47768 - Avoid having "authenticated" twice in the group membership of a user (LastGrantedAuthorities) (#3123) Avoid having "authenticated" twice in the group membership of a user this occur when the SecurityRealm potentially already grants that role (like in github-oauth-plugin) - changed as requested by Oleg the list has a maximum of roles.length and in reality it's either roles.length or (roles.length-1), so the maximum is ok - fix problem of missing the "authenticated" authority - convert the Groovy script to a Java version the Groovy test was not run by default (IIUC Groovy scripts are not compiled if placed in java src folder)

          Oleg Nenashev added a comment -

          The fix has been integrated towards 2.90

          Oleg Nenashev added a comment - The fix has been integrated towards 2.90

            wfollonier Wadeck Follonier
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: