Index: src/main/java/hudson/WebAppMain.java
===================================================================
--- src/main/java/hudson/WebAppMain.java	(revision 13567)
+++ src/main/java/hudson/WebAppMain.java	(working copy)
@@ -4,6 +4,7 @@
 import com.thoughtworks.xstream.core.JVM;
 import hudson.model.Hudson;
 import hudson.model.User;
+import hudson.security.ACL;
 import hudson.triggers.SafeTimerTask;
 import hudson.triggers.Trigger;
 import hudson.util.HudsonIsLoading;
@@ -18,6 +19,7 @@
 import org.jvnet.localizer.LocaleProvider;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
+import org.acegisecurity.context.SecurityContextHolder;
 import org.apache.tools.ant.types.FileSet;
 
 import javax.naming.Context;
@@ -165,7 +167,10 @@
                         // can be served quickly
                         Trigger.timer.schedule(new SafeTimerTask() {
                             public void doRun() {
+                            	//this thread is initializing hudson. it should have full permission
+                            	SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
                                 User.getUnknown().getBuilds();
+                                SecurityContextHolder.clearContext();
                             }
                         }, 1000*10);
                     } catch (Error e) {
Index: src/main/java/hudson/model/AbstractProject.java
===================================================================
--- src/main/java/hudson/model/AbstractProject.java	(revision 13690)
+++ src/main/java/hudson/model/AbstractProject.java	(working copy)
@@ -929,7 +929,7 @@
      * Schedules a new build command.
      */
     public void doBuild( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException {
-        BuildAuthorizationToken.checkPermission(this, authToken, req, rsp);
+        checkPermission(BUILD);
 
         // if a build is parameterized, let that take over
         ParametersDefinitionProperty pp = getProperty(ParametersDefinitionProperty.class);
@@ -960,7 +960,7 @@
      * Schedules a new SCM polling command.
      */
     public void doPolling( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException {
-        BuildAuthorizationToken.checkPermission(this, authToken, req, rsp);
+        checkPermission(BUILD);
         schedulePolling();
         rsp.forwardToPreviousPage(req);
     }
Index: src/main/java/hudson/model/Hudson.java
===================================================================
--- src/main/java/hudson/model/Hudson.java	(revision 13567)
+++ src/main/java/hudson/model/Hudson.java	(working copy)
@@ -331,6 +331,9 @@
 
 
     public Hudson(File root, ServletContext context) throws IOException {
+    	//as hudson is starting, grant this process full controll
+    	SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
+    	
         this.root = root;
         this.servletContext = context;
         if(theInstance!=null)
@@ -738,7 +741,19 @@
      * @see #getAllItems(Class)
      */
     public List<TopLevelItem> getItems() {
-        return new ArrayList<TopLevelItem>(items.values());
+        List<TopLevelItem> viewableItems = new ArrayList<TopLevelItem>();
+        for (TopLevelItem item : items.values()) {
+            if (item instanceof AccessControlled) {
+            	if (((AccessControlled)item).hasPermission(Item.READ)) {
+            		viewableItems.add(item);
+            	}
+            }
+            else {
+            	viewableItems.add(item);
+            }
+        }
+        
+        return viewableItems;
     }
 
     /**
@@ -1231,7 +1246,13 @@
      */
     @Override
     public TopLevelItem getItem(String name) {
-        return items.get(name);
+    	TopLevelItem item = items.get(name);
+        if (item instanceof AccessControlled) {
+        	if (!((AccessControlled) item).hasPermission(Item.READ)) {
+        		return null;
+        	}
+        }
+        return item;
     }
 
     public File getRootDirFor(TopLevelItem child) {
Index: src/main/java/hudson/model/Item.java
===================================================================
--- src/main/java/hudson/model/Item.java	(revision 13659)
+++ src/main/java/hudson/model/Item.java	(working copy)
@@ -167,4 +167,6 @@
     public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Permission.CREATE);
     public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Permission.DELETE);
     public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Permission.CONFIGURE);
+    public static final Permission READ = new Permission(PERMISSIONS,"Read", Permission.READ);
+    
 }
Index: src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
===================================================================
--- src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java	(revision 13659)
+++ src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java	(working copy)
@@ -72,11 +72,6 @@
         return sids;
     }
 
-    private Object readResolve() {
-        acl = new AclImpl();
-        return this;
-    }
-
     /**
      * Checks if the given SID has the given permission.
      */
Index: src/main/java/hudson/triggers/Trigger.java
===================================================================
--- src/main/java/hudson/triggers/Trigger.java	(revision 13567)
+++ src/main/java/hudson/triggers/Trigger.java	(working copy)
@@ -17,6 +17,7 @@
 import hudson.model.WorkspaceCleanupThread;
 import hudson.scheduler.CronTab;
 import hudson.scheduler.CronTabList;
+import hudson.security.ACL;
 import hudson.util.DoubleLaunchChecker;
 
 import java.io.InvalidObjectException;
@@ -31,6 +32,8 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import org.acegisecurity.context.SecurityContextHolder;
+
 /**
  * Triggers a {@link Build}.
  *
@@ -136,6 +139,9 @@
         private final Calendar cal = new GregorianCalendar();
 
         public void doRun() {
+        	//this is background system work. it should have full permission
+        	SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
+        	
             while(new Date().getTime()-cal.getTimeInMillis()>1000) {
                 LOGGER.fine("cron checking "+cal.getTime().toLocaleString());
 
@@ -149,6 +155,7 @@
 
                 cal.add(Calendar.MINUTE,1);
             }
+            SecurityContextHolder.clearContext();
         }
     }
 
Index: src/main/resources/lib/hudson/executors.jelly
===================================================================
--- src/main/resources/lib/hudson/executors.jelly	(revision 13369)
+++ src/main/resources/lib/hudson/executors.jelly	(working copy)
@@ -56,8 +56,17 @@
 	          </j:when>
 	          <j:otherwise>
 	            <td class="pane" width="70%">
-	              <div nowrap="true">${%Building} <a href="${rootURL}/${e.currentExecutable.url}">${e.currentExecutable}</a></div>
-                <t:buildProgressBar build="${e.currentExecutable}"/>
+	            <div nowrap="true">${%Building}
+	            <j:choose>
+	            <j:when test="${h.hasPermission(e.currentExecutable.parent,e.currentExecutable.parent.READ)}">
+	                <a href="${rootURL}/${e.currentExecutable.url}">${e.currentExecutable}</a>
+	                <t:buildProgressBar build="${e.currentExecutable}"/>
+	            </j:when>
+	            <j:otherwise>
+	            <span>${%Unkown Task}</span>
+	            </j:otherwise>
+	            </j:choose>
+	            </div>
 	            </td>
 	            <td class="pane" width="16" align="center" valign="middle">
                 <j:if test="${e.hasStopPermission()}">
Index: src/main/resources/lib/hudson/queue.jelly
===================================================================
--- src/main/resources/lib/hudson/queue.jelly	(revision 13369)
+++ src/main/resources/lib/hudson/queue.jelly	(working copy)
@@ -32,10 +32,17 @@
           <tr>
             <td class="pane" width="100%" tooltip="${item.why}">
               <j:set var="stuck" value="${item.isStuck()}" />
+              <j:choose>
+              <j:when test="${h.hasPermission(item.task,item.task.READ)}">
               <a href="${rootURL}/${item.task.url}" style="${h.ifThenElse(stuck,'color:#ef2929',null)}">
                 ${item.task.fullDisplayName}
                 <j:if test="${stuck}"> (${%appears to be stuck})</j:if>
               </a>
+              </j:when>
+              <j:otherwise>
+              <span>${%Uknown Task}</span>
+              </j:otherwise>
+              </j:choose>
             </td>
             <td class="pane" width="16" align="center" valign="middle">
               <j:if test="${item.hasCancelPermission()}">
Index: src/main/resources/lib/hudson/project/upstream-downstream.jelly
===================================================================
--- src/main/resources/lib/hudson/project/upstream-downstream.jelly	(revision 13369)
+++ src/main/resources/lib/hudson/project/upstream-downstream.jelly	(working copy)
@@ -22,10 +22,12 @@
     <h2>${%Upstream Projects}</h2>
     <ul style="list-style-type: none;">
       <j:forEach var="item" items="${upstream}">
+      <j:if test="${h.hasPermission(item,item.READ)}">
         <li>
           <local:showItem />
           <local:relationship lhs="${item}" rhs="${it}"/>
         </li>
+        </j:if>
       </j:forEach>
     </ul>
   </j:if>
@@ -34,11 +36,15 @@
     <h2>${%Downstream Projects}</h2>
     <ul style="list-style-type: none;">
       <j:forEach var="item" items="${downstream}">
+      <j:if test="${h.hasPermission(item,item.READ)}">
         <li>
           <local:showItem />
           <local:relationship lhs="${it}" rhs="${item}"/>
         </li>
+        </j:if>
       </j:forEach>
     </ul>
   </j:if>
+  
+
 </j:jelly>
\ No newline at end of file