Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23805

Add support for case insensitive auth realms to matrix auth

    Details

    • Similar Issues:

      Description

      It's possible to specify both 'Foo' and 'FOO' for assigning permissions to the same user in a case insensitive auth realm and have only one of them be effective.

      Matrix Auth should add support for the case sensitivity API added in 1.566 (JENKINS-22247), treating both Foo and FOO equally if using a case insensitive auth realm.

        Attachments

        1. global-config.png
          global-config.png
          71 kB
        2. NPE.txt
          26 kB
        3. project-config.png
          project-config.png
          32 kB

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            pom.xml
            src/main/java/hudson/security/AuthorizationMatrixProperty.java
            src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
            src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
            src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java
            http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43
            Log:
            Merge pull request #9 from jenkinsci/case-sensitivity-support

            JENKINS-23805 Add support for the security realm's provided case sensitivity

            Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: pom.xml src/main/java/hudson/security/AuthorizationMatrixProperty.java src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java src/test/java/com/cloudbees/hudson/plugins/folder/properties/IdStrategyTest.java http://jenkins-ci.org/commit/matrix-auth-plugin/6ce42a114d184d5277ef0f05800ab36c88898e43 Log: Merge pull request #9 from jenkinsci/case-sensitivity-support JENKINS-23805 Add support for the security realm's provided case sensitivity Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/ae9771ee7c2b...6ce42a114d18
            Hide
            wilm Wilm Schomburg added a comment -

            Hi,

            Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing.

            Best regards,

            Wilm

            Show
            wilm Wilm Schomburg added a comment - Hi, Just installed the new version and it looks good for the global security configuration. Have you also tested the fix with folders? For me, it doesn't work with folders. So the user could login with case insensitive username, but he can't see the folders with different username writing. Best regards, Wilm
            Hide
            alexf Alexandre Feblot added a comment - - edited

            Hi,

            On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:

             (Full stack uploaded as an attachment: NPE.txt)

            Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate
            WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException
            java.lang.NullPointerException
                at java.lang.String$CaseInsensitiveComparator.compare(String.java:1193)
                at java.lang.String$CaseInsensitiveComparator.compare(String.java:1186)
                at java.lang.String.compareToIgnoreCase(String.java:1239)
                at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40)
                at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34)
                at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176)
                at jenkins.model.IdStrategy.equals(IdStrategy.java:90)
                at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238)
                at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
                at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
                at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
                at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
                at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)
                at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
                at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
                [...snip...]
            
            Show
            alexf Alexandre Feblot added a comment - - edited Hi, On a freshly installed Jenkins 2.7.4 with the Matrix auth plugin 1.7, for each (user, permission) checked in the Global permission matrix or in a job specific permission matrix, (including Anonymous user), I get the following NPE when opening the configureSecurity or the job configure page, which I don't get if I downgrade to Matrix auth 1.6:  (Full stack uploaded as an attachment: NPE.txt) Aug 11, 2017 5:58:22 PM hudson.ExpressionFactory2$JexlExpression evaluate WARNING: Caught exception evaluating: instance.hasExplicitPermission(attrs.sid,p) in /configureSecurity/. Reason: java.lang.NullPointerException java.lang.NullPointerException at java.lang. String $CaseInsensitiveComparator.compare( String .java:1193) at java.lang. String $CaseInsensitiveComparator.compare( String .java:1186) at java.lang. String .compareToIgnoreCase( String .java:1239) at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:40) at hudson.util.CaseInsensitiveComparator.compare(CaseInsensitiveComparator.java:34) at jenkins.model.IdStrategy$CaseInsensitive.compare(IdStrategy.java:176) at jenkins.model.IdStrategy.equals(IdStrategy.java:90) at hudson.security.GlobalMatrixAuthorizationStrategy.hasExplicitPermission(GlobalMatrixAuthorizationStrategy.java:238) at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258) at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104) at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83) at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57) at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51) at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80) at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74) [...snip...]
            Hide
            danielbeck Daniel Beck added a comment -

            The NPE does not affect anything. It will be fixed towards 1.8.

            Show
            danielbeck Daniel Beck added a comment - The NPE does not affect anything. It will be fixed towards 1.8.
            Hide
            alexf Alexandre Feblot added a comment - - edited

            Many thanks!

            Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.

            Show
            alexf Alexandre Feblot added a comment - - edited Many thanks! Yes, it does indeed not affect the behavior, but with many users, it leads to huge logs in which finding other informations gets much harder.

              People

              • Assignee:
                stephenconnolly Stephen Connolly
                Reporter:
                ffw_patric Patric Steffen
              • Votes:
                3 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: