Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32797

Access to check for unprotected/never secured paths

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Currently no method exists (that I could find) to allow authentication plugins working on top of Jenkins to test a path to see if it does not require authentication; Jenkins does it (in part, at least) using Jenkins.getTarget() (https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/model/Jenkins.java#L3875). This function does too much for some plugins, e.g. NegotiateSSO, because it first checks for read permissions.

      I propose breaking the functionality of Jenkins.getTarget() into several functions, allowing a plugin to access the checks for paths that shouldn't be protected. The attached diff file gives an example (diff base is commit e014700, on jenkinsci/jenkins).

      The other solutions that have been given to me so far involve maintaining a list of exceptions, which seems unwise to me.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              farmgeek4life Bryson Gibbons
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: