Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35081

Separate authorization configuration page

    Details

    • Similar Issues:

      Description

      • Separate the authorization configuration from the project configuration. This allows Jenkins to decide the authorization of builds during configuring projects.
      • When a plugin lists up credentials,
        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Job project) {
            Authentication auth = Tasks.getAuthenticationOf(project);
            return new StandardUsernameListBoxModel()
                .includeEmptyValue()
                .includeAs(auth, project, StandardUsernameCredentials.class);
        }
        
      • Even if the authorization is changed after the project configuration is saved, it doesn't cause a security issue as the access to the credential is blocked at build time.

      Issues:

      • How to control permissions to configure jobs
        • You don't want to allow other users configure jobs when you use "Run as Specific User".
      • Should the configuration file be separated from config.xml?

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
            http://jenkins-ci.org/commit/authorize-project-plugin/6c1e7421fe9c874194daa093d17414f8e8b867e9
            Log:
            JENKINS-35081 Make `readResolve` `protected`

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java http://jenkins-ci.org/commit/authorize-project-plugin/6c1e7421fe9c874194daa093d17414f8e8b867e9 Log: JENKINS-35081 Make `readResolve` `protected`
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
            src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
            http://jenkins-ci.org/commit/authorize-project-plugin/c7c59a201cf57e6d9d3c99ab542ab24b3944cb93
            Log:
            JENKINS-35081 Use AccessControlled for findAncestorObject. Allows bypassing permission checks only to system administrators.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java http://jenkins-ci.org/commit/authorize-project-plugin/c7c59a201cf57e6d9d3c99ab542ab24b3944cb93 Log: JENKINS-35081 Use AccessControlled for findAncestorObject. Allows bypassing permission checks only to system administrators.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
            src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
            src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
            src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages_ja.properties
            src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties
            src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages_ja.properties
            src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
            http://jenkins-ci.org/commit/authorize-project-plugin/627d9cbd8583c41476944d4d49498678266bf895
            Log:
            Merge pull request #27 from ikedam/feature/JENKINS-35081_AdditionalChange

            JENKINS-35081 Additonal changes for #26

            Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/4b8379e73e3e...627d9cbd8583

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages_ja.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages_ja.properties src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java http://jenkins-ci.org/commit/authorize-project-plugin/627d9cbd8583c41476944d4d49498678266bf895 Log: Merge pull request #27 from ikedam/feature/ JENKINS-35081 _AdditionalChange JENKINS-35081 Additonal changes for #26 Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/4b8379e73e3e...627d9cbd8583
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
            http://jenkins-ci.org/commit/authorize-project-plugin/ac37f3fcff7a354e17996422dd33e7fc0cdcd3aa
            Log:
            JENKINS-35081 Fixed the reverted logic of doCheckPasswordRequested.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java http://jenkins-ci.org/commit/authorize-project-plugin/ac37f3fcff7a354e17996422dd33e7fc0cdcd3aa Log: JENKINS-35081 Fixed the reverted logic of doCheckPasswordRequested.
            Hide
            ikedam ikedam added a comment -

            Stephen Connolly
            Really sorry for having you wait for long time.
            I released this change as authorize-project-1.3.0. It will be available in the update center in a day.

            Show
            ikedam ikedam added a comment - Stephen Connolly Really sorry for having you wait for long time. I released this change as authorize-project-1.3.0. It will be available in the update center in a day.

              People

              • Assignee:
                ikedam ikedam
                Reporter:
                ikedam ikedam
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: