Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47768

Prevent "authenticated" to appear twice in LastGrantedAuthorities

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Trivial
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Currently there is no check in the LastGrantedAuthorities when we add the "authenticated" role to the list we return. In case the SecurityRealm already provide such role, we must ensure there is only "authenticated" role at the end.

        Attachments

          Activity

          Hide
          wfollonier Wadeck Follonier added a comment - - edited

          The test present in the PR #87 could be simplified a bit if we correct that behavior.

          Show
          wfollonier Wadeck Follonier added a comment - - edited The test present in the PR  #87 could be simplified a bit if we correct that behavior.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Wadeck Follonier
          Path:
          core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
          test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy
          test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.java
          http://jenkins-ci.org/commit/jenkins/9735043b6192df3ba37a5a30d146fb807c3fc9ef
          Log:
          JENKINS-47768 - Avoid having "authenticated" twice in the group membership of a user (LastGrantedAuthorities) (#3123)

          • Avoid having "authenticated" twice in the group membership of a user
          • this occur when the SecurityRealm potentially already grants that role (like in github-oauth-plugin)
          • - changed as requested by Oleg
          • the list has a maximum of roles.length and in reality it's either roles.length or (roles.length-1), so the maximum is ok
          • - fix problem of missing the "authenticated" authority
          • - convert the Groovy script to a Java version
          • the Groovy test was not run by default (IIUC Groovy scripts are not compiled if placed in java src folder)
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.java http://jenkins-ci.org/commit/jenkins/9735043b6192df3ba37a5a30d146fb807c3fc9ef Log: JENKINS-47768 - Avoid having "authenticated" twice in the group membership of a user (LastGrantedAuthorities) (#3123) Avoid having "authenticated" twice in the group membership of a user this occur when the SecurityRealm potentially already grants that role (like in github-oauth-plugin) - changed as requested by Oleg the list has a maximum of roles.length and in reality it's either roles.length or (roles.length-1), so the maximum is ok - fix problem of missing the "authenticated" authority - convert the Groovy script to a Java version the Groovy test was not run by default (IIUC Groovy scripts are not compiled if placed in java src folder)
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          The fix has been integrated towards 2.90

          Show
          oleg_nenashev Oleg Nenashev added a comment - The fix has been integrated towards 2.90

            People

            • Assignee:
              wfollonier Wadeck Follonier
              Reporter:
              wfollonier Wadeck Follonier
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: