Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5303

Upgrade Acegi Security to the latest Spring Security release

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Please upgrade Acegi Security to the latest Spring Security release. Acegi Security it's old and deprecated.

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Rob Winch

            What are the APIs that are being used by plugins? Is there also a count for each API that is in use? This might help me to understand the current state of things.

            Plugins using anything from org.acegisecurity, by API:


            org/acegisecurity/AccessDeniedException

            Show
            danielbeck Daniel Beck added a comment - Rob Winch What are the APIs that are being used by plugins? Is there also a count for each API that is in use? This might help me to understand the current state of things. Plugins using anything from org.acegisecurity, by API: org/acegisecurity/AccessDeniedException authorize-project build-failure-analyzer build-token-root cloudbees-folder docker-traceability jobtemplates metrics node-sharing-orchestrator ownership pipeline-model-definition pubsub-light slave-squatter svnmerge workflow-cps org/acegisecurity/AccountExpiredException crowd2 org/acegisecurity/AcegiMessageSource reverse-proxy-auth-plugin org/acegisecurity/acls/NotFoundException artifactory org/acegisecurity/acls/sid/PrincipalSid role-strategy ssh2easy org/acegisecurity/Authentication active-directory assembla-auth authorize-project azure-ad block-same-builds blueocean-jwt blueocean-pipeline-api-impl blueocean-pipeline-scm-api blueocean-rest-impl build-failure-analyzer claim coding-webhook concurrent-login-plugin createjobadvanced credentials crowd2 DotCi favorite gcm-notification gerrit-trigger git-server github-oauth gitlab-oauth greenballs hp-application-automation-tools-plugin job-fan-in jwt-support kerberos-sso ldap literate m2release monitoring NegotiateSSO parameterized-trigger pipeline-input-step project-inheritance prometheus promoted-builds pwauth remote-terminal-access reverse-proxy-auth-plugin saml script-security splunk-devops statistics-gatherer support-core teamconcert-git typetalk view-job-filters windows-azure-storage workflow-cps workflow-durable-task-step workflow-job wwpass-plugin org/acegisecurity/AuthenticationException active-directory gitlab-oauth pwauth redmine org/acegisecurity/AuthenticationManager assembla-auth authorize-project azure-ad bitbucket-oauth cas-plugin coding-webhook crowd2 DotCi github-oauth gitlab-oauth google-login ibm-continuous-release keycloak ldap oic-auth openid openshift-login pwauth saml skype-notifier urbancode-velocity url-auth-sso wso2id-oauth wwpass-plugin org/acegisecurity/AuthenticationServiceException active-directory cas-plugin crowd2 reverse-proxy-auth-plugin script-realm org/acegisecurity/BadCredentialsException active-directory assembla-auth azure-ad backlog bitbucket-oauth cas-plugin coding-webhook crowd2 delivery-pipeline-plugin github-oauth gitlab-oauth google-login keycloak mock-security-realm oic-auth openid openshift-login pam-auth pwauth reverse-proxy-auth-plugin saml script-realm wso2id-oauth wwpass-plugin org/acegisecurity/context/SecurityContext assembla-auth azure-ad backup bitbucket-oauth blueocean-jwt cas-plugin coding-webhook credentials crowd2 DotCi elasticbox extended-choice-parameter gcm-notification ghprb gitbucket github-oauth gitlab-oauth google-login hp-application-automation-tools-plugin ibm-continuous-release instant-messaging jclouds-jenkins jwt-support kerberos-sso keycloak NegotiateSSO oic-auth openid openshift-login periodicbackup promoted-builds reverse-proxy-auth-plugin saml subversion teamconcert-git thinBackup urbancode-velocity url-auth-sso wso2id-oauth wwpass-plugin xpdev org/acegisecurity/context/SecurityContextHolder alauda-devops-sync assembla-auth azure-ad backlog backup bitbucket bitbucket-oauth blueocean-bitbucket-pipeline blueocean-github-pipeline blueocean-jwt branch-api build-token-root buildresult-trigger cas-plugin cloudbees-disk-usage-simple cloudbees-folder coding-webhook credentials crowd2 deploydb docker-slaves dockerhub-notification DotCi elasticbox embeddable-build-status extended-choice-parameter feature-branch-notifier gcm-notification gearman-plugin generic-webhook-trigger gerrit-code-review gerrit-trigger ghprb git gitbucket gitea github-oauth github-pullrequest gitlab-oauth gogs-webhook google-login ibm-continuous-release instant-messaging jclouds-jenkins jms-messaging job-fan-in jobcopy-builder jwt-support kerberos-sso keycloak mercurial metrics NegotiateSSO node-sharing-executor oic-auth openid openshift-login openshift-sync ownership periodicbackup PrioritySorter project-inheritance promoted-builds rabbitmq-consumer random-job-builder reverse-proxy-auth-plugin saml scm-api script-security security-inspector seed slack ssh-slaves subversion support-core teamconcert-git tfs thinBackup throttle-concurrents urbancode-velocity url-auth-sso windows-azure-storage workflow-durable-task-step wso2id-oauth wwpass-plugin xpdev zanata org/acegisecurity/context/SecurityContextImpl blueocean-jwt jwt-support org/acegisecurity/CredentialsExpiredException crowd2 org/acegisecurity/DisabledException cas-plugin org/acegisecurity/GrantedAuthority active-directory azure-ad crowd2 job-restrictions ldap literate oic-auth pipeline-input-step promoted-builds reverse-proxy-auth-plugin role-strategy saml org/acegisecurity/GrantedAuthorityImpl active-directory bitbucket-oauth cas-plugin crowd2 github-oauth gitlab-oauth keycloak ldap mock-security-realm oic-auth openid pam-auth pwauth reverse-proxy-auth-plugin script-realm org/acegisecurity/InsufficientAuthenticationException crowd2 org/acegisecurity/ldap/LdapCallback ldap org/acegisecurity/ldap/LdapDataAccessException ldap reverse-proxy-auth-plugin org/acegisecurity/ldap/LdapEntryMapper ldap org/acegisecurity/ldap/LdapTemplate ldap reverse-proxy-auth-plugin org/acegisecurity/ldap/LdapUserSearch ldap reverse-proxy-auth-plugin org/acegisecurity/LockedException cas-plugin org/acegisecurity/providers/AbstractAuthenticationToken assembla-auth bitbucket-oauth blueocean-jwt cas-plugin coding-webhook crowd2 github-oauth gitlab-oauth jwt-support keycloak saml url-auth-sso wso2id-oauth wwpass-plugin org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider active-directory redmine reverse-proxy-auth-plugin org/acegisecurity/providers/ldap/LdapAuthenticationProvider ldap org/acegisecurity/providers/ldap/LdapAuthoritiesPopulator ldap reverse-proxy-auth-plugin org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator ldap reverse-proxy-auth-plugin org/acegisecurity/providers/UsernamePasswordAuthenticationToken active-directory authorize-project cas-plugin coding-webhook copyartifact credentials github-oauth gitlab-oauth google-login ibm-continuous-release kerberos-sso ldap NegotiateSSO oic-auth openid openshift-login perfectomobile pwauth redmine reverse-proxy-auth-plugin s3 skype-notifier urbancode-velocity wso2id-oauth org/acegisecurity/ui/rememberme/RememberMeServices crowd2 org/acegisecurity/userdetails/ldap/LdapUserDetails ldap reverse-proxy-auth-plugin org/acegisecurity/userdetails/ldap/LdapUserDetailsImpl$Essence ldap reverse-proxy-auth-plugin org/acegisecurity/userdetails/User active-directory backlog cas-plugin coding-webhook github-oauth gitlab-oauth mock-security-realm pam-auth pwauth script-realm url-auth-sso wso2id-oauth org/acegisecurity/userdetails/UserDetails active-directory assembla-auth azure-ad bitbucket-oauth blueocean-jwt coding-webhook crowd2 github-oauth gitlab-oauth ibm-continuous-release job-restrictions jwt-support kerberos-sso mock-security-realm NegotiateSSO oic-auth redmine reverse-proxy-auth-plugin role-strategy saml urbancode-velocity url-auth-sso wso2id-oauth wwpass-plugin org/acegisecurity/userdetails/UserDetailsService active-directory assembla-auth azure-ad bitbucket-oauth coding-webhook crowd crowd2 github-oauth gitlab-oauth ldap oic-auth pwauth reverse-proxy-auth-plugin saml url-auth-sso wso2id-oauth org/acegisecurity/userdetails/UsernameNotFoundException active-directory assembla-auth azure-ad backlog bitbucket-oauth coding-webhook crowd2 github-oauth gitlab-oauth ldap mock-security-realm pam-auth pwauth redmine reverse-proxy-auth-plugin saml script-realm wwpass-plugin
            Hide
            rwinch Rob Winch added a comment -

            That's quite a bit more APIs that I expected. Given a lot of it is just repackaging.... I'm wondering if we can automate pull requests to Spring Security using https://github.com/Netflix-Skunkworks/rewrite Would this be an option you would consider?

            Show
            rwinch Rob Winch added a comment - That's quite a bit more APIs that I expected. Given a lot of it is just repackaging.... I'm wondering if we can automate pull requests to Spring Security using https://github.com/Netflix-Skunkworks/rewrite  Would this be an option you would consider?
            Hide
            danielbeck Daniel Beck added a comment - - edited

            Rob Winch

            Given a lot of it is just repackaging

            If it's mostly classes/packages being renamed, could https://github.com/jenkinsci/bytecode-compatibility-transformer/ do the trick then?

            A challenge we have is the long tail of lesser used, not well maintained plugins. If we can make old plugin releases continue to work with new versions of core for relatively low effort, that would be beneficial.

            Especially in a space where failure of the plugin would make login etc. impossible.

            Show
            danielbeck Daniel Beck added a comment - - edited Rob Winch Given a lot of it is just repackaging If it's mostly classes/packages being renamed, could https://github.com/jenkinsci/bytecode-compatibility-transformer/ do the trick then? A challenge we have is the long tail of lesser used, not well maintained plugins. If we can make old plugin releases continue to work with new versions of core for relatively low effort, that would be beneficial. Especially in a space where failure of the plugin would make login etc. impossible.
            Hide
            rwinch Rob Winch added a comment -

            Thanks for the response and thoughts. It might make sense to use bytecode-compatability-transformer since there are probably plugins that we don't know about. I'm not very familiar with this project. Is it something you would be able to take on?

            Show
            rwinch Rob Winch added a comment - Thanks for the response and thoughts. It might make sense to use bytecode-compatability-transformer since there are probably plugins that we don't know about. I'm not very familiar with this project. Is it something you would be able to take on?
            Show
            runzexia runze xia added a comment - http://forum.spring.io/forum/spring-projects/data/ldap/96508-ldap-authentication-intermittent-socket-closed-error

              People

              • Assignee:
                Unassigned
                Reporter:
                nicusorb nicusorb
              • Votes:
                19 Vote for this issue
                Watchers:
                17 Start watching this issue

                Dates

                • Created:
                  Updated: