This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 167585

Summary: Protected jobs invisible in case anon has read access on others
Product: connecteddeveloper Reporter: lkishalmi <lkishalmi>
Component: HudsonAssignee: Jesse Glick <jglick>
Status: RESOLVED FIXED    
Severity: blocker    
Priority: P2    
Version: 6.x   
Hardware: All   
OS: All   
Issue Type: ENHANCEMENT Exception Reporter:

Description lkishalmi 2009-06-24 11:08:40 UTC 
Currently there is no possibility to force the authentication on Add Hudson Instance dialog. 
Consider the following use case:
  Hudson is secured and would use project based security matrix. For some reason the Anonymous user needs to have read
permission. In this case NetBeans hudson plugin automatically to the hudson instance as Anonymous user and there is no
possibility to see those Jobs which require some authentication.
Comment 1 Jesse Glick 2009-06-24 20:27:48 UTC 
Currently the IDE only prompts for auth when it gets back a 403 from the server for some operation. (In fact it needs to
do at least one anon access so it can get a session cookie to log in to!) If $hudson/xml/api with no auth gives a 200
but an incomplete job list, that is arguably a problem in Hudson's design. Would rather have Hudson itself indicate in
the XML API that more could be seen with a login. TBD.
Comment 2 lkishalmi 2009-06-25 13:40:40 UTC 
I've filed an issue with a proposed solution to Hudson.
https://hudson.dev.java.net/issues/show_bug.cgi?id=3924
Comment 3 martin.rexa 2011-06-10 09:59:45 UTC 
Could IDE let user trigger authentication if he wants to (item in hudson service popup menu)?
Comment 4 Jesse Glick 2011-06-10 18:05:38 UTC 
(In reply to comment #2)
> https://hudson.dev.java.net/issues/show_bug.cgi?id=3924

Now: http://issues.hudson-ci.org/browse/HUDSON-3924

(In reply to comment #3)
> Could IDE let user trigger authentication if he wants to (item in hudson
> service popup menu)?

Should be possible, I think. Would certainly prefer for Hudson to indicate that authentication is needed to see everything.
Comment 5 Jesse Glick 2011-06-10 21:33:04 UTC 
Managed to write an action which lets you log in (even if Hudson does not request authentication to view any reachable page).

An outstanding problem is that if your login fails (e.g. incorrect password), it does not notice: ServletConnectionAuthenticator does not try to screen-scrape the output of /j_acegi_security_check, nor does it double-check /user/$username/configure to see if you are really logged in. Not clear if this problem can be fixed without introducing other problems in unusual setups, or if it is even worth fixing.
Comment 6 Jesse Glick 2011-06-24 21:18:17 UTC 
(In reply to comment #4)
> Now: http://issues.hudson-ci.org/browse/HUDSON-3924

Implemented in Hudson 2.1.0-SNAPSHOT; still open: https://issues.jenkins-ci.org/browse/JENKINS-3924
Comment 7 Jesse Glick 2011-06-24 21:39:24 UTC 
core-main #659c3ed93087
Comment 8 Quality Engineering 2011-06-25 14:08:05 UTC 
Integrated into 'main-golden'
Changeset: http://hg.netbeans.org/main-golden/rev/659c3ed93087
User: Jesse Glick <jglick@netbeans.org>
Log: #167585: action to log in.
Also displaying jobs inaccessible via current authentication (where supported).