Bug 167585 - Protected jobs invisible in case anon has read access on others
Protected jobs invisible in case anon has read access on others
Status: RESOLVED FIXED
Product: connecteddeveloper
Classification: Unclassified
Component: Hudson
6.x
All All
: P2 (vote)
: 7.1
Assigned To: Jesse Glick
issues@connecteddeveloper
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-24 11:08 UTC by lkishalmi
Modified: 2011-06-25 14:08 UTC (History)
0 users

See Also:
Issue Type: ENHANCEMENT
:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lkishalmi 2009-06-24 11:08:40 UTC
Currently there is no possibility to force the authentication on Add Hudson Instance dialog. 
Consider the following use case:
  Hudson is secured and would use project based security matrix. For some reason the Anonymous user needs to have read
permission. In this case NetBeans hudson plugin automatically to the hudson instance as Anonymous user and there is no
possibility to see those Jobs which require some authentication.
Comment 1 Jesse Glick 2009-06-24 20:27:48 UTC
Currently the IDE only prompts for auth when it gets back a 403 from the server for some operation. (In fact it needs to
do at least one anon access so it can get a session cookie to log in to!) If $hudson/xml/api with no auth gives a 200
but an incomplete job list, that is arguably a problem in Hudson's design. Would rather have Hudson itself indicate in
the XML API that more could be seen with a login. TBD.
Comment 2 lkishalmi 2009-06-25 13:40:40 UTC
I've filed an issue with a proposed solution to Hudson.
https://hudson.dev.java.net/issues/show_bug.cgi?id=3924
Comment 3 martin.rexa 2011-06-10 09:59:45 UTC
Could IDE let user trigger authentication if he wants to (item in hudson service popup menu)?
Comment 4 Jesse Glick 2011-06-10 18:05:38 UTC
(In reply to comment #2)
> https://hudson.dev.java.net/issues/show_bug.cgi?id=3924

Now: http://issues.hudson-ci.org/browse/HUDSON-3924

(In reply to comment #3)
> Could IDE let user trigger authentication if he wants to (item in hudson
> service popup menu)?

Should be possible, I think. Would certainly prefer for Hudson to indicate that authentication is needed to see everything.
Comment 5 Jesse Glick 2011-06-10 21:33:04 UTC
Managed to write an action which lets you log in (even if Hudson does not request authentication to view any reachable page).

An outstanding problem is that if your login fails (e.g. incorrect password), it does not notice: ServletConnectionAuthenticator does not try to screen-scrape the output of /j_acegi_security_check, nor does it double-check /user/$username/configure to see if you are really logged in. Not clear if this problem can be fixed without introducing other problems in unusual setups, or if it is even worth fixing.
Comment 6 Jesse Glick 2011-06-24 21:18:17 UTC
(In reply to comment #4)
> Now: http://issues.hudson-ci.org/browse/HUDSON-3924

Implemented in Hudson 2.1.0-SNAPSHOT; still open: https://issues.jenkins-ci.org/browse/JENKINS-3924
Comment 7 Jesse Glick 2011-06-24 21:39:24 UTC
core-main #659c3ed93087
Comment 8 Quality Engineering 2011-06-25 14:08:05 UTC
Integrated into 'main-golden'
Changeset: http://hg.netbeans.org/main-golden/rev/659c3ed93087
User: Jesse Glick <jglick@netbeans.org>
Log: #167585: action to log in.
Also displaying jobs inaccessible via current authentication (where supported).


By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2012, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo