Skip to content
Permalink
Browse files
[FIXED JENKINS-28298] Call XStream2#addCriticalField to reject unau…
…thenticated configurations.
  • Loading branch information
ikedam committed Mar 19, 2016
1 parent ad44c7f commit 084778c790a055c1643252d4e1a48db04c63f143
Showing with 8 additions and 0 deletions.
  1. +8 −0 src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
@@ -40,7 +40,10 @@

import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.DescriptorVisibilityFilter;
import hudson.model.Items;
import hudson.model.Job;
import hudson.model.JobProperty;
import hudson.model.JobPropertyDescriptor;
@@ -117,6 +120,11 @@ public Authentication authenticate(Queue.Item item) {
return strategy.authenticate(owner, item);
}

@Initializer(after=InitMilestone.PLUGINS_STARTED)
public static void setStrategyCritical() {
Items.XSTREAM2.addCriticalField(AuthorizeProjectProperty.class, "strategy");
}

/**
* Descriptor for {@link AuthorizeProjectProperty}.
*

0 comments on commit 084778c

Please sign in to comment.