Skip to content
Permalink
Browse files
[FIXED JENKINS-26670] Support Job including WorkflowJob
  • Loading branch information
ikedam committed May 6, 2015
1 parent a2eee2f commit 63c5d2a2ee91cee3ffb587958bcbdeb51fbc7f56
@@ -40,14 +40,13 @@
import hudson.model.JobProperty;
import hudson.model.JobPropertyDescriptor;
import hudson.model.Queue;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.security.AuthorizationStrategy;

/**
* Specifies how to authorize its builds.
*/
public class AuthorizeProjectProperty extends JobProperty<AbstractProject<?,?>> {
public class AuthorizeProjectProperty extends JobProperty<Job<?,?>> {
/**
* Property name used for job configuration page.
*/
@@ -80,7 +79,7 @@ public AuthorizeProjectProperty(AuthorizeProjectStrategy strategy) {
*
* @param item the item in queue, which will be a build.
* @return authorization for this build.
* @see AuthorizeProjectStrategy#authenticate(hudson.model.AbstractProject, hudson.model.Queue.Item)
* @see AuthorizeProjectStrategy#authenticate(hudson.model.Job, hudson.model.Queue.Item)
*/
public Authentication authenticate(Queue.Item item) {
if (getStrategy() == null) {
@@ -24,21 +24,27 @@

package org.jenkinsci.plugins.authorizeproject;

import java.util.logging.Level;
import java.util.logging.Logger;

import org.acegisecurity.Authentication;

import jenkins.model.Jenkins;
import hudson.DescriptorExtensionList;
import hudson.ExtensionPoint;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Queue;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Job;

/**
* Extension point to define a new strategy to authorize builds configured in project configuration pages.
*/
public abstract class AuthorizeProjectStrategy extends AbstractDescribableImpl<AuthorizeProjectStrategy>
implements ExtensionPoint {
private static final Logger LOGGER = Logger.getLogger(AuthorizeProjectStrategy.class.getName());
/**
* @return all the registered {@link AuthorizeProjectStrategy}.
*/
@@ -53,5 +59,35 @@ public static DescriptorExtensionList<AuthorizeProjectStrategy, Descriptor<Autho
* @param item the item in queue, which will be a build.
* @return
*/
public abstract Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item);
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
if(!Util.isOverridden(
AuthorizeProjectStrategy.class,
getClass(),
"authenticate",
AbstractProject.class,
Queue.Item.class
)) {
throw new AbstractMethodError();
}

if (!(project instanceof AbstractProject)) {
Descriptor<?> d = Jenkins.getInstance().getDescriptor(getClass());
LOGGER.log(
Level.WARNING,
"This authorization strategy ({0}) is designed for authorize-project < 1.1.0 and not applicable for non-AbstractProjects (like WorkflowJob). ignored.",
(d != null)?d.getDisplayName():getClass().getName()
);
return null;
}
return authenticate((AbstractProject<?,?>)project, item);
}

/**
* @deprecated use {@link #authenticate(hudson.model.Job, Queue.Item)} instead.
*/
@Deprecated
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
return authenticate((Job<?,?>)project, item);
}

}
@@ -28,6 +28,7 @@

import hudson.Extension;
import hudson.model.AbstractProject;
import hudson.model.Job;
import hudson.model.Queue;

import javax.annotation.CheckForNull;
@@ -61,11 +62,13 @@ public ProjectQueueItemAuthenticator() {
@Override
@CheckForNull
public Authentication authenticate(Queue.Item item) {
if (!(item.task instanceof AbstractProject)) {
// This handles only AbstractProject.
if (!(item.task instanceof Job)) {
return null;
}
AbstractProject<?, ?> project = ((AbstractProject<?,?>)item.task).getRootProject();
Job<?, ?> project = (Job<?,?>)item.task;
if (project instanceof AbstractProject) {
project = ((AbstractProject<?,?>)project).getRootProject();
}
AuthorizeProjectProperty prop = project.getProperty(AuthorizeProjectProperty.class);
if (prop == null) {
return null;
@@ -26,8 +26,8 @@

import jenkins.model.Jenkins;
import hudson.Extension;
import hudson.model.Job;
import hudson.model.Queue;
import hudson.model.AbstractProject;

import org.acegisecurity.Authentication;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy;
@@ -51,10 +51,10 @@ public AnonymousAuthorizationStrategy() {
* @param project
* @param item
* @return anonymous authorization
* @see org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy#authenticate(hudson.model.AbstractProject, hudson.model.Queue.Item)
* @see org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy#authenticate(hudson.model.Job, hudson.model.Queue.Item)
*/
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return Jenkins.ANONYMOUS;
}

@@ -38,6 +38,7 @@
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Descriptor.FormException;
import hudson.model.Job;
import hudson.security.ACL;
import hudson.util.FormValidation;
import net.sf.json.JSONObject;
@@ -96,10 +97,10 @@ public SpecificUsersAuthorizationStrategy(String userid, boolean noNeedReauthent
* @param project
* @param item
* @return
* @see org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy#authenticate(hudson.model.AbstractProject, hudson.model.Queue.Item)
* @see org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy#authenticate(hudson.model.Job, hudson.model.Queue.Item)
*/
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
User u = User.get(getUserid(), false, Collections.emptyMap());
if (u == null) {
// fallback to anonymous
@@ -164,7 +165,7 @@ protected static boolean isAuthenticateionRequired(
* @param project
* @return
*/
protected static SpecificUsersAuthorizationStrategy getCurrentStrategy(AbstractProject<?,?> project) {
protected static SpecificUsersAuthorizationStrategy getCurrentStrategy(Job<?,?> project) {
if (project == null) {
return null;
}
@@ -181,6 +182,11 @@ protected static SpecificUsersAuthorizationStrategy getCurrentStrategy(AbstractP
return (SpecificUsersAuthorizationStrategy)prop.getStrategy();
}

@Deprecated
protected static SpecificUsersAuthorizationStrategy getCurrentStrategy(AbstractProject<?,?> project) {
return getCurrentStrategy((Job<?,?>)project);
}

/**
* Called when XSTREAM2 instantiates this from XML configuration.
*
@@ -315,7 +321,7 @@ public SpecificUsersAuthorizationStrategy newInstance(StaplerRequest req, JSONOb
SpecificUsersAuthorizationStrategy strategy = newInstanceWithoutAuthentication(req, formData);

SpecificUsersAuthorizationStrategy currentStrategy
= getCurrentStrategy(req.findAncestorObject(AbstractProject.class));
= getCurrentStrategy(req.findAncestorObject(Job.class));

if (isAuthenticateionRequired(strategy, currentStrategy)) {
if (!authenticate(strategy, req, formData)) {
@@ -354,7 +360,7 @@ public String doCheckPasswordRequested(
SpecificUsersAuthorizationStrategy newStrategy = new SpecificUsersAuthorizationStrategy(userid, noNeedReauthentication);
return Boolean.toString(isAuthenticateionRequired(
newStrategy,
getCurrentStrategy(req.findAncestorObject(AbstractProject.class))
getCurrentStrategy(req.findAncestorObject(Job.class))
));
}

@@ -385,7 +391,7 @@ public FormValidation doCheckPassword(
SpecificUsersAuthorizationStrategy newStrategy = new SpecificUsersAuthorizationStrategy(userid, noNeedReauthentication);
if (!isAuthenticateionRequired(
newStrategy,
getCurrentStrategy(req.findAncestorObject(AbstractProject.class))
getCurrentStrategy(req.findAncestorObject(Job.class))
)) {
// authentication is not required.
return FormValidation.ok();
@@ -29,8 +29,8 @@
import hudson.model.Cause;
import hudson.model.Cause.UpstreamCause;
import hudson.model.Cause.UserIdCause;
import hudson.model.Job;
import hudson.model.Queue;
import hudson.model.AbstractProject;
import hudson.model.Run;
import hudson.model.User;
import java.util.Collections;
@@ -55,10 +55,10 @@ public TriggeringUsersAuthorizationStrategy() {
* @param project
* @param item
* @return
* @see org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy#authenticate(hudson.model.AbstractProject, hudson.model.Queue.Item)
* @see org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy#authenticate(hudson.model.Job, hudson.model.Queue.Item)
*/
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
Cause.UserIdCause cause = getRootUserIdCause(item);
if (cause != null) {
User u = User.get(cause.getUserId(), false, Collections.emptyMap());
@@ -32,7 +32,9 @@
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.FreeStyleProject;
import hudson.model.Job;
import hudson.model.Queue;
import hudson.model.User;
import hudson.security.ACL;
import net.sf.json.JSONObject;

@@ -60,7 +62,7 @@ public class ProjectQueueItemAuthenticatorTest {

public static class NullAuthorizeProjectStrategy extends AuthorizeProjectStrategy {
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return null;
}
}
@@ -172,7 +174,7 @@ public void testWorkForMatrixProject() throws Exception {
*/
public static class AuthorizeProjectStrategyExtendingBaseDescrptor extends AuthorizeProjectStrategy {
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return null;
}

@@ -190,7 +192,7 @@ public String getDisplayName() {
*/
public static class AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration extends AuthorizeProjectStrategy {
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return null;
}

@@ -215,7 +217,7 @@ public void configureFromGlobalSecurity(StaplerRequest req, JSONObject js)
*/
public static class AuthorizeProjectStrategyWithGlobalSecurityConfiguration extends AuthorizeProjectStrategy {
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return null;
}

@@ -251,7 +253,7 @@ public void configureFromGlobalSecurity(StaplerRequest req, JSONObject js)
*/
public static class AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration extends AuthorizeProjectStrategy {
@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
public Authentication authenticate(Job<?, ?> project, Queue.Item item) {
return null;
}

@@ -343,4 +345,31 @@ public void testGlobalSecurityConfiguration() throws Exception {
}

}

/**
* Test alternate file except global-security.jelly can be used.
*/
public static class AuthorizeProjectStrategyWithOldSignature extends AuthorizeProjectStrategy {
private String name;

public AuthorizeProjectStrategyWithOldSignature(String name) {
this.name = name;
}

@Override
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
return User.get(name).impersonate();
}
}

@Test
public void testOldSignature() throws Exception {
FreeStyleProject p = j.createFreeStyleProject();
p.addProperty(new AuthorizeProjectProperty(new AuthorizeProjectStrategyWithOldSignature("test1")));
AuthorizationCheckBuilder checker = new AuthorizationCheckBuilder();
p.getBuildersList().add(checker);

j.assertBuildStatusSuccess(p.scheduleBuild2(0));
assertEquals("test1", checker.authentication.getName());
}
}

0 comments on commit 63c5d2a

Please sign in to comment.