diff --git a/pom.xml b/pom.xml
index 7bea844..3403b60 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
org.jenkins-ci.plugins
plugin
- 4.88
+ 5.6
gitlab-oauth
@@ -13,13 +13,11 @@
1.20
-SNAPSHOT
- 2.452
- ${jenkins.baseline}.4
+ 2.479
+ ${jenkins.baseline}.1
Max
Low
jenkinsci/${project.artifactId}-plugin
- UTF-8
- UTF-8
GitLab Authentication plugin
A Jenkins authentication plugin that delegates to GitLab. We also implement an Authorization Strategy that users the acquired OAuth token to interact with the GitLab API to determine a users level of access to Jenkins.
diff --git a/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationException.java b/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationException.java
index 8ee8924..e3ec7ae 100644
--- a/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationException.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationException.java
@@ -33,7 +33,7 @@ of this software and associated documentation files (the "Software"), to deal
package org.jenkinsci.plugins;
-import org.acegisecurity.AuthenticationException;
+import org.springframework.security.core.AuthenticationException;
/**
*
diff --git a/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java b/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java
index 89063c5..3872548 100755
--- a/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java
@@ -41,9 +41,6 @@ of this software and associated documentation files (the "Software"), to deal
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.gitlab4j.api.Constants.TokenType;
@@ -52,6 +49,9 @@ of this software and associated documentation files (the "Software"), to deal
import org.gitlab4j.api.models.Group;
import org.gitlab4j.api.models.Project;
import org.gitlab4j.api.models.User;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
/**
* @author mocleiri
@@ -93,7 +93,7 @@ public class GitLabAuthenticationToken extends AbstractAuthenticationToken {
private final List authorities = new ArrayList<>();
public GitLabAuthenticationToken(String accessToken, String gitlabServer, TokenType tokenType) throws GitLabApiException {
- super(new GrantedAuthority[] {});
+ super(List.of());
this.accessToken = accessToken;
this.gitLabAPI = new GitLabApi(gitlabServer, tokenType, accessToken);
@@ -103,7 +103,7 @@ public GitLabAuthenticationToken(String accessToken, String gitlabServer, TokenT
setAuthenticated(true);
this.userName = this.me.getUsername();
- authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
+ authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY2);
Jenkins jenkins = Jenkins.getInstanceOrNull();
if (jenkins != null && jenkins.getSecurityRealm() instanceof GitLabSecurityRealm) {
@@ -147,8 +147,8 @@ public GitLabApi getGitLabAPI() {
}
@Override
- public GrantedAuthority[] getAuthorities() {
- return authorities.toArray(new GrantedAuthority[0]);
+ public Collection getAuthorities() {
+ return authorities;
}
@Override
@@ -318,12 +318,12 @@ public GitLabOAuthUserDetails getUserDetails(String username) {
try {
List gitLabGroups = gitLabAPI.getGroupApi().getGroups();
for (Group gitlabGroup : gitLabGroups) {
- groups.add(new GrantedAuthorityImpl(gitlabGroup.getName()));
+ groups.add(new SimpleGrantedAuthority(gitlabGroup.getName()));
}
} catch (GitLabApiException e) {
LOGGER.log(Level.FINE, e.getMessage(), e);
}
- return new GitLabOAuthUserDetails(user, groups.toArray(new GrantedAuthority[0]));
+ return new GitLabOAuthUserDetails(user, groups);
}
return null;
}
diff --git a/src/main/java/org/jenkinsci/plugins/GitLabOAuthGroupDetails.java b/src/main/java/org/jenkinsci/plugins/GitLabOAuthGroupDetails.java
index f4e1679..4d37d90 100644
--- a/src/main/java/org/jenkinsci/plugins/GitLabOAuthGroupDetails.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabOAuthGroupDetails.java
@@ -5,9 +5,9 @@
package org.jenkinsci.plugins;
import hudson.security.GroupDetails;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
import org.gitlab4j.api.models.Group;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
/**
* Represent a group from GitLab as a group in Jenkins terms.
@@ -60,6 +60,6 @@ public String toString() {
}
public GrantedAuthority getAuth() {
- return new GrantedAuthorityImpl(getName());
+ return new SimpleGrantedAuthority(getName());
}
}
diff --git a/src/main/java/org/jenkinsci/plugins/GitLabOAuthUserDetails.java b/src/main/java/org/jenkinsci/plugins/GitLabOAuthUserDetails.java
index 8ba679f..aca43d1 100644
--- a/src/main/java/org/jenkinsci/plugins/GitLabOAuthUserDetails.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabOAuthUserDetails.java
@@ -1,7 +1,8 @@
package org.jenkinsci.plugins;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.userdetails.User;
+import java.util.Collection;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.User;
/**
* @author Mike
@@ -11,7 +12,7 @@ public class GitLabOAuthUserDetails extends User {
private static final long serialVersionUID = 1709511212188366292L;
- public GitLabOAuthUserDetails(org.gitlab4j.api.models.User user, GrantedAuthority[] authorities) {
+ public GitLabOAuthUserDetails(org.gitlab4j.api.models.User user, Collection authorities) {
super(user.getUsername(), "", true, true, true, true, authorities);
}
diff --git a/src/main/java/org/jenkinsci/plugins/GitLabRequireOrganizationMembershipACL.java b/src/main/java/org/jenkinsci/plugins/GitLabRequireOrganizationMembershipACL.java
index cdf6c27..cc3b067 100644
--- a/src/main/java/org/jenkinsci/plugins/GitLabRequireOrganizationMembershipACL.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabRequireOrganizationMembershipACL.java
@@ -41,9 +41,9 @@ of this software and associated documentation files (the "Software"), to deal
import java.util.List;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
-import org.acegisecurity.Authentication;
import org.kohsuke.stapler.Stapler;
-import org.kohsuke.stapler.StaplerRequest;
+import org.kohsuke.stapler.StaplerRequest2;
+import org.springframework.security.core.Authentication;
/**
* @author Mike
@@ -70,11 +70,11 @@ public class GitLabRequireOrganizationMembershipACL extends ACL {
/*
* (non-Javadoc)
*
- * @see hudson.security.ACL#hasPermission(org.acegisecurity.Authentication,
+ * @see hudson.security.ACL#hasPermission(org.springframework.security.core.Authentication,
* hudson.security.Permission)
*/
@Override
- public boolean hasPermission(Authentication a, Permission permission) {
+ public boolean hasPermission2(Authentication a, Permission permission) {
if (a != null && a instanceof GitLabAuthenticationToken) {
if (!a.isAuthenticated()) {
return false;
@@ -154,7 +154,7 @@ public boolean hasPermission(Authentication a, Permission permission) {
} else {
String authenticatedUserName = a.getName();
- if (authenticatedUserName.equals(SYSTEM.getPrincipal())) {
+ if (authenticatedUserName.equals(SYSTEM2.getPrincipal())) {
// give system user full access
log.finest("Granting Full rights to SYSTEM user.");
return true;
@@ -223,7 +223,7 @@ private boolean currentUriPathEquals(String specificPath) {
}
private String requestURI() {
- StaplerRequest currentRequest = Stapler.getCurrentRequest();
+ StaplerRequest2 currentRequest = Stapler.getCurrentRequest2();
return (currentRequest == null) ? null : currentRequest.getOriginalRequestURI();
}
diff --git a/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java
index a23a7f1..007c164 100644
--- a/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java
@@ -41,9 +41,10 @@
import hudson.model.User;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
-import hudson.security.UserMayOrMayNotExistException;
+import hudson.security.UserMayOrMayNotExistException2;
import hudson.tasks.Mailer;
import hudson.util.Secret;
+import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
@@ -55,18 +56,8 @@
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;
-import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.HashCodeBuilder;
import org.apache.http.HttpEntity;
@@ -91,9 +82,17 @@
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
-import org.kohsuke.stapler.StaplerRequest;
-import org.springframework.dao.DataAccessException;
-import org.springframework.dao.DataRetrievalFailureException;
+import org.kohsuke.stapler.StaplerRequest2;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
*
@@ -103,7 +102,7 @@
* This is based on the GitLabSecurityRealm from the gitlab-auth-plugin written
* by Alex Ackerman.
*/
-public class GitLabSecurityRealm extends SecurityRealm implements UserDetailsService {
+public class GitLabSecurityRealm extends SecurityRealm {
private String gitlabWebUri;
private String gitlabApiUri;
private String clientID;
@@ -266,7 +265,7 @@ public Secret getClientSecret() {
// "from" is coming from SecurityRealm/loginLink.jelly
public HttpResponse doCommenceLogin(
- StaplerRequest request, @QueryParameter String from, @Header("Referer") final String referer)
+ StaplerRequest2 request, @QueryParameter String from, @Header("Referer") final String referer)
throws IOException {
// 2. Requesting authorization :
// http://doc.gitlab.com/ce/api/oauth2.html
@@ -298,7 +297,7 @@ public HttpResponse doCommenceLogin(
gitlabWebUri + "/oauth/authorize?" + URLEncodedUtils.format(parameters, StandardCharsets.UTF_8));
}
- private String buildRedirectUrl(StaplerRequest request) throws MalformedURLException {
+ private String buildRedirectUrl(StaplerRequest2 request) throws MalformedURLException {
URL currentUrl = new URL(Jenkins.get().getRootUrl());
URL redirect_uri = new URL(
@@ -313,7 +312,7 @@ private String buildRedirectUrl(StaplerRequest request) throws MalformedURLExcep
* This is where the user comes back to at the end of the OpenID redirect
* ping-pong.
*/
- public HttpResponse doFinishLogin(StaplerRequest request) throws IOException {
+ public HttpResponse doFinishLogin(StaplerRequest2 request) throws IOException {
String code = request.getParameter("code");
String state = request.getParameter(STATE_ATTRIBUTE);
String expectedState = (String) request.getSession().getAttribute(STATE_ATTRIBUTE);
@@ -394,7 +393,7 @@ public HttpResponse doFinishLogin(StaplerRequest request) throws IOException {
new Mailer.UserProperty(auth.getMyself().getEmail()));
}
}
- SecurityListener.fireAuthenticated(new GitLabOAuthUserDetails(self, auth.getAuthorities()));
+ SecurityListener.fireAuthenticated2(new GitLabOAuthUserDetails(self, auth.getAuthorities()));
} catch (GitLabApiException e) {
throw new RuntimeException(e);
}
@@ -489,8 +488,8 @@ public Authentication authenticate(Authentication authentication) throws Authent
new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username)
- throws UsernameNotFoundException, DataAccessException {
- return GitLabSecurityRealm.this.loadUserByUsername(username);
+ throws UsernameNotFoundException {
+ return GitLabSecurityRealm.this.loadUserByUsername2(username);
}
});
}
@@ -501,7 +500,7 @@ public String getLoginUrl() {
}
@Override
- protected String getPostLogOutUrl(StaplerRequest req, Authentication auth) {
+ protected String getPostLogOutUrl2(StaplerRequest2 req, Authentication auth) {
// if we just redirect to the root and anonymous does not have Overall read then we will start a login all over
// again.
// we are actually anonymous here as the security context has been cleared
@@ -546,16 +545,15 @@ public DescriptorImpl getDescriptor() {
/**
* @param username
* @throws UsernameNotFoundException
- * @throws DataAccessException
*/
@Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
+ public UserDetails loadUserByUsername2(String username) throws UsernameNotFoundException {
GitLabAuthenticationToken authToken;
if (SecurityContextHolder.getContext().getAuthentication() instanceof GitLabAuthenticationToken) {
authToken = (GitLabAuthenticationToken)
SecurityContextHolder.getContext().getAuthentication();
} else {
- throw new UserMayOrMayNotExistException("Could not get auth token.");
+ throw new UserMayOrMayNotExistException2("Could not get auth token.");
}
try {
@@ -572,7 +570,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
return userDetails;
} catch (Error e) {
- throw new DataRetrievalFailureException("loadUserByUsername (username=" + username + ")", e);
+ throw new AuthenticationServiceException("loadUserByUsername (username=" + username + ")", e);
}
}
@@ -604,10 +602,9 @@ public int hashCode() {
/**
* @param groupName
* @throws UsernameNotFoundException
- * @throws DataAccessException
*/
@Override
- public GroupDetails loadGroupByGroupname(String groupName) throws UsernameNotFoundException, DataAccessException {
+ public GroupDetails loadGroupByGroupname2(String groupName, boolean fetchMembers) throws UsernameNotFoundException {
GitLabAuthenticationToken authToken =
(GitLabAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();