Skip to content
Permalink
Browse files

[JENKINS-49044] Apply visibility filters to SecurityRealm and Authori…

…zationStrategy (#3246)

* [JENKINS-49044] Honor DescriptorVisibilityFilter for SecurityRealm and AuthorizationStrategy

* [JENKINS-49044] The test
  • Loading branch information...
amuniz authored and oleg-nenashev committed Feb 16, 2018
1 parent e5fd7b7 commit 0e51e36023d0533f099226ba7a0035dae7b02a84
@@ -32,8 +32,8 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName, csscla

f.entry(title:_("Access Control")) {
table(style:"width:100%") {
f.descriptorRadioList(title:_("Security Realm"),varName:"realm", instance:app.securityRealm, descriptors:SecurityRealm.all())
f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:AuthorizationStrategy.all())
f.descriptorRadioList(title:_("Security Realm"),varName:"realm", instance:app.securityRealm, descriptors:h.filterDescriptors(app, SecurityRealm.all()))
f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:h.filterDescriptors(app, AuthorizationStrategy.all()))
}
}
}
@@ -8,13 +8,22 @@
import static org.junit.Assert.*;

import com.gargoylesoftware.htmlunit.html.HtmlPage;
import hudson.Extension;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.SecurityRealm;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.LoggerRule;
import org.jvnet.hudson.test.TestExtension;
import org.xml.sax.SAXException;

import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import java.io.IOException;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.LogRecord;

@@ -43,6 +52,67 @@ public void jenkins40545() throws Exception {
assertThat(page.getWebResponse().getContentAsString(), containsString("descriptors found: .")); // No output written from expression
}

@Test @Issue("JENKINS-49044")
public void securityRealmAndAuthStrategyHidden() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
j.jenkins.setAuthorizationStrategy(AuthorizationStrategy.UNSECURED);
HtmlPage page = j.createWebClient().goTo("configureSecurity");
String response = page.getWebResponse().getContentAsString();
assertThat(response, not(containsString("TestSecurityRealm")));
assertThat(response, not(containsString("TestAuthStrategy")));
}

public static final class TestSecurityRealm extends SecurityRealm {

@Override
public SecurityComponents createSecurityComponents() { return null; }

@TestExtension
public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
@Nonnull
@Override
public String getDisplayName() {
return "TestSecurityRealm";
}
}

@TestExtension
public static final class HideDescriptor extends DescriptorVisibilityFilter {
@Override
public boolean filter(@CheckForNull Object context, @Nonnull Descriptor descriptor) {
return !(descriptor instanceof DescriptorImpl);
}
}
}

public static final class TestAuthStrategy extends AuthorizationStrategy {

@Nonnull
@Override
public ACL getRootACL() { return null; }

@Nonnull
@Override
public Collection<String> getGroups() { return null; }

@TestExtension
public static final class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
@Nonnull
@Override
public String getDisplayName() {
return "TestAuthStrategy";
}
}

@TestExtension
public static final class HideDescriptor extends DescriptorVisibilityFilter {
@Override
public boolean filter(@CheckForNull Object context, @Nonnull Descriptor descriptor) {
return !(descriptor instanceof DescriptorImpl);
}
}
}

@TestExtension("jenkins40545")
public static final class Jenkins40545 implements UnprotectedRootAction {

0 comments on commit 0e51e36

Please sign in to comment.
You can’t perform that action at this time.