split the security setup into a separate section

jenkinsci · Jul 27, 2011 · f85eb32 · f85eb32
1 parent f854eca
commit f85eb32
Show file tree

Hide file tree

Showing 4 changed files with 149 additions and 61 deletions.
diff --git a/core/src/main/java/hudson/security/GlobalSecurityConfiguration.java b/core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
@@ -0,0 +1,62 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2011, CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package hudson.security;
+
+import hudson.Extension;
+import hudson.markup.MarkupFormatter;
+import jenkins.model.GlobalConfiguration;
+import jenkins.model.Jenkins;
+import net.sf.json.JSONObject;
+import org.kohsuke.stapler.StaplerRequest;
+
+/**
+ * Security configuration.
+ *
+ * @author Kohsuke Kawaguchi
+ */
+@Extension(ordinal=200)
+public class GlobalSecurityConfiguration extends GlobalConfiguration {
+    @Override
+    public boolean configure(StaplerRequest req, JSONObject json) throws FormException {
+        // for compatibility reasons, the actual value is stored in Jenkins
+        Jenkins j = Jenkins.getInstance();
+
+        if (json.has("useSecurity")) {
+            JSONObject security = json.getJSONObject("useSecurity");
+            j.setSecurityRealm(SecurityRealm.all().newInstanceFromRadioList(security, "realm"));
+            j.setAuthorizationStrategy(AuthorizationStrategy.all().newInstanceFromRadioList(security, "authorization"));
+
+            if (security.has("markupFormatter")) {
+                j.setMarkupFormatter(req.bindJSON(MarkupFormatter.class, security.getJSONObject("markupFormatter")));
+            } else {
+                j.setMarkupFormatter(null);
+            }
+        } else {
+            j.disableSecurity();
+        }
+
+        return true;
+    }
+}
+
diff --git a/core/src/main/java/jenkins/model/Jenkins.java b/core/src/main/java/jenkins/model/Jenkins.java
@@ -58,7 +58,6 @@
 import hudson.model.ManagementLink;
 import hudson.model.ModifiableItemGroup;
 import hudson.model.NoFingerprintMatch;
-import hudson.model.Node.Mode;
 import hudson.model.OverallLoadStatistics;
 import hudson.model.Project;
 import hudson.model.RestartListener;
@@ -101,7 +100,6 @@
 import hudson.PluginManager;
 import hudson.PluginWrapper;
 import hudson.ProxyConfiguration;
-import hudson.StructuredForm;
 import hudson.TcpSlaveAgentListener;
 import hudson.UDPBroadcastThread;
 import hudson.Util;
@@ -1849,6 +1847,7 @@ public SecurityRealm getSecurityRealm() {
     public void setSecurityRealm(SecurityRealm securityRealm) {
         if(securityRealm==null)
             securityRealm= SecurityRealm.NO_AUTHENTICATION;
+        this.useSecurity = true;
         this.securityRealm = securityRealm;
         // reset the filters and proxies for the new SecurityRealm
         try {
@@ -1871,9 +1870,17 @@ public void setSecurityRealm(SecurityRealm securityRealm) {
     public void setAuthorizationStrategy(AuthorizationStrategy a) {
         if (a == null)
             a = AuthorizationStrategy.UNSECURED;
+        useSecurity = true;
         authorizationStrategy = a;
     }
 
+    public void disableSecurity() {
+        useSecurity = null;
+        setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
+        authorizationStrategy = AuthorizationStrategy.UNSECURED;
+        markupFormatter = null;
+    }
+
     public Lifecycle getLifecycle() {
         return Lifecycle.get();
     }
@@ -2422,27 +2429,6 @@ public synchronized void doConfigSubmit( StaplerRequest req, StaplerResponse rsp
             workspaceDir = json.getString("rawWorkspaceDir");
             buildsDir = json.getString("rawBuildsDir");
 
-            // keep using 'useSecurity' field as the main configuration setting
-            // until we get the new security implementation working
-            // useSecurity = null;
-            if (json.has("use_security")) {
-                useSecurity = true;
-                JSONObject security = json.getJSONObject("use_security");
-                setSecurityRealm(SecurityRealm.all().newInstanceFromRadioList(security,"realm"));
-                setAuthorizationStrategy(AuthorizationStrategy.all().newInstanceFromRadioList(security, "authorization"));
-
-                if (security.has("markupFormatter")) {
-                    markupFormatter = req.bindJSON(MarkupFormatter.class,security.getJSONObject("markupFormatter"));
-                } else {
-                    markupFormatter = null;
-                }
-            } else {
-                useSecurity = null;
-                setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
-                authorizationStrategy = AuthorizationStrategy.UNSECURED;
-                markupFormatter = null;
-            }
-
             if (json.has("viewsTabBar")) {
                 viewsTabBar = req.bindJSON(ViewsTabBar.class,json.getJSONObject("viewsTabBar"));
             } else {

diff --git a/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/config.groovy b/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/config.groovy
@@ -0,0 +1,78 @@
+package hudson.security.csrf.GlobalCrumbIssuerConfiguration
+
+import hudson.security.SecurityRealm
+import hudson.security.AuthorizationStrategy
+
+def f=namespace(lib.FormTagLib)
+
+f.optionalBlock( field:"useSecurity", title:_("Enable security"), checked:app.useSecurity) {
+    f.entry (title:_("TCP port for JNLP slave agents")) {
+
+        int port = app.slaveAgentPort
+
+        f.radio(name:"slaveAgentPortType", value:"fixed", id:"sat.fixed",
+                chcked:port>0, onclick:"\$('sat.port').disabled=false")
+        label("for":"sat.fixed", _$("Fixed"))
+        text(" : ")
+        input(type:"text", "class":"number", name:"slaveAgentPort", id:"sat.port",
+                value: port>0 ? port : null, disabled: port>0 ? null : "true" )
+
+        raw("&nbsp;") ////////////////////////////
+
+        f.radio(name:"slaveAgentPortType", value:"random", id:"sat.random",
+                checked:port==0, onclick:"\$('sat.port').disabled=true")
+        label("for":"sat.random", _$("Random"))
+
+        raw("&nbsp;") ////////////////////////////
+
+        f.radio(name:"slaveAgentPortType", value:"disable", id:"sat.disabled",
+                checked:port==-1, onclick:"\$('sat.port').disabled=true")
+        label("for":"sat.random", _$("Random"))
+
+//                 checked="${it.useSecurity}" help="/help/system-config/enableSecurity.html">
+//      help="/help/system-config/master-slave/slave-agent-port.html">
+/*
+    <input type="text" class="number" name="slaveAgentPort" id="sat.port"
+       value="${it.slaveAgentPort gt 0 ? it.slaveAgentPort : null}"
+       disabled="${it.slaveAgentPort gt 0 ? null : 'true'}"/>
+
+    <st:nbsp />
+
+    <f:radio name="slaveAgentPortType" value="random" id="sat.random"
+             checked="${it.slaveAgentPort==0}" onclick="$('sat.port').disabled=true" />
+    <label for="sat.random">${%Random}</label>
+
+    <st:nbsp />
+
+    <f:radio name="slaveAgentPortType" value="disable" id="sat.disabled"
+             checked="${it.slaveAgentPort==-1}" onclick="$('sat.port').disabled=true" />
+    <label for="sat.disabled">${%Disable}</label>
+  </f:entry>
+*/
+    }
+
+    f.dropdownDescriptorSelector(title:_("Markup Formatter"),field:"markupFormatter")
+
+    f.entry(title:_("Access Control")) {
+        table(style:"width:100%") {
+            f.descriptorRadioList(title:_("Security Realm"),varName:"realm",         instance:app.securityRealm,         descriptors:SecurityRealm.all())
+            f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:AuthorizationStrategy.all())
+        }
+    }
+}
+
+/*
+  <f:dropdownDescriptorSelector title="${%Markup Formatter}" field="markupFormatter" />
+
+  <f:entry title="${%Access Control}">
+    <table style="width:100%">
+      <f:descriptorRadioList title="${%Security Realm}" varName="realm"
+                             instance="${it.securityRealm}"
+                             descriptors="${h.securityRealmDescriptors}"/>
+      <f:descriptorRadioList title="${%Authorization}" varName="authorization"
+                             instance="${it.authorizationStrategy}"
+                             descriptors="${h.authorizationStrategyDescriptors}"/>
+    </table>
+  </f:entry>
+</f:optionalBlock>
+*/
diff --git a/core/src/main/resources/jenkins/model/Jenkins/configure.jelly b/core/src/main/resources/jenkins/model/Jenkins/configure.jelly
@@ -106,44 +106,6 @@ THE SOFTWARE.
         </f:entry>
       </j:if>
 
-      <f:optionalBlock name="use_security" title="${%Enable security}"
-                       checked="${it.useSecurity}" help="/help/system-config/enableSecurity.html">
-        <f:entry title="${%TCP port for JNLP slave agents}"
-            help="/help/system-config/master-slave/slave-agent-port.html">
-          <f:radio name="slaveAgentPortType" value="fixed" id="sat.fixed"
-                   checked="${it.slaveAgentPort gt 0}" onclick="$('sat.port').disabled=false"/>
-          <label for="sat.fixed">${%Fixed}</label> :
-          <input type="text" class="number" name="slaveAgentPort" id="sat.port"
-             value="${it.slaveAgentPort gt 0 ? it.slaveAgentPort : null}"
-             disabled="${it.slaveAgentPort gt 0 ? null : 'true'}"/>
-
-          <st:nbsp />
-
-          <f:radio name="slaveAgentPortType" value="random" id="sat.random"
-                   checked="${it.slaveAgentPort==0}" onclick="$('sat.port').disabled=true" />
-          <label for="sat.random">${%Random}</label>
-
-          <st:nbsp />
-
-          <f:radio name="slaveAgentPortType" value="disable" id="sat.disabled"
-                   checked="${it.slaveAgentPort==-1}" onclick="$('sat.port').disabled=true" />
-          <label for="sat.disabled">${%Disable}</label>
-        </f:entry>
-
-        <f:dropdownDescriptorSelector title="${%Markup Formatter}" field="markupFormatter" />
-
-        <f:entry title="${%Access Control}">
-          <table style="width:100%">
-            <f:descriptorRadioList title="${%Security Realm}" varName="realm"
-                                   instance="${it.securityRealm}"
-                                   descriptors="${h.securityRealmDescriptors}"/>
-            <f:descriptorRadioList title="${%Authorization}" varName="authorization"
-                                   instance="${it.authorizationStrategy}"
-                                   descriptors="${h.authorizationStrategyDescriptors}"/>
-          </table>
-        </f:entry>
-      </f:optionalBlock>
-
       <!-- global configuration from everyone -->
       <j:forEach var="descriptor" items="${h.getSortedDescriptorsForGlobalConfig()}">
         <j:set var="instance" value="${descriptor}" /><!-- this makes the <f:textbox field=.../> work -->