Skip to content
Permalink
Browse files

[FIXED JENKINS-22937] Handle anonymous/unauthorized REST API requests…

… more gracefully.

Adjusted REST API visibility settings to avoid serializing long histories at depth=0.
  • Loading branch information...
cfs-pure committed May 8, 2014
1 parent 2a305a0 commit 49e499cc2bd84035dd43d359f96087540651ee7f
@@ -22,6 +22,8 @@
import java.util.Map.Entry;
import jenkins.model.Jenkins;

import org.acegisecurity.AuthenticationException;

import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.export.ExportedBean;
@@ -32,7 +34,7 @@
*
* @author Lucie Votypkova
*/
@ExportedBean
@ExportedBean(defaultVisibility = -1)
public class ComputerConfigHistoryAction extends JobConfigHistoryBaseAction {

/**
@@ -105,7 +107,6 @@ public final String getIconFileName() {
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported
public final List<ConfigInfo> getSlaveConfigs() throws IOException {
checkConfigurePermission();
final ArrayList<ConfigInfo> configs = new ArrayList<ConfigInfo>();
@@ -132,6 +133,24 @@ public final String getIconFileName() {
return configs;
}

/**
* Returns the configuration history entries for one {@link Slave} for the REST API.
*
* @return history list for one {@link Slave}, or an empty list if not authorized.
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported(name = "jobConfigHistory", visibility = 1)
public final List<ConfigInfo> getSlaveConfigsREST() throws IOException {
List<ConfigInfo> configs = null;
try {
configs = getSlaveConfigs();
} catch (org.acegisecurity.AccessDeniedException e) {
configs = new ArrayList<ConfigInfo>();
}
return configs;
}

/**
* Used in the Difference jelly only. Returns one of the two timestamps that
* have been passed to the Difference page as parameter. timestampNumber
@@ -23,6 +23,8 @@
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;

import org.acegisecurity.AuthenticationException;

import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.export.ExportedBean;
@@ -31,7 +33,7 @@
/**
* @author Stefan Brausch
*/
@ExportedBean
@ExportedBean(defaultVisibility = -1)
public class JobConfigHistoryProjectAction extends JobConfigHistoryBaseAction {

/** The project. */
@@ -82,7 +84,6 @@ public final String getIconFileName() {
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported
public final List<ConfigInfo> getJobConfigs() throws IOException {
checkConfigurePermission();
final ArrayList<ConfigInfo> configs = new ArrayList<ConfigInfo>();
@@ -116,6 +117,24 @@ public final String getIconFileName() {
return configs;
}

/**
* Returns the configuration history entries for one {@link AbstractItem} for the REST API.
*
* @return history list for one {@link AbstractItem}, or an empty list if not authorized.
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported(name = "jobConfigHistory", visibility = 1)
public final List<ConfigInfo> getJobConfigsREST() throws IOException {
List<ConfigInfo> configs = null;
try {
configs = getJobConfigs();
} catch (org.acegisecurity.AccessDeniedException e) {
configs = new ArrayList<ConfigInfo>();
}
return configs;
}

/**
* Returns {@link JobConfigHistoryBaseAction#getConfigXml(String)} as
* String.
@@ -33,7 +33,7 @@
* @author Stefan Brausch, mfriedenhagen
*/

@ExportedBean
@ExportedBean(defaultVisibility = -1)
@Extension
public class JobConfigHistoryRootAction extends JobConfigHistoryBaseAction
implements RootAction {
@@ -83,7 +83,7 @@ public final String getIconFileName() {
* @throws IOException
* if one of the history entries might not be read.
*/
@Exported
@Exported(visibility = 1)
public final List<ConfigInfo> getConfigs() throws IOException {
final String filter = getRequestParameter("filter");
List<ConfigInfo> configs = null;

0 comments on commit 49e499c

Please sign in to comment.
You can’t perform that action at this time.