Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-19409] use idstrategy to match role assignments #332

Merged
merged 2 commits into from
Aug 23, 2023
Merged

[JENKINS-19409] use idstrategy to match role assignments #332

merged 2 commits into from
Aug 23, 2023

Conversation

mawinter69
Copy link
Contributor

@mawinter69 mawinter69 commented Aug 23, 2023
edited
Loading

The matching of users to roles was so far case sensitive. But as most security realms work case insensitive this means that permissions are not properly matched when someone logs in with capital letters but the role is assigned to the user with small letters.
The plugin now falls back to the security realms idstrategy in case the user doesn't match case sensitive.
For backward compatibility reasons, this feature can be switched off via com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.FORCE_CASE_SENSITIVE. This can be set either as a startup java property, or via Jenkins script console or via a hook script.

See JENKINS-19409 and others

Testing done

configured to use AD plugin
granted lower case username admin permissions
before: tried login with capital username -> failed with missing overall read
after: login with capital username -> user has admin permissions

Submitter checklist

Edit tasklist title
Beta Give feedback Tasklist Submitter checklist, more options

Delete tasklist

Delete tasklist block?
Are you sure? All relationships in this tasklist will be removed.
  1. Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
    Options
  2. Ensure that the pull request title represents the desired changelog entry
    Options
  3. Please describe what you did
    Options
  4. Link to relevant issues in GitHub or Jira
    Options
  5. Link to relevant pull requests, esp. upstream and downstream changes
    Options
  6. Ensure you have provided tests - that demonstrates feature works or fixes the issue
    Options
Loading

@mawinter69
[JENKINS-19409] use idstrategy to match role assignements
502546d 
The matching users to roles was so far case sensitive. But as most
security realms work case insensitive this means that permissions are
not properly matched when someone logs in with capital letters but the
role is assigned to the user with small letters.
The plugin now falls back to the security realms idstrategy in case the
user doesn't match case sensitive.
For backward compatibility reasons, this feature can be switched off.
@mawinter69 mawinter69 requested a review from a team as a code owner August 23, 2023 17:17
@mawinter69 mawinter69 mentioned this pull request Aug 23, 2023
Closed
6 tasks
@mawinter69 mawinter69 merged commit 731678c into jenkinsci:master Aug 23, 2023
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
breaking bug
Projects
None yet
Milestone
No milestone
1 participant
@mawinter69