Skip to content
Permalink
Browse files

[FIXED JENKINS-25326] Elevates to SYSTEM when handling throttling in …

…executor threads.
  • Loading branch information...
ikedam committed Feb 21, 2016
1 parent d2f6ca4 commit 09234147a9bf23de0cd40cfa420cb8d4e97a4a6e
@@ -13,6 +13,8 @@
import hudson.model.labels.LabelAtom;
import hudson.model.queue.CauseOfBlockage;
import hudson.model.queue.QueueTaskDispatcher;
import hudson.security.ACL;
import hudson.security.NotSerilizableSecurityContext;

import java.util.List;
import java.util.Set;
@@ -21,11 +23,34 @@
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;

import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;

import jenkins.model.Jenkins;

@Extension
public class ThrottleQueueTaskDispatcher extends QueueTaskDispatcher {

@Override
public CauseOfBlockage canTake(Node node, Task task) {
if (Jenkins.getAuthentication() == ACL.SYSTEM) {
return canTakeImpl(node, task);
}

// Throttle-concurrent-builds requires READ permissions for all projects.
SecurityContext orig = SecurityContextHolder.getContext();
NotSerilizableSecurityContext auth = new NotSerilizableSecurityContext();
auth.setAuthentication(ACL.SYSTEM);
SecurityContextHolder.setContext(auth);

try {
return canTakeImpl(node, task);
} finally {
SecurityContextHolder.setContext(orig);
}
}

private CauseOfBlockage canTakeImpl(Node node, Task task) {

ThrottleJobProperty tjp = getThrottleJobProperty(task);

@@ -35,7 +60,7 @@ public CauseOfBlockage canTake(Node node, Task task) {
}

if (tjp!=null && tjp.getThrottleEnabled()) {
CauseOfBlockage cause = canRun(task, tjp);
CauseOfBlockage cause = canRunImpl(task, tjp);
if (cause != null) return cause;

if (tjp.getThrottleOption().equals("project")) {
@@ -124,6 +149,24 @@ private boolean shouldBeThrottled(@Nonnull Task task, @CheckForNull ThrottleJobP
}

public CauseOfBlockage canRun(Task task, ThrottleJobProperty tjp) {
if (Jenkins.getAuthentication() == ACL.SYSTEM) {
return canRunImpl(task, tjp);
}

// Throttle-concurrent-builds requires READ permissions for all projects.
SecurityContext orig = SecurityContextHolder.getContext();
NotSerilizableSecurityContext auth = new NotSerilizableSecurityContext();
auth.setAuthentication(ACL.SYSTEM);
SecurityContextHolder.setContext(auth);

try {
return canRunImpl(task, tjp);
} finally {
SecurityContextHolder.setContext(orig);
}
}

private CauseOfBlockage canRunImpl(Task task, ThrottleJobProperty tjp) {
if (!shouldBeThrottled(task, tjp)) {
return null;
}

0 comments on commit 0923414

Please sign in to comment.
You can’t perform that action at this time.