Branch: refs/heads/master
Home: https://github.com/jenkinsci/matrix-auth-plugin
Commit: da0c5fb4982e699bfd410ff2798f4bd91a8823ec
https://github.com/jenkinsci/matrix-auth-plugin/commit/da0c5fb4982e699bfd410ff2798f4bd91a8823ec
Author: Tomas Westling <[email protected]>
Date: 2023-07-05 (Wed, 05 Jul 2023)
Changed paths:
M src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
M src/test/java/hudson/security/ProjectMatrixAuthorizationStrategyTest.java
Log Message:
-----------
[JENKINS-71368] Obtain groups from all matrix properties using SYSTEM
identity (#141)
* Using SYSTEM2 ACLContext to find out which group permissions has been set
The getGroups method of ProjectMatrixAuthorizationStrategy uses
the users ACLContext to iterate through all projects/folders/nodes
and find which group permissions are set on each.
In conjunction with the active-directory plugin, with the option
"remove irrelevant groups" this causes a problem, since we save
the relevant groups upon logging in, when the user is still anonymous.
This is done for performance reasons, since going through each AD group
everytime a user tries to access a resource is not doable for systems
with a lot of AD groups.
This means that for everything on the master where Anonymous doesn't
have read access, the groups defined are deemed irrelevant, since
we can't access them at the time of calculation. This in turn means
that you can't set up a system where access is given through AD groups
and anonymous can't already read everything.
* Add test
Also rename the unused try-with-resources holder for IntelliJ
---------
Co-authored-by: Daniel Beck <[email protected]>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/matrix-auth-plugin/push/refs/heads/master/5c7d73-da0c5f%40github.com.
