I'm using a custom version of the
embeddable-build-status-plugin<https://github.com/kabisaict/embeddable-build-status-plugin/tree/shields>which
allows us to show a status badge in the project documentation. We
also use Global Security (using Project-based Matrix Authorization
Strategy) where Anonymous gets no access rights at all.
This prevents us from accessing the url provided by the plugin when not
logged in. The only work-around seems to give Anonymous the "overall read"
rights. This works, but we prefer not to give any rights at all and simply
show a login screen when someone visits our Jenkins server, which is not
possible when giving anonymous the read right.
Is there any way to mark a plugin endpoint as "outside the security realm",
by either modifying the plugin or setting this in Jenkins itself?
I tried using UnprotectedRootAction
:
# ...import hudson.model.UnprotectedRootAction;
public class BadgeAction implements UnprotectedRootAction {
# ...
public HttpResponse doIcon() {
return factory.getImage(project.getIconColor());
}
}
I tried this, and the plugin still works, but the url is still not
accessible as anonymous. Is there anything else I need to implement (or is
there some documentation on this)? Thank you.
$ curl -i -X HEAD http://ciserver/job/continuous-integration/badge/icon
HTTP/1.1 403 Forbidden
<html><head><meta http-equiv='refresh'
content='1;url=/login?from=%2Fjob%2Fcontinuous-integration%2Fbadge%2Ficon'/><script>window.location.replace('/login?from=%2Fjob%2Fcontinuous-integration%2Fbadge%2Ficon');</script></head><body
style='background-color:white; color:white;'>Authentication
required</body></html>
Also, i tried using ALC like so:
# ...import hudson.security.ACL;import
org.acegisecurity.context.SecurityContext;import
org.acegisecurity.context.SecurityContextHolder;
public class BadgeAction implements UnprotectedRootAction {
# ...
public HttpResponse doIcon() {
// run in high privilege to see all the projects anonymous users don't
see.
// this is safe because we only request some assets.
return ACL.impersonate(ACL.SYSTEM,
factory.getImage(project.getIconColor()));
}
}
But when running mvn build I got cannot find symbol : method
impersonate(org.acegisecurity.Authentication,org.jenkinsci.plugins.badge.StatusImage)
I got this technique from the
buildresult-trigger-plugin<https://github.com/jenkinsci/buildresult-trigger-plugin/pull/4/files>
.
I am very new to java programming, anyone have any idea how to solve this?
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
