On Friday, April 12, 2013 12:15:27 AM UTC+2, Jesse Glick wrote:
>
> On 04/11/2013 04:34 PM, Jean Mertz wrote:
> > Is there any way to mark a plugin endpoint as "outside the security
> realm"
>
> UnprotectedRootAction. But it does not make sense to simply make a
> (project) Action implement this; a URA produces its own URL hierarchy at
> the root of Jenkins, not
> inside some project. Which makes sense, because you would otherwise have
> to do an access check _on the project_ to see if the anonymous user could
> read it, before
> following the rest of the URL. So whereas a regular project action would
> be
>
> /job/someproject/myaction
>
> (where the Stapler framework first binds / to Jenkins, then
> /job/someproject to Jenkins.getJob("someproject"), and finally
> /job/someproject/myaction to your action, doing
> an access check at every step), a URA would be
>
> /myaction
>
> or you could add more context to the request like
>
> /myaction/someproject
>
> or
>
> /myaction?someparam=someval
>
> but then it is up to you to interpret the rest of the URL.
>
> Also whereas an instance of a project action is associated to the project
> somehow—either using TransientProjectActionFactory or by permanently
> calling addAction—a URA is
> a singleton which is registered with @Extension and does not necessarily
> have any connection to a job (~ project) or any other object.
>
> In short: to use URA you must refactor the affected code since the design
> is quite different.
>
Thank you for your detailed explanation. That makes a lot of sense. I will
look into ways to possibly refactor the gem to allow unprotected access.
>
> > cannot find symbol : method
> impersonate(org.acegisecurity.Authentication,org.jenkinsci.plugins.badge.StatusImage)
>
>
>
> You need to read the Javadoc for impersonate as you are not calling it
> correctly. It takes just one argument, and you then run some code and have
> to restore the original
> context using a finally block.
>
Actually, I tried both ways. From what I could read, I could either use a
block or two arguments, these are the two styles I tried (both resulting in
the same (kind of) error:
The first style was mentioned above, and I found it in the docs
here<http://javadoc.jenkins-ci.org/hudson/security/ACL.html>
.
The second style I implemented like this:
SecurityContext securityContext = ACL.impersonate(ACL.SYSTEM);
try {
return factory.getImage(project.getIconColor());
} finally {
SecurityContextHolder.setContext(securityContext);
}
This gave me:
cannot find symbol
symbol : method impersonate(org.acegisecurity.Authentication)
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
