|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
changelog.html
core/src/main/java/hudson/model/User.java
core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
test/src/test/java/jenkins/security/LastGrantedAuthoritiesPropertyTest.groovy
http://jenkins-ci.org/commit/jenkins/0e339d7a454df119995b896eea14f09a099f99b5
Log:
JENKINS-20064
Jenkins now remembers the authorities (read group memberships) that the user had carried when he/she last time interactively logged in.
This information is exposed via User.impersonate(), which is used when using Jenkins SSH, Jenkins CLI, or access via API tokens.
Previously this was impossible for a subset of SecurityRealms that does not allow us to read group membership information without
successful login (such as Active Directory, OpenID, etc.)
For security reasons, if the backend determines that the user does not exist (as opposed to the backend who cannot tell if the user
exists or not), then the impersonation will fail.
I need to check AD plugin is reporting a failure correctly in this case, before marking as JENKINS-20064 fixed.