subject:"\[JIRA\] \(JENKINS\-23844\) Matrix based security should apply to case insensitive user name."

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

2016-12-19 Thread clecl...@cloudbees.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Cyrille Le Clerc edited a comment on  JENKINS-23844  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: Matrix based security should apply to case insensitive user name.   
 

  
 
 
 
 

 
 There seem to be a bug in the org.acegisecurity:acegi-security:1.0.7 (2008) lib used by the jenkins-ldap-plugin. It reuses the username provided by the login screen instead of loading it from the ldap record (see below).The recent versions of spring-security-ldap don't reuse the username, they reload the username from the LDAP record (see [BindAuthenticator#bindWithDn()|https://github.com/spring-projects/spring-security/blob/fc516b55a647277f58d679b8040fe5a15711338b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java#L108].See org.acegisecurity.ldap.search.FilterBasedLdapUserSearch#searchForUser{code:java}public LdapUserDetails searchForUser(String username) {if (logger.isDebugEnabled()) {logger.debug("Searching for user '" + username + "', with user search "+ this.toString());}LdapTemplate template = new LdapTemplate(initialDirContextFactory);template.setSearchControls(searchControls);try {LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.searchForSingleEntry(searchBase,searchFilter, new String[] {username}, userDetailsMapper);user.setUsername(username);return user.createUserDetails();} catch (IncorrectResultSizeDataAccessException notFound) {if (notFound.getActualSize() == 0) {throw new UsernameNotFoundException("User " + username + " not found in directory.");}// Search should never return multiple results if properly configured, so just rethrowthrow notFound;}}{code}  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

2016-12-19 Thread clecl...@cloudbees.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Cyrille Le Clerc edited a comment on  JENKINS-23844  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: Matrix based security should apply to case insensitive user name.   
 

  
 
 
 
 

 
 There seem to be a bug in the org.acegisecurity:acegi-security:1.0.7 (2008) lib  we use  used by the jenkins-ldap-plugin . It reuses the username provided by the login screen instead of loading it from the ldap record (see below).The recent versions of spring-security-ldap don't reuse the username, they reload the username from the LDAP record (see [BindAuthenticator#bindWithDn()|https://github.com/spring-projects/spring-security/blob/fc516b55a647277f58d679b8040fe5a15711338b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java#L108].See org.acegisecurity.ldap.search.FilterBasedLdapUserSearch#searchForUser{code:java}public LdapUserDetails searchForUser(String username) {if (logger.isDebugEnabled()) {logger.debug("Searching for user '" + username + "', with user search "+ this.toString());}LdapTemplate template = new LdapTemplate(initialDirContextFactory);template.setSearchControls(searchControls);try {LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.searchForSingleEntry(searchBase,searchFilter, new String[] {username}, userDetailsMapper);user.setUsername(username);return user.createUserDetails();} catch (IncorrectResultSizeDataAccessException notFound) {if (notFound.getActualSize() == 0) {throw new UsernameNotFoundException("User " + username + " not found in directory.");}// Search should never return multiple results if properly configured, so just rethrowthrow notFound;}}{code}  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

2016-12-19 Thread clecl...@cloudbees.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Cyrille Le Clerc commented on  JENKINS-23844  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: Matrix based security should apply to case insensitive user name.   
 

  
 
 
 
 

 
 There seem to be a bug in the org.acegisecurity:acegi-security:1.0.7 (2008) lib we use.  It reuses the username provided by the login screen instead of loading it from the ldap record (see below). The recent versions of spring-security-ldap don't reuse the username, they reload the username from the LDAP record (see BindAuthenticator#bindWithDn(). See org.acegisecurity.ldap.search.FilterBasedLdapUserSearch#searchForUser 

 

public LdapUserDetails searchForUser(String username) {
if (logger.isDebugEnabled()) {
logger.debug("Searching for user '" + username + "', with user search "
+ this.toString());
}

LdapTemplate template = new LdapTemplate(initialDirContextFactory);

template.setSearchControls(searchControls);

try {
LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.searchForSingleEntry(searchBase,
searchFilter, new String[] {username}, userDetailsMapper);
user.setUsername(username);

return user.createUserDetails();
} catch (IncorrectResultSizeDataAccessException notFound) {
if (notFound.getActualSize() == 0) {
throw new UsernameNotFoundException("User " + username + " not found in directory.");
}
// Search should never return multiple results if properly configured, so just rethrow
throw notFound;
}
}
 

  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

2016-10-10 Thread jyo...@athene.com (JIRA)

Title: Message Title

James Young commented on JENKINS-23844

Re: Matrix based security should apply to case insensitive user name.

For us, this is a minor issue that is going to rear its head a number of times. Currently, we have a mix of upper/lower case AD group names. If we set a job to the wrong case, the user can't access it. Whats worse, a user may have access on multiple groups of jobs so if we set the right case on one and not on the other, its sometimes a mystery why it isn't working until we remember this gotcha. It's not a show stopper by any means but it surely is annoying. Luckily, we dont have this issue with the case sensitivity of the user name but we do have this issue with the setting the groups. One area where this can REALLY be a problem is if you are overriding a parent matrix security setting. Its very easy to accidentally lock yourself out of the job if you put in your administrative ad group in the wrong case. Yes, I know you can go and modify the job config to fix the issue but I shouldn't have to get on my server every time I spell my group with 'd' instead of 'D'.

Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

[JIRA] (JENKINS-23844) Matrix based security should apply to case insensitive user name.

4 matches

Site Navigation

Mail list logo

Footer information