Branch: refs/heads/9.2-incompatibility
Home: https://github.com/jenkinsci/jenkins-test-harness
Commit: c6b50a8dd5682c3a1333c225b0ee62363f09dee9
https://github.com/jenkinsci/jenkins-test-harness/commit/c6b50a8dd5682c3a1333c225b0ee62363f09dee9
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2016-02-26 (Fri, 26 Feb 2016)
Changed paths:
M src/main/java/org/jvnet/hudson/test/HudsonTestCase.java
M src/main/java/org/jvnet/hudson/test/JenkinsRule.java
Log Message:
-----------
Jetty 9.2 upgrade follow-up fix
After running this new version of test harness with Jenkins core, I
discovered one issue around the authentication managed by servlet
container.
When Jenkins is configured to delegate authentication to servlet
container, Jetty 8.x used to allow any user, regardless of the roles
they have in Jetty, to qualify. This was because web.xml has the
following and Jetty interpreted '*' to "any role regardless of whether
the role is defined in this web.xml or not"
<security-constraint>
<web-resource-collection>
<web-resource-name>Hudson</web-resource-name>
<url-pattern>/loginEntry</url-pattern>
<!--http-method>GET</http-method-->
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Apparently this was one of the ambiguity in the servlet spec, and as of
servlet 3.1, the spec has locked this down and resolved against what
Jetty used to do. Now role-name="*" means "any role defined in web.xml",
and defined role-name="**" to mean "any role".
The net result is that, with the user realm setup here, none of the
users can log on to Jenkins. So I'm adding back "user" role so that
these users pass role-name="*" check.
Jenkins 2 will use the new role-name="**" but that is not available in
servlet 2.5 that Jenkins 1.x uses.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
