[JENKINS-49044] Apply visibility filters to SecurityRealm and Authori…

…zationStrategy (#3246) * [JENKINS-49044] Honor DescriptorVisibilityFilter for SecurityRealm and AuthorizationStrategy * [JENKINS-49044] The test
jenkinsci · Feb 16, 2018 · 0e51e36 · 0e51e36
1 parent e5fd7b7
commit 0e51e36
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 2 deletions.
diff --git a/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy b/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
@@ -32,8 +32,8 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName, csscla
 
                 f.entry(title:_("Access Control")) {
                     table(style:"width:100%") {
-                        f.descriptorRadioList(title:_("Security Realm"),varName:"realm",         instance:app.securityRealm,         descriptors:SecurityRealm.all())
-                        f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:AuthorizationStrategy.all())
+                        f.descriptorRadioList(title:_("Security Realm"),varName:"realm",         instance:app.securityRealm,         descriptors:h.filterDescriptors(app, SecurityRealm.all()))
+                        f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:h.filterDescriptors(app, AuthorizationStrategy.all()))
                     }
                 }
             }

diff --git a/test/src/test/java/hudson/model/DescriptorVisibilityFilterTest.java b/test/src/test/java/hudson/model/DescriptorVisibilityFilterTest.java
@@ -8,13 +8,22 @@
 import static org.junit.Assert.*;
 
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import hudson.Extension;
+import hudson.security.ACL;
+import hudson.security.AuthorizationStrategy;
+import hudson.security.SecurityRealm;
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.Issue;
 import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.LoggerRule;
 import org.jvnet.hudson.test.TestExtension;
+import org.xml.sax.SAXException;
 
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
+import java.io.IOException;
+import java.util.Collection;
 import java.util.logging.Level;
 import java.util.logging.LogRecord;
 
@@ -43,6 +52,67 @@ public void jenkins40545() throws Exception {
         assertThat(page.getWebResponse().getContentAsString(), containsString("descriptors found: .")); // No output written from expression
     }
 
+    @Test @Issue("JENKINS-49044")
+    public void securityRealmAndAuthStrategyHidden() throws Exception {
+        j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
+        j.jenkins.setAuthorizationStrategy(AuthorizationStrategy.UNSECURED);
+        HtmlPage page = j.createWebClient().goTo("configureSecurity");
+        String response = page.getWebResponse().getContentAsString();
+        assertThat(response, not(containsString("TestSecurityRealm")));
+        assertThat(response, not(containsString("TestAuthStrategy")));
+    }
+
+    public static final class TestSecurityRealm extends SecurityRealm {
+
+        @Override
+        public SecurityComponents createSecurityComponents() { return null; }
+
+        @TestExtension
+        public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
+            @Nonnull
+            @Override
+            public String getDisplayName() {
+                return "TestSecurityRealm";
+            }
+        }
+
+        @TestExtension
+        public static final class HideDescriptor extends DescriptorVisibilityFilter {
+            @Override
+            public boolean filter(@CheckForNull Object context, @Nonnull Descriptor descriptor) {
+                return !(descriptor instanceof DescriptorImpl);
+            }
+        }
+    }
+
+    public static final class TestAuthStrategy extends AuthorizationStrategy {
+
+        @Nonnull
+        @Override
+        public ACL getRootACL() { return null; }
+
+        @Nonnull
+        @Override
+        public Collection<String> getGroups() { return null; }
+
+        @TestExtension
+        public static final class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
+            @Nonnull
+            @Override
+            public String getDisplayName() {
+                return "TestAuthStrategy";
+            }
+        }
+
+        @TestExtension
+        public static final class HideDescriptor extends DescriptorVisibilityFilter {
+            @Override
+            public boolean filter(@CheckForNull Object context, @Nonnull Descriptor descriptor) {
+                return !(descriptor instanceof DescriptorImpl);
+            }
+        }
+    }
+
     @TestExtension("jenkins40545")
     public static final class Jenkins40545 implements UnprotectedRootAction {