Skip to content

Commit

Permalink
Merge pull request #2900 from ksenia-nenasheva/JENKINS-4478
Browse files Browse the repository at this point in the history 
[JENKINS-4478] - Move TCP port out from under security
  • Loading branch information
@daniel-beck
daniel-beck committed Jun 3, 2017
2 parents a76a267 + ca5f212 commit 2228b39
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 37 deletions.
42 changes: 22 additions & 20 deletions core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
View file
Expand Up @@ -115,26 +115,7 @@ public boolean configure(StaplerRequest req, JSONObject json) throws hudson.mode
JSONObject security = json.getJSONObject("useSecurity");
j.setDisableRememberMe(security.optBoolean("disableRememberMe", false));
j.setSecurityRealm(SecurityRealm.all().newInstanceFromRadioList(security, "realm"));
j.setAuthorizationStrategy(AuthorizationStrategy.all().newInstanceFromRadioList(security, "authorization"));
if (!isSlaveAgentPortEnforced()) {
try {
j.setSlaveAgentPort(new ServerTcpPort(security.getJSONObject("slaveAgentPort")).getPort());
} catch (IOException e) {
throw new hudson.model.Descriptor.FormException(e, "slaveAgentPortType");
}
}
Set<String> agentProtocols = new TreeSet<>();
if (security.has("agentProtocol")) {
Object protocols = security.get("agentProtocol");
if (protocols instanceof JSONArray) {
for (int i = 0; i < ((JSONArray) protocols).size(); i++) {
agentProtocols.add(((JSONArray) protocols).getString(i));
}
} else {
agentProtocols.add(protocols.toString());
}
}
j.setAgentProtocols(agentProtocols);
j.setAuthorizationStrategy(AuthorizationStrategy.all().newInstanceFromRadioList(security, "authorization"));
} else {
j.disableSecurity();
}
Expand All @@ -144,6 +125,27 @@ public boolean configure(StaplerRequest req, JSONObject json) throws hudson.mode
} else {
j.setMarkupFormatter(null);
}

// Agent settings
if (!isSlaveAgentPortEnforced()) {
try {
j.setSlaveAgentPort(new ServerTcpPort(json.getJSONObject("slaveAgentPort")).getPort());
} catch (IOException e) {
throw new hudson.model.Descriptor.FormException(e, "slaveAgentPortType");
}
}
Set<String> agentProtocols = new TreeSet<>();
if (json.has("agentProtocol")) {
Object protocols = json.get("agentProtocol");
if (protocols instanceof JSONArray) {
for (int i = 0; i < ((JSONArray) protocols).size(); i++) {
agentProtocols.add(((JSONArray) protocols).getString(i));
}
} else {
agentProtocols.add(protocols.toString());
}
}
j.setAgentProtocols(agentProtocols);

// persist all the additional security configs
boolean result = true;
Expand Down
30 changes: 17 additions & 13 deletions core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
View file
Expand Up @@ -26,6 +26,23 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName, csscla
set("descriptor", my.descriptor);

f.optionalBlock( field:"useSecurity", title:_("Enable security"), checked:app.useSecurity) {
f.entry (title:_("Disable remember me"), field: "disableRememberMe") {
f.checkbox()
}

f.entry(title:_("Access Control")) {
table(style:"width:100%") {
f.descriptorRadioList(title:_("Security Realm"),varName:"realm", instance:app.securityRealm, descriptors:SecurityRealm.all())
f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:AuthorizationStrategy.all())
}
}
}

f.section(title: _("Markup Formatter")) {
f.dropdownDescriptorSelector(title:_("Markup Formatter"),descriptors: MarkupFormatterDescriptor.all(), field: 'markupFormatter')
}

f.section(title: _("Agents")) {
f.entry(title: _("TCP port for JNLP agents"), field: "slaveAgentPort") {
if (my.slaveAgentPortEnforced) {
if (my.slaveAgentPort == -1) {
Expand Down Expand Up @@ -63,21 +80,8 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName, csscla
}
}
}

f.entry (title:_("Disable remember me"), field: "disableRememberMe") {
f.checkbox()
}

f.entry(title:_("Access Control")) {
table(style:"width:100%") {
f.descriptorRadioList(title:_("Security Realm"),varName:"realm", instance:app.securityRealm, descriptors:SecurityRealm.all())
f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:AuthorizationStrategy.all())
}
}
}

f.dropdownDescriptorSelector(title:_("Markup Formatter"),descriptors: MarkupFormatterDescriptor.all(), field: 'markupFormatter')

Functions.getSortedDescriptorsForGlobalConfig(my.FILTER).each { Descriptor descriptor ->
set("descriptor",descriptor)
set("instance",descriptor)
Expand Down
10 changes: 6 additions & 4 deletions core/src/main/resources/hudson/security/csrf/GlobalCrumbIssuerConfiguration/config.groovy
View file
Expand Up @@ -6,10 +6,12 @@ def f=namespace(lib.FormTagLib)
def all = CrumbIssuer.all()

if (!all.isEmpty()) {
f.optionalBlock(field:"csrf", title:_("Prevent Cross Site Request Forgery exploits"), checked: app.useCrumbs ) {
f.entry(title:_("Crumbs")) {
table(style:"width:100%") {
f.descriptorRadioList(title:_("Crumb Algorithm"), varName:"issuer", instance:app.crumbIssuer, descriptors:all)
f.section(title: _("CSRF Protection")) {
f.optionalBlock(field:"csrf", title:_("Prevent Cross Site Request Forgery exploits"), checked: app.useCrumbs ) {
f.entry(title:_("Crumbs")) {
table(style:"width:100%") {
f.descriptorRadioList(title:_("Crumb Algorithm"), varName:"issuer", instance:app.crumbIssuer, descriptors:all)
}
}
}
}
Expand Down

0 comments on commit 2228b39

Please sign in to comment.