Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-22937] Handle anonymous/unauthorized REST API requests…
… more gracefully.

Adjusted REST API visibility settings to avoid serializing long histories at depth=0.
  • Loading branch information
cfs-pure committed May 8, 2014
1 parent 2a305a0 commit 49e499c
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 6 deletions.
Expand Up @@ -22,6 +22,8 @@
import java.util.Map.Entry;
import jenkins.model.Jenkins;

import org.acegisecurity.AuthenticationException;

import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.export.ExportedBean;
Expand All @@ -32,7 +34,7 @@
*
* @author Lucie Votypkova
*/
@ExportedBean
@ExportedBean(defaultVisibility = -1)
public class ComputerConfigHistoryAction extends JobConfigHistoryBaseAction {

/**
Expand Down Expand Up @@ -105,7 +107,6 @@ public final String getIconFileName() {
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported
public final List<ConfigInfo> getSlaveConfigs() throws IOException {
checkConfigurePermission();
final ArrayList<ConfigInfo> configs = new ArrayList<ConfigInfo>();
Expand All @@ -132,6 +133,24 @@ public final List<ConfigInfo> getSlaveConfigs() throws IOException {
return configs;
}

/**
* Returns the configuration history entries for one {@link Slave} for the REST API.
*
* @return history list for one {@link Slave}, or an empty list if not authorized.
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported(name = "jobConfigHistory", visibility = 1)
public final List<ConfigInfo> getSlaveConfigsREST() throws IOException {
List<ConfigInfo> configs = null;
try {
configs = getSlaveConfigs();
} catch (org.acegisecurity.AccessDeniedException e) {
configs = new ArrayList<ConfigInfo>();
}
return configs;
}

/**
* Used in the Difference jelly only. Returns one of the two timestamps that
* have been passed to the Difference page as parameter. timestampNumber
Expand Down
Expand Up @@ -23,6 +23,8 @@
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;

import org.acegisecurity.AuthenticationException;

import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.export.ExportedBean;
Expand All @@ -31,7 +33,7 @@
/**
* @author Stefan Brausch
*/
@ExportedBean
@ExportedBean(defaultVisibility = -1)
public class JobConfigHistoryProjectAction extends JobConfigHistoryBaseAction {

/** The project. */
Expand Down Expand Up @@ -82,7 +84,6 @@ public final String getIconFileName() {
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported
public final List<ConfigInfo> getJobConfigs() throws IOException {
checkConfigurePermission();
final ArrayList<ConfigInfo> configs = new ArrayList<ConfigInfo>();
Expand Down Expand Up @@ -116,6 +117,24 @@ public final List<ConfigInfo> getJobConfigs() throws IOException {
return configs;
}

/**
* Returns the configuration history entries for one {@link AbstractItem} for the REST API.
*
* @return history list for one {@link AbstractItem}, or an empty list if not authorized.
* @throws IOException
* if {@link JobConfigHistoryConsts#HISTORY_FILE} might not be read or the path might not be urlencoded.
*/
@Exported(name = "jobConfigHistory", visibility = 1)
public final List<ConfigInfo> getJobConfigsREST() throws IOException {
List<ConfigInfo> configs = null;
try {
configs = getJobConfigs();
} catch (org.acegisecurity.AccessDeniedException e) {
configs = new ArrayList<ConfigInfo>();
}
return configs;
}

/**
* Returns {@link JobConfigHistoryBaseAction#getConfigXml(String)} as
* String.
Expand Down
Expand Up @@ -33,7 +33,7 @@
* @author Stefan Brausch, mfriedenhagen
*/

@ExportedBean
@ExportedBean(defaultVisibility = -1)
@Extension
public class JobConfigHistoryRootAction extends JobConfigHistoryBaseAction
implements RootAction {
Expand Down Expand Up @@ -83,7 +83,7 @@ public final String getIconFileName() {
* @throws IOException
* if one of the history entries might not be read.
*/
@Exported
@Exported(visibility = 1)
public final List<ConfigInfo> getConfigs() throws IOException {
final String filter = getRequestParameter("filter");
List<ConfigInfo> configs = null;
Expand Down

0 comments on commit 49e499c

Please sign in to comment.