Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #25 from daniel-beck/unmarshal-robustness
[JENKINS-9774] Drop support for pre-2009 serialized format that resulted in errors
  • Loading branch information
daniel-beck committed Sep 14, 2017
2 parents b53384b + cc791d1 commit 9463c21
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 16 deletions.
Expand Up @@ -134,28 +134,12 @@ public String getDisplayName() {
};

public static class ConverterImpl extends GlobalMatrixAuthorizationStrategy.ConverterImpl {
private RobustReflectionConverter ref;

public ConverterImpl(Mapper m) {
ref = new RobustReflectionConverter(m,JVM.newReflectionProvider());
}

@Override
protected GlobalMatrixAuthorizationStrategy create() {
return new ProjectMatrixAuthorizationStrategy();
}

@Override
public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {
String name = reader.peekNextChild();
if(name!=null && (name.equals("permission") || name.equals("useProjectSecurity")))
// the proper serialization form
return super.unmarshal(reader, context);
else
// remain compatible with earlier problem where we used reflection converter
return ref.unmarshal(reader,context);
}

@Override
public boolean canConvert(Class type) {
return type==ProjectMatrixAuthorizationStrategy.class;
Expand Down
Expand Up @@ -9,6 +9,7 @@
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.recipes.LocalData;

public class ProjectMatrixAuthorizationStrategyTest {

Expand Down Expand Up @@ -72,4 +73,23 @@ public void submitEmptyPropertyEnsuresPermissionsForAnonymousSubmitter() throws
Assert.assertTrue("anon is admin", r.jenkins.getACL().hasPermission(Jenkins.ANONYMOUS, Jenkins.ADMINISTER));
Assert.assertTrue(r.jenkins.getAuthorizationStrategy() instanceof GlobalMatrixAuthorizationStrategy);
}

@Test
@LocalData
public void loadEmptyAuthorizationStrategy() throws Exception {
Assert.assertTrue(r.jenkins.getSecurityRealm() instanceof HudsonPrivateSecurityRealm);
Assert.assertTrue(r.jenkins.getAuthorizationStrategy() instanceof GlobalMatrixAuthorizationStrategy);
}

@Test
@LocalData
public void loadFilledAuthorizationStrategy() throws Exception {
Assert.assertTrue(r.jenkins.getSecurityRealm() instanceof HudsonPrivateSecurityRealm);
Assert.assertTrue(r.jenkins.getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy);

ProjectMatrixAuthorizationStrategy authorizationStrategy = (ProjectMatrixAuthorizationStrategy) r.jenkins.getAuthorizationStrategy();
Assert.assertTrue(authorizationStrategy.hasExplicitPermission("alice", Jenkins.ADMINISTER));
Assert.assertFalse(authorizationStrategy.hasExplicitPermission("alice", Jenkins.READ));
Assert.assertFalse(authorizationStrategy.hasExplicitPermission("bob", Jenkins.ADMINISTER));
}
}
@@ -0,0 +1,34 @@
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.0</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy"/>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>all</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>all</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
@@ -0,0 +1,36 @@
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.0</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Administer:alice</permission>
</authorizationStrategy>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>all</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>all</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>

0 comments on commit 9463c21

Please sign in to comment.