Adding feature to allow controlling when and where the JNLP launch URL is exposed.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@3348 71c3de6d-444a-0410-be80-ed276b4c234a

Adding feature to allow controlling when and where the JNLP launch URL is exposed.
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@3348 71c3de6d-444a-0410-be80-ed276b4c234a
476b13fc · stephenconnolly · 59f9b2fc · 476b13fc · 476b13fc · 476b13fc
10 changed file
--- a/core/src/main/java/hudson/Functions.java
+++ b/core/src/main/java/hudson/Functions.java
@@ -189,6 +189,10 @@ public class Functions {
        return Node.Mode.values();
    }

+    public static Node.JNLPSecurityMode[] getJNLPSecurityModes() {
+        return Node.JNLPSecurityMode.values();
+    }
+
    public static String getProjectListString(List<Project> projects) {
        return Items.toNameList(projects);
    }
@@ -196,7 +200,7 @@ public class Functions {
    public static Object ifThenElse(boolean cond, Object thenValue, Object elseValue) {
        return cond ? thenValue : elseValue;
    }
-    
+
    public static String appendIfNotNull(String text, String suffix, String nullText) {
        return text == null ? nullText : text + suffix;
    }
@@ -271,7 +275,7 @@ public class Functions {
     *
     * @param noAutoRefresh
     *      On certain pages, like a page with forms, will have annoying interference
-     *      with auto refresh. On those pages, disable auto-refresh.  
+     *      with auto refresh. On those pages, disable auto-refresh.
     */
    public static void configureAutoRefresh(HttpServletRequest request, HttpServletResponse response, boolean noAutoRefresh) {
        if(noAutoRefresh)

--- a/core/src/main/java/hudson/model/Computer.java
+++ b/core/src/main/java/hudson/model/Computer.java
@@ -118,6 +118,30 @@ public abstract class Computer implements ModelObject {
        return false;
    }

+    /**
+     * Returns true if this computer is needs to be launched via JNLP. That is if the Launch slave agent link should be
+     * visible.
+     * @return true if and only if the JNLP link should be shown.
+     */
+    public boolean isJnlpAgentLaunchVisible() {
+        return isJnlpAgent() && isOffline() && !isTemporarilyOffline();
+    }
+
+    /**
+     * Returns true if the JNLP link should be restricted to authenticated in users.
+     * @return true if and only if the JNLP link should be restricted to authenticated users.
+     */
+    public boolean isJnlpAgentLaunchAdminOnly() {
+        return true;
+    }
+
+    /**
+     * Returns true if the JNLP link should be visible from the main page.
+     * @return true if and only if the JNLP link should be availible from the main page.
+     */
+    public boolean isJnlpAgentLaunchPublic() {
+        return false;
+    }
    /**
     * Returns true if this node is marked temporarily offline by the user.
     *
@@ -291,7 +315,7 @@ public abstract class Computer implements ModelObject {
        }
        private static final long serialVersionUID = 1L;
    }
-    
+

    public static final ExecutorService threadPoolForRemoting = Executors.newCachedThreadPool(new DaemonThreadFactory());

@@ -309,7 +333,7 @@ public abstract class Computer implements ModelObject {
    private void rss(StaplerRequest req, StaplerResponse rsp, String suffix, RunList runs) throws IOException, ServletException {
        RSS.forwardToRss(getDisplayName()+ suffix, getUrl(),
            runs.newBuilds(), Run.FEED_ADAPTER, req, rsp );
-    }        
+    }

    public void doToggleOffline( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException {
        if(!Hudson.adminCheck(req,rsp))

--- a/core/src/main/java/hudson/model/Node.java
+++ b/core/src/main/java/hudson/model/Node.java
@@ -90,4 +90,51 @@ public interface Node {
            ConvertUtils.register(new EnumConverter(),Mode.class);
        }
    }
+
+    enum JNLPSecurityMode {
+        NORMAL("Launch only from Computer detail. Require Login if security enabled.", true, false, false),
+        SECURE_PUBLIC("Launch from front page. Require Login if security enabled.", true, false, false),
+        BYPASS("Launch only from Computer detail. Login never required.", false, false, false),
+        PUBLIC("Launch from front page. Login never required.", false, true, false)/*,
+
+        // stephenconnolly: holding off on these next changes until they are closer to ready
+        DYNAMIC("Dynamic secure slave (experimental)", true, true, true),
+        DYNAMIC("Dynamic public slave (experimental)", false, true, true)*/;
+
+        private final String description;
+        private final boolean enforceSecurity;
+        private final boolean publicLaunch;
+        private final boolean dynammicPool;
+
+        public String getDescription() {
+            return description;
+        }
+
+        public String getName() {
+            return name();
+        }
+
+        public boolean isEnforceSecurity() {
+            return enforceSecurity;
+        }
+
+        public boolean isPublicLaunch() {
+            return publicLaunch;
+        }
+
+        public boolean isDynammicPool() {
+            return dynammicPool;
+        }
+
+        JNLPSecurityMode(String description, boolean enforceSecurity, boolean publicLaunch, boolean dynammicPool) {
+            this.description = description;
+            this.enforceSecurity = enforceSecurity;
+            this.publicLaunch = publicLaunch;
+            this.dynammicPool = dynammicPool;
+        }
+
+        static {
+            ConvertUtils.register(new EnumConverter(), JNLPSecurityMode.class);
+        }
+    }
 }
--- a/core/src/main/java/hudson/model/Slave.java
+++ b/core/src/main/java/hudson/model/Slave.java
@@ -72,6 +72,11 @@ public final class Slave implements Node, Serializable {
     */
    private Mode mode;

+    /**
+     * JNLP Security mode
+     */
+    private JNLPSecurityMode jnlpSecurity;
+
    /**
     * Command line to launch the agent, like
     * "ssh myslave java -jar /path/to/hudson-remoting.jar"
@@ -91,13 +96,15 @@ public final class Slave implements Node, Serializable {
    /**
     * @stapler-constructor
     */
-    public Slave(String name, String description, String command, String remoteFS, int numExecutors, Mode mode, String label) throws FormException {
+    public Slave(String name, String description, String command, String remoteFS, int numExecutors, Mode mode,
+                 String label, JNLPSecurityMode jnlpSecurity) throws FormException {
        this.name = name;
        this.description = description;
        this.numExecutors = numExecutors;
        this.mode = mode;
        this.agentCommand = command;
        this.remoteFS = remoteFS;
+        this.jnlpSecurity = jnlpSecurity;
        this.label = Util.fixNull(label).trim();
        getAssignedLabels();    // compute labels now

@@ -130,7 +137,7 @@ public final class Slave implements Node, Serializable {
    }

    /**
-     * Gets the root directory of the Hudson workspace on this slave. 
+     * Gets the root directory of the Hudson workspace on this slave.
     */
    public FilePath getFilePath() {
        return new FilePath(getComputer().getChannel(),remoteFS);
@@ -144,6 +151,10 @@ public final class Slave implements Node, Serializable {
        return mode;
    }

+    public JNLPSecurityMode getJnlpSecurity() {
+        return jnlpSecurity;
+    }
+
    public String getLabelString() {
        return Util.fixNull(label).trim();
    }
@@ -259,6 +270,44 @@ public final class Slave implements Node, Serializable {
            return getNode().getCommand().length()==0;
        }

+
+        /**
+         * Returns true if this computer is needs to be launched via JNLP. That is if the Launch slave agent link should be
+         * visible.
+         *
+         * @return true if and only if the JNLP link should be shown.
+         */
+        @Override
+        public boolean isJnlpAgentLaunchVisible() {
+            if (getNode().getJnlpSecurity().isDynammicPool()) {
+                return isJnlpAgent();
+            }
+            return super.isJnlpAgentLaunchVisible();
+        }
+
+        /**
+         * Returns true if the JNLP link should be restricted to authenticated in users.
+         *
+         * @return true if and only if the JNLP link should be restricted to authenticated users.
+         */
+        @Override
+        public boolean isJnlpAgentLaunchAdminOnly() {
+            return getNode().getJnlpSecurity().isEnforceSecurity();
+        }
+
+        /**
+         * Returns true if the JNLP link should be visible from the main page.
+         *
+         * @return true if and only if the JNLP link should be availible from the main page.
+         */
+        @Override
+        public boolean isJnlpAgentLaunchPublic() {
+            if (getNode().getJnlpSecurity().isPublicLaunch()) {
+                return isJnlpAgent();
+            }
+            return super.isJnlpAgentLaunchPublic();    //To change body of overridden methods use File | Settings | File Templates.
+        }
+
        /**
         * Launches a remote agent.
         */

--- a/core/src/main/resources/hudson/model/Computer/index.jelly
+++ b/core/src/main/resources/hudson/model/Computer/index.jelly
@@ -22,8 +22,8 @@
      <j:choose>
        <j:when test="${it.jnlpAgent}">
          <j:choose>
-            <j:when test="${it.offline &amp;&amp; !it.temporarilyOffline}">
-              <l:isAdmin>
+            <j:when test="${it.jnlpAgentLaunchVisible}">
+              <l:isAdminOrTest test="${!it.jnlpAgentLaunchAdminOnly}">
                <p>
                  <a href="slave-agent.jnlp">
                    <img src="${rootURL}/images/webstart.gif" alt="launch agent" />
@@ -33,7 +33,7 @@
                <p>
                  (Click the above link from this slave computer to launch the slave agent via JNLP)
                </p>
-              </l:isAdmin>
+              </l:isAdminOrTest>
            </j:when>
            <j:otherwise>
              <p>

--- a/core/src/main/resources/hudson/model/Hudson/configure.jelly
+++ b/core/src/main/resources/hudson/model/Hudson/configure.jelly
@@ -39,7 +39,7 @@
          <label for="sat.random">Random</label>

          <st:nbsp />
-          
+
          <s:radio name="slaveAgentPortType" value="disable" id="sat.disabled"
                   checked="${it.slaveAgentPort==-1}" onclick="$('sat.port').disabled=true" />
          <label for="sat.disabled">Disable</label>
@@ -88,7 +88,15 @@
                <s:textbox name="slave.label" value="${s.labelString}" />
              </s:entry>

-              <j:if test="${s!=null}">
+                <s:entry title="jnlp security" help="/help/system-config/master-slave/jnlpSecurity.html">
+                    <select class="setting-input" name="slave.jnlpSecurity">
+                        <j:forEach var="m" items="${h.getJNLPSecurityModes()}">
+                            <s:option value="${m.name}" selected="${m==s.jnlpSecurity}">${m.description}</s:option>
+                        </j:forEach>
+                    </select>
+                </s:entry>
+
+                <j:if test="${s!=null}">
                <s:entry title="clock" help="/help/system-config/master-slave/clock.html">
                  <j:set var="id" value="${h.generateId()}"/>
                  <div id="${id}">

--- a/core/src/main/resources/hudson/model/Slave/ComputerImpl/slave-agent.jnlp.jelly
+++ b/core/src/main/resources/hudson/model/Slave/ComputerImpl/slave-agent.jnlp.jelly
@@ -7,7 +7,7 @@
  <!--
    See http://www.dallaway.com/acad/webstart/ for obtaining the certificate.
  -->
-  <l:isAdmin>
+  <l:isAdminOrTest test="true">
    <!-- See http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/syntax.html for the syntax -->
    <jnlp spec="1.0+"
        codebase="${rootURL}/computer/${h.encode(it.node.nodeName)}/">
@@ -35,5 +35,5 @@
        <argument>${it.node.nodeName}</argument>
      </application-desc>
    </jnlp>
-  </l:isAdmin>
+  </l:isAdminOrTest>
 </j:jelly>
--- a/core/src/main/resources/lib/hudson/executors.jelly
+++ b/core/src/main/resources/lib/hudson/executors.jelly
@@ -26,8 +26,18 @@
 	        <tr>
 	          <th class="pane" colspan="3">
 	            <a href="${rootURL}/computer/${c.displayName}">${c.displayName}</a>
-	            <j:if test="${c.offline}">(offline)</j:if>
-	          </th>
+	            <j:if test="${c.offline}">(offline) </j:if>
+                <j:if test="${c.jnlpAgent}">
+                  <j:if test="${c.jnlpAgentLaunchVisible &amp;&amp; c.jnlpAgentLaunchPublic}">
+                    <l:isAdminOrTest test="${!c.jnlpAgentLaunchAdminOnly}">
+                      <a href="${rootURL}/computer/${c.displayName}/slave-agent.jnlp">
+                        <img src="${rootURL}/images/webstart.gif" alt="Launch" title="Launch slave agent" />
+
+                      </a>
+                    </l:isAdminOrTest>
+                  </j:if>
+                </j:if>
+              </th>
 	        </tr>
 	      </j:otherwise>
 	    </j:choose>

--- a/core/src/main/resources/lib/layout/isAdminOrTest.jelly
+++ b/core/src/main/resources/lib/layout/isAdminOrTest.jelly
+<!--
+<%@ attribute name="test" required="true" type="java.lang.Boolean" %>
+-->
+<j:jelly xmlns:j="jelly:core" xmlns:d="jelly:define" xmlns:s="jelly:stapler">
+    <j:choose>
+        <j:when test="${!test &amp;&amp; app.useSecurity}">
+            <s:isUserInRole role="admin">
+                <d:invokeBody />
+            </s:isUserInRole>
+        </j:when>
+        <!-- if the security is disabled or the test passes -->
+        <j:otherwise>
+            <d:invokeBody />
+        </j:otherwise>
+    </j:choose>
+</j:jelly>
\ No newline at end of file
--- a/war/resources/help/system-config/master-slave/jnlpSecurity.html
+++ b/war/resources/help/system-config/master-slave/jnlpSecurity.html
+<div>
+    Controls how Hudson permits launching via JNLP.
+
+    <dl>
+        <dt><b>
+            Launch only from Computer detail. Require Login if security enabled.
+        </b></dt>
+        <dd>
+            <em>This is the default and normal setting.</em>
+            In this mode, Hudson provides the JNLP launch link on the computer view.
+            If Security is enabled, then the link will only be available to authenticated users.
+        </dd>
+
+        <dt><b>
+            Launch from front page. Require Login if security enabled.
+        </b></dt>
+        <dd>
+            In this mode, Hudson provides the JNLP launch link on both the computer view and the Build Executor Status
+            sidepanel.
+            If Security is enabled, then the link will only be available to authenticated users.
+        </dd>
+
+        <dt><b>
+            Launch only from Computer detail. Login never required.
+        </b></dt>
+        <dd>
+            In this mode, Hudson provides the JNLP launch link on the computer view.
+            The link will always be available whenever the slave is offline.
+        </dd>
+
+        <dt><b>
+            Launch from front page. Login never required.
+        </b></dt>
+        <dd>
+            In this mode, Hudson provides the JNLP launch link on both the computer view and the Build Executor Status
+            sidepanel.
+            The link will always be available whenever the slave is offline.
+        </dd>
+
+    </dl>
+</div>
\ No newline at end of file