Merge pull request #4668 from daniel-beck/unprotected-root-urls-by-which-plugin

Indicate which plugin provides an UnprotectedRootAction

core/src/main/resources/hudson/security/LegacySecurityRealm/config.groovy

+package hudson.security.LegacySecurityRealm
+
+import hudson.PluginWrapper
+import hudson.model.UnprotectedRootAction
+import jenkins.model.Jenkins
+
+def f = namespace(lib.FormTagLib)
+
+f.entry(title: _('Unprotected URLs')) {
+    p(_('blurb'))
+    ul {
+        for (def action : Jenkins.get().getActions().sort { x, y -> x.getUrlName() <=> y.getUrlName() }) {
+            if (action instanceof UnprotectedRootAction) {
+                li {
+                    a(href: '../' + action.getUrlName(), target: '_blank') {
+                        code {
+                            text(action.getUrlName())
+                        }
+                    }
+                    br()
+                    PluginWrapper whichPlugin = Jenkins.get().getPluginManager().whichPlugin(action.getClass())
+                    if (whichPlugin == null) {
+                        text(_("byCore"))
+                    } else {
+                        raw(_("byPlugin", whichPlugin.getDisplayName(), whichPlugin.getUrl()))
+                    }
+                }
+            }
+        }
+    }
+}

core/src/main/resources/hudson/security/LegacySecurityRealm/config.jelly

-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-The MIT License
-
-Copyright 2012 Jesse Glick.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
--->
-
-<?jelly escape-by-default='true'?>
-<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:i="jelly:fmt" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-    <f:entry title="${%Unprotected URLs}">
-        <p>${%blurb}</p>
-        <ul>
-            <j:forEach var="name" items="${app.unprotectedRootActions}">
-                <li><a href="../${name}" target="_blank"><code>${name}</code></a></li>
-            </j:forEach>
-        </ul>
-    </f:entry>
-</j:jelly>

core/src/main/resources/hudson/security/LegacySecurityRealm/config.properties

@@ -23,3 +23,5 @@
 blurb=\
     These URLs (and URLs starting with these prefixes plus a /) should require no authentication. \
     If possible, configure your container to pass these requests straight to Jenkins without requiring login.
+byCore=(provided by Jenkins core)
+byPlugin=(provided by <a href="{1}" target="_blank">{0}</a>)