[FIXED HUDSON-3069]

Fixed the initialization order issue. I tweaked the patch a little to avoid using a flag. It seems to me that HudsonFilter can just check if it already has a corresponding Hudson instance, and if so, it can configure itself. This fix will be in 1.291. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@16150 71c3de6d-444a-0410-be80-ed276b4c234a

[FIXED HUDSON-3069]
Fixed the initialization order issue. I tweaked the patch a little to avoid using a flag. It seems to me that HudsonFilter can just check if it already has a corresponding Hudson instance, and if so, it can configure itself. This fix will be in 1.291. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@16150 71c3de6d-444a-0410-be80-ed276b4c234a
81ba9354 · kohsuke · 8f97fcfc · 81ba9354 · 81ba9354 · 81ba9354
5 changed file
--- a/core/src/main/java/hudson/model/Descriptor.java
+++ b/core/src/main/java/hudson/model/Descriptor.java
@@ -26,13 +26,13 @@ package hudson.model;
 import hudson.XmlFile;
 import hudson.BulkChange;
 import static hudson.Util.singleQuote;
-import hudson.util.CopyOnWriteList;
 import hudson.scm.CVSSCM;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerResponse;
+import org.kohsuke.stapler.MetaClassLoader;
 import org.springframework.util.StringUtils;
 import org.jvnet.tiger_types.Types;
 import org.apache.commons.io.IOUtils;

--- a/core/src/main/java/hudson/model/Hudson.java
+++ b/core/src/main/java/hudson/model/Hudson.java
@@ -1487,7 +1487,16 @@ public final class Hudson extends Node implements ItemGroup<TopLevelItem>, Stapl
        this.securityRealm = securityRealm;
        // reset the filters and proxies for the new SecurityRealm
        try {
-            HudsonFilter.get(servletContext).reset(securityRealm);
+            HudsonFilter filter = HudsonFilter.get(servletContext);
+            if (filter == null) {
+                // Fix for #3069: This filter is not necessarily initialized before the servlets.
+                // when HudsonFilter does come back, it'll initialize itself.
+                LOGGER.info("HudsonFilter has not yet been initialized: Can't perform security setup for now");
+            } else {
+                LOGGER.info("HudsonFilter has been previously initialized: Setting security up");
+                filter.reset(securityRealm);
+                LOGGER.info("Security is now fully set up");
+            }
        } catch (ServletException e) {
            // for binary compatibility, this method cannot throw a checked exception
            throw new AcegiSecurityException("Failed to configure filter",e) {};

--- a/core/src/main/java/hudson/security/ChainedServletFilter.java
+++ b/core/src/main/java/hudson/security/ChainedServletFilter.java
@@ -23,15 +23,18 @@
 */
 package hudson.security;

+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.Collection;

 /**
 * Servlet {@link Filter} that chains multiple {@link Filter}s.
@@ -59,11 +62,17 @@ public class ChainedServletFilter implements Filter {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
+        if (LOGGER.isLoggable(Level.FINEST))
+            for (Filter f : filters)
+                LOGGER.finest("ChainedServletFilter contains: " + f);
+
        for (Filter f : filters)
            f.init(filterConfig);
    }

    public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException {
+        LOGGER.entering(ChainedServletFilter.class.getName(), "doFilter");
+
        new FilterChain() {
            private int position=0;
            // capture the array for thread-safety
@@ -85,4 +94,6 @@ public class ChainedServletFilter implements Filter {
        for (Filter f : filters)
            f.destroy();
    }
+
+    private static final Logger LOGGER = Logger.getLogger(ChainedServletFilter.class.getName());
 }
--- a/core/src/main/java/hudson/security/HudsonFilter.java
+++ b/core/src/main/java/hudson/security/HudsonFilter.java
@@ -23,8 +23,19 @@
 */
 package hudson.security;

-import javax.servlet.*;
+import hudson.model.Hudson;
+
 import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;

 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.ui.rememberme.RememberMeServices;
@@ -42,7 +53,7 @@ import org.acegisecurity.userdetails.UserDetailsService;
 * @since 1.160
 */
 public class HudsonFilter implements Filter {
-    /**
+	/**
     * The SecurityRealm specific filter.
     */
    private volatile Filter filter;
@@ -88,6 +99,15 @@ public class HudsonFilter implements Filter {
        this.filterConfig = filterConfig;
        // this is how we make us available to the rest of Hudson.
        filterConfig.getServletContext().setAttribute(HudsonFilter.class.getName(),this);
+        Hudson hudson = Hudson.getInstance();
+        if (hudson != null) {
+            // looks like we are initialized after Hudson came into being. initialize it now. See #3069
+            LOGGER.fine("Security wasn't initialized; Initializing it...");
+            SecurityRealm securityRealm = hudson.getSecurityRealm();
+            reset(securityRealm);
+            LOGGER.fine("securityRealm is " + securityRealm);
+            LOGGER.fine("Security initialized");
+        }
    }

    /**
@@ -123,7 +143,9 @@ public class HudsonFilter implements Filter {
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        // to deal with concurrency, we need to capture the object. 
+        LOGGER.entering(HudsonFilter.class.getName(), "doFilter");
+        
+        // to deal with concurrency, we need to capture the object.
        Filter f = filter;

        if(f==null) {
@@ -139,4 +161,6 @@ public class HudsonFilter implements Filter {
        if(filter != null)
            filter.destroy();
    }
+
+    private static final Logger LOGGER = Logger.getLogger(HudsonFilter.class.getName());
 }
--- a/core/src/main/java/hudson/security/SecurityRealm.java
+++ b/core/src/main/java/hudson/security/SecurityRealm.java
@@ -292,6 +292,8 @@ public abstract class SecurityRealm implements Describable<SecurityRealm>, Exten
     * @since 1.271
     */
    public Filter createFilter(FilterConfig filterConfig) {
+        LOGGER.entering(SecurityRealm.class.getName(), "createFilter");
+        
        Binding binding = new Binding();
        SecurityComponents sc = getSecurityComponents();
        binding.setVariable("securityComponents", sc);