Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
cf78e48b
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cf78e48b
编写于
1月 27, 2017
作者:
J
Jesse Glick
提交者:
Oliver Gondža
2月 15, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[FIXED JENKINS-39402] Cap the number of group headers printed by AccessDeniedException2.
(cherry picked from commit
d6f7e410
)
上级
da2f57c7
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
84 addition
and
2 deletion
+84
-2
core/src/main/java/hudson/security/AccessDeniedException2.java
...src/main/java/hudson/security/AccessDeniedException2.java
+11
-2
test/src/test/java/hudson/security/AccessDeniedException2Test.java
...test/java/hudson/security/AccessDeniedException2Test.java
+73
-0
未找到文件。
core/src/main/java/hudson/security/AccessDeniedException2.java
浏览文件 @
cf78e48b
...
...
@@ -12,6 +12,9 @@ import java.io.PrintWriter;
* @author Kohsuke Kawaguchi
*/
public
class
AccessDeniedException2
extends
AccessDeniedException
{
private
static
final
int
MAX_REPORTED_AUTHORITIES
=
10
;
/**
* This object represents the user being authenticated.
*/
...
...
@@ -38,8 +41,14 @@ public class AccessDeniedException2 extends AccessDeniedException {
*/
public
void
reportAsHeaders
(
HttpServletResponse
rsp
)
{
rsp
.
addHeader
(
"X-You-Are-Authenticated-As"
,
authentication
.
getName
());
for
(
GrantedAuthority
auth
:
authentication
.
getAuthorities
())
{
rsp
.
addHeader
(
"X-You-Are-In-Group"
,
auth
.
getAuthority
());
GrantedAuthority
[]
authorities
=
authentication
.
getAuthorities
();
for
(
int
i
=
0
;
i
<
authorities
.
length
;
i
++)
{
if
(
i
==
MAX_REPORTED_AUTHORITIES
)
{
rsp
.
addHeader
(
"X-You-Are-In-Group"
,
"<"
+
(
authorities
.
length
-
i
)
+
" more>"
);
break
;
}
else
{
rsp
.
addHeader
(
"X-You-Are-In-Group"
,
authorities
[
i
].
getAuthority
());
}
}
rsp
.
addHeader
(
"X-Required-Permission"
,
permission
.
getId
());
for
(
Permission
p
=
permission
.
impliedBy
;
p
!=
null
;
p
=
p
.
impliedBy
)
{
...
...
test/src/test/java/hudson/security/AccessDeniedException2Test.java
0 → 100644
浏览文件 @
cf78e48b
/*
* The MIT License
*
* Copyright 2017 CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
hudson.security
;
import
com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException
;
import
com.gargoylesoftware.htmlunit.util.NameValuePair
;
import
java.net.HttpURLConnection
;
import
java.util.ArrayList
;
import
java.util.List
;
import
org.hamcrest.Matchers
;
import
static
org
.
junit
.
Assert
.*;
import
org.junit.Rule
;
import
org.junit.Test
;
import
org.jvnet.hudson.test.Issue
;
import
org.jvnet.hudson.test.JenkinsRule
;
import
org.jvnet.hudson.test.MockAuthorizationStrategy
;
public
class
AccessDeniedException2Test
{
@Rule
public
JenkinsRule
r
=
new
JenkinsRule
();
@Issue
(
"JENKINS-39402"
)
@Test
public
void
youAreInGroupHeaders
()
throws
Exception
{
JenkinsRule
.
DummySecurityRealm
realm
=
r
.
createDummySecurityRealm
();
String
[]
groups
=
new
String
[
1000
];
for
(
int
i
=
0
;
i
<
groups
.
length
;
i
++)
{
groups
[
i
]
=
"group"
+
i
;
}
realm
.
addGroups
(
"user"
,
groups
);
r
.
jenkins
.
setSecurityRealm
(
realm
);
r
.
jenkins
.
setAuthorizationStrategy
(
new
MockAuthorizationStrategy
());
try
{
r
.
createWebClient
().
login
(
"user"
).
goTo
(
"confgure"
);
fail
(
"should not have been allowed to access anything"
);
}
catch
(
FailingHttpStatusCodeException
x
)
{
assertEquals
(
HttpURLConnection
.
HTTP_FORBIDDEN
,
x
.
getStatusCode
());
List
<
String
>
reportedGroups
=
new
ArrayList
<>();
for
(
NameValuePair
header
:
x
.
getResponse
().
getResponseHeaders
())
{
if
(
header
.
getName
().
equals
(
"X-You-Are-In-Group"
))
{
reportedGroups
.
add
(
header
.
getValue
());
}
}
assertThat
(
"capped at a reasonable number"
,
reportedGroups
,
Matchers
.<
List
<
String
>>
allOf
(
Matchers
.<
String
>
hasSize
(
11
),
// 10 groups plus final warning
Matchers
.<
String
>
hasItem
(
"<991 more>"
)));
// 1000 + SecurityRealm.AUTHENTICATED_AUTHORITY.getAuthority() - 10
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录