split the security setup into a separate section

f85eb32b · Kohsuke Kawaguchi · f854eca1 · f85eb32b · f85eb32b · f85eb32b
4 changed file
--- a/core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
+++ b/core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2011, CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package hudson.security;
+import hudson.Extension;
+import hudson.markup.MarkupFormatter;
+import jenkins.model.GlobalConfiguration;
+import jenkins.model.Jenkins;
+import net.sf.json.JSONObject;
+import org.kohsuke.stapler.StaplerRequest;
+/**
+ * Security configuration.
+ *
+ * @author Kohsuke Kawaguchi
+ */
+@Extension(ordinal=200)
+public class GlobalSecurityConfiguration extends GlobalConfiguration {
+    @Override
+    public boolean configure(StaplerRequest req, JSONObject json) throws FormException {
+        // for compatibility reasons, the actual value is stored in Jenkins
+        Jenkins j = Jenkins.getInstance();
+        if (json.has("useSecurity")) {
+            JSONObject security = json.getJSONObject("useSecurity");
+            j.setSecurityRealm(SecurityRealm.all().newInstanceFromRadioList(security, "realm"));
+            j.setAuthorizationStrategy(AuthorizationStrategy.all().newInstanceFromRadioList(security, "authorization"));
+            if (security.has("markupFormatter")) {
+                j.setMarkupFormatter(req.bindJSON(MarkupFormatter.class, security.getJSONObject("markupFormatter")));
+            } else {
+                j.setMarkupFormatter(null);
+            }
+        } else {
+            j.disableSecurity();
+        }
+        return true;
+    }
+}
--- a/core/src/main/java/jenkins/model/Jenkins.java
+++ b/core/src/main/java/jenkins/model/Jenkins.java
@@ -58,7 +58,6 @@ import hudson.model.LoadBalancer;
 import hudson.model.ManagementLink;
 import hudson.model.ModifiableItemGroup;
 import hudson.model.NoFingerprintMatch;
-import hudson.model.Node.Mode;
 import hudson.model.OverallLoadStatistics;
 import hudson.model.Project;
 import hudson.model.RestartListener;
@@ -101,7 +100,6 @@ import hudson.Plugin;
 import hudson.PluginManager;
 import hudson.PluginWrapper;
 import hudson.ProxyConfiguration;
-import hudson.StructuredForm;
 import hudson.TcpSlaveAgentListener;
 import hudson.UDPBroadcastThread;
 import hudson.Util;
@@ -1849,6 +1847,7 @@ public class Jenkins extends AbstractCIBase implements ModifiableItemGroup<TopLe
    public void setSecurityRealm(SecurityRealm securityRealm) {
        if(securityRealm==null)
            securityRealm= SecurityRealm.NO_AUTHENTICATION;
+        this.useSecurity = true;
        this.securityRealm = securityRealm;
        // reset the filters and proxies for the new SecurityRealm
        try {
@@ -1871,9 +1870,17 @@ public class Jenkins extends AbstractCIBase implements ModifiableItemGroup<TopLe
    public void setAuthorizationStrategy(AuthorizationStrategy a) {
        if (a == null)
            a = AuthorizationStrategy.UNSECURED;
+        useSecurity = true;
        authorizationStrategy = a;
    }
+    public void disableSecurity() {
+        useSecurity = null;
+        setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
+        authorizationStrategy = AuthorizationStrategy.UNSECURED;
+        markupFormatter = null;
+    }
    public Lifecycle getLifecycle() {
        return Lifecycle.get();
    }
@@ -2422,27 +2429,6 @@ public class Jenkins extends AbstractCIBase implements ModifiableItemGroup<TopLe
            workspaceDir = json.getString("rawWorkspaceDir");
            buildsDir = json.getString("rawBuildsDir");
-            // keep using 'useSecurity' field as the main configuration setting
-            // until we get the new security implementation working
-            // useSecurity = null;
-            if (json.has("use_security")) {
-                useSecurity = true;
-                JSONObject security = json.getJSONObject("use_security");
-                setSecurityRealm(SecurityRealm.all().newInstanceFromRadioList(security,"realm"));
-                setAuthorizationStrategy(AuthorizationStrategy.all().newInstanceFromRadioList(security, "authorization"));
-                if (security.has("markupFormatter")) {
-                    markupFormatter = req.bindJSON(MarkupFormatter.class,security.getJSONObject("markupFormatter"));
-                } else {
-                    markupFormatter = null;
-                }
-            } else {
-                useSecurity = null;
-                setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
-                authorizationStrategy = AuthorizationStrategy.UNSECURED;
-                markupFormatter = null;
-            }
            if (json.has("viewsTabBar")) {
                viewsTabBar = req.bindJSON(ViewsTabBar.class,json.getJSONObject("viewsTabBar"));
            } else {

--- a/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/config.groovy
+++ b/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/config.groovy
+package hudson.security.csrf.GlobalCrumbIssuerConfiguration
+import hudson.security.SecurityRealm
+import hudson.security.AuthorizationStrategy
+def f=namespace(lib.FormTagLib)
+f.optionalBlock( field:"useSecurity", title:_("Enable security"), checked:app.useSecurity) {
+    f.entry (title:_("TCP port for JNLP slave agents")) {
+        int port = app.slaveAgentPort
+        f.radio(name:"slaveAgentPortType", value:"fixed", id:"sat.fixed",
+                chcked:port>0, onclick:"\$('sat.port').disabled=false")
+        label("for":"sat.fixed", _$("Fixed"))
+        text(" : ")
+        input(type:"text", "class":"number", name:"slaveAgentPort", id:"sat.port",
+                value: port>0 ? port : null, disabled: port>0 ? null : "true" )
+        raw("&nbsp;") ////////////////////////////
+        f.radio(name:"slaveAgentPortType", value:"random", id:"sat.random",
+                checked:port==0, onclick:"\$('sat.port').disabled=true")
+        label("for":"sat.random", _$("Random"))
+        raw("&nbsp;") ////////////////////////////
+        f.radio(name:"slaveAgentPortType", value:"disable", id:"sat.disabled",
+                checked:port==-1, onclick:"\$('sat.port').disabled=true")
+        label("for":"sat.random", _$("Random"))
+//                 checked="${it.useSecurity}" help="/help/system-config/enableSecurity.html">
+//      help="/help/system-config/master-slave/slave-agent-port.html">
+/*
+    <input type="text" class="number" name="slaveAgentPort" id="sat.port"
+       value="${it.slaveAgentPort gt 0 ? it.slaveAgentPort : null}"
+       disabled="${it.slaveAgentPort gt 0 ? null : 'true'}"/>
+    <st:nbsp />
+    <f:radio name="slaveAgentPortType" value="random" id="sat.random"
+             checked="${it.slaveAgentPort==0}" onclick="$('sat.port').disabled=true" />
+    <label for="sat.random">${%Random}</label>
+    <st:nbsp />
+    <f:radio name="slaveAgentPortType" value="disable" id="sat.disabled"
+             checked="${it.slaveAgentPort==-1}" onclick="$('sat.port').disabled=true" />
+    <label for="sat.disabled">${%Disable}</label>
+  </f:entry>
+*/
+    }
+    f.dropdownDescriptorSelector(title:_("Markup Formatter"),field:"markupFormatter")
+    f.entry(title:_("Access Control")) {
+        table(style:"width:100%") {
+            f.descriptorRadioList(title:_("Security Realm"),varName:"realm",         instance:app.securityRealm,         descriptors:SecurityRealm.all())
+            f.descriptorRadioList(title:_("Authorization"), varName:"authorization", instance:app.authorizationStrategy, descriptors:AuthorizationStrategy.all())
+        }
+    }
+}
+/*
+  <f:dropdownDescriptorSelector title="${%Markup Formatter}" field="markupFormatter" />
+  <f:entry title="${%Access Control}">
+    <table style="width:100%">
+      <f:descriptorRadioList title="${%Security Realm}" varName="realm"
+                             instance="${it.securityRealm}"
+                             descriptors="${h.securityRealmDescriptors}"/>
+      <f:descriptorRadioList title="${%Authorization}" varName="authorization"
+                             instance="${it.authorizationStrategy}"
+                             descriptors="${h.authorizationStrategyDescriptors}"/>
+    </table>
+  </f:entry>
+</f:optionalBlock>
+*/
\ No newline at end of file
--- a/core/src/main/resources/jenkins/model/Jenkins/configure.jelly
+++ b/core/src/main/resources/jenkins/model/Jenkins/configure.jelly
@@ -106,44 +106,6 @@ THE SOFTWARE.
        </f:entry>
      </j:if>
-      <f:optionalBlock name="use_security" title="${%Enable security}"
-                       checked="${it.useSecurity}" help="/help/system-config/enableSecurity.html">
-        <f:entry title="${%TCP port for JNLP slave agents}"
-            help="/help/system-config/master-slave/slave-agent-port.html">
-          <f:radio name="slaveAgentPortType" value="fixed" id="sat.fixed"
-                   checked="${it.slaveAgentPort gt 0}" onclick="$('sat.port').disabled=false"/>
-          <label for="sat.fixed">${%Fixed}</label> :
-          <input type="text" class="number" name="slaveAgentPort" id="sat.port"
-             value="${it.slaveAgentPort gt 0 ? it.slaveAgentPort : null}"
-             disabled="${it.slaveAgentPort gt 0 ? null : 'true'}"/>
-          <st:nbsp />
-          <f:radio name="slaveAgentPortType" value="random" id="sat.random"
-                   checked="${it.slaveAgentPort==0}" onclick="$('sat.port').disabled=true" />
-          <label for="sat.random">${%Random}</label>
-          <st:nbsp />
-          <f:radio name="slaveAgentPortType" value="disable" id="sat.disabled"
-                   checked="${it.slaveAgentPort==-1}" onclick="$('sat.port').disabled=true" />
-          <label for="sat.disabled">${%Disable}</label>
-        </f:entry>
-        <f:dropdownDescriptorSelector title="${%Markup Formatter}" field="markupFormatter" />
-        <f:entry title="${%Access Control}">
-          <table style="width:100%">
-            <f:descriptorRadioList title="${%Security Realm}" varName="realm"
-                                   instance="${it.securityRealm}"
-                                   descriptors="${h.securityRealmDescriptors}"/>
-            <f:descriptorRadioList title="${%Authorization}" varName="authorization"
-                                   instance="${it.authorizationStrategy}"
-                                   descriptors="${h.authorizationStrategyDescriptors}"/>
-          </table>
-        </f:entry>
-      </f:optionalBlock>
      <!-- global configuration from everyone -->
      <j:forEach var="descriptor" items="${h.getSortedDescriptorsForGlobalConfig()}">
        <j:set var="instance" value="${descriptor}" /><!-- this makes the <f:textbox field=.../> work -->