Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JENKINS-73422] Add escape hatch for Authenticated user access to Resource URL #9644

Merged
merged 2 commits into from
Aug 30, 2024

Conversation

Dohbedoh
Copy link
Contributor

@Dohbedoh Dohbedoh commented Aug 22, 2024

See JENKINS-73422 caused by #8922. Proposing an escape hatch to re-allow access to Resource URL. Many users seem impacted due to client automatically sending Authorization on redirect.. The escape hatch can help transitioning to the correct behavior while still upgrading Jenkins.

Testing done

Unit test.

Proposed changelog entries

  • Add escape hatch for Authenticated user access to Resource URL

Proposed upgrade guidelines

To allow authenticated user to access Resource URL, add the system property jenkins.security.ResourceDomainRootAction.allowAuthenticatedUser=false on startup. This can also be done live by executing the groovy script jenkins.security.ResourceDomainRootAction.ALLOW_AUTHENTICATED_USER = true.

Submitter checklist

Desired reviewers

@daniel-beck

Before the changes are marked as ready-for-merge:

Maintainer checklist

@timja timja added the rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted label Aug 26, 2024
@timja
Copy link
Member

timja commented Aug 28, 2024

/label ready-for-merge


This PR is now ready for merge, after ~24 hours, we will merge it if there's no negative feedback.

Thanks!

@comment-ops-bot comment-ops-bot bot added the ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback label Aug 28, 2024
@timja timja merged commit 5fe9a44 into jenkinsci:master Aug 30, 2024
16 checks passed
@Dohbedoh Dohbedoh deleted the JENKINS-73422 branch September 2, 2024 00:03
krisstern pushed a commit to krisstern/jenkins that referenced this pull request Sep 16, 2024
…ource URL (jenkinsci#9644)

Co-authored-by: Daniel Beck <[email protected]>
(cherry picked from commit 5fe9a44)
@kmartens27
Copy link

@Dohbedoh would you be able to verify whether the jenkins.security.ResourceDomainRootAction.allowAuthenticatedUser=false should end with true instead? The upgrade guide entry was caught by @darinpope as it appears contradictory to the groovy script which does end in true. I just want to make sure so that the upgrade guide can be updated accordingly.

Thanks!

@Dohbedoh
Copy link
Contributor Author

Dohbedoh commented Oct 2, 2024

@kmartens27 you are right. I opened jenkins-infra/jenkins.io#7576

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants