hudson.security.GlobalMatrixAuthorizationStrategy Java Examples

The following examples show how to use hudson.security.GlobalMatrixAuthorizationStrategy. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ProfileApiTest.java    From blueocean-plugin with MIT License 6 votes vote down vote up
@Test
public void shouldFailForAnonymousRead() throws IOException {
    HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
    realm.createAccount("alice","alice");
    j.jenkins.setSecurityRealm(realm);

    GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
    j.jenkins.setAuthorizationStrategy(as);
    as.add(Hudson.READ,"alice");

    Map resp = new RequestBuilder(baseUrl)
            .status(403)
            .get("/users/")
            .build(Map.class);
    assertEquals(403, resp.get("code"));
}
 
Example #2
Source File: ProfileApiTest.java    From blueocean-plugin with MIT License 6 votes vote down vote up
@Test
public void shouldSucceedForAnonymousRead() throws IOException {
    HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
    realm.createAccount("alice","alice");
    j.jenkins.setSecurityRealm(realm);

    GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
    j.jenkins.setAuthorizationStrategy(as);
    as.add(Hudson.READ,"anonymous");

    List resp = new RequestBuilder(baseUrl)
            .status(200)
            .get("/users/")
            .build(List.class);
    assertEquals(1, resp.size());
}
 
Example #3
Source File: ProfileApiTest.java    From blueocean-plugin with MIT License 6 votes vote down vote up
@Test
public void shouldFailForUnauthorizedUser() throws IOException, UnirestException {
    HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
    realm.createAccount("alice","alice");
    realm.createAccount("bob","bob");
    j.jenkins.setSecurityRealm(realm);

    GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
    j.jenkins.setAuthorizationStrategy(as);
    as.add(Hudson.READ,"alice");

    Map resp = new RequestBuilder(baseUrl)
            .status(403)
            .auth("bob", "bob")
            .get("/users/")
            .build(Map.class);
    assertEquals(403, resp.get("code"));
}
 
Example #4
Source File: GitLabConnectionConfigTest.java    From gitlab-plugin with GNU General Public License v2.0 6 votes vote down vote up
@Test
public void authenticationEnabled_anonymous_forbidden() throws IOException {
    Boolean defaultValue = jenkins.get(GitLabConnectionConfig.class).isUseAuthenticatedEndpoint();
    assertTrue(defaultValue);
    jenkins.getInstance().setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
    URL jenkinsURL = jenkins.getURL();
    FreeStyleProject project = jenkins.createFreeStyleProject("test");
    GitLabPushTrigger trigger = mock(GitLabPushTrigger.class);
    project.addTrigger(trigger);

    CloseableHttpClient client = HttpClientBuilder.create().build();
    HttpPost request = new HttpPost(jenkinsURL.toExternalForm() + "project/test");
    request.addHeader("X-Gitlab-Event", "Push Hook");
    request.setEntity(new StringEntity("{}"));

    CloseableHttpResponse response = client.execute(request);

    assertThat(response.getStatusLine().getStatusCode(), is(403));
}
 
Example #5
Source File: GitLabConnectionConfigTest.java    From gitlab-plugin with GNU General Public License v2.0 6 votes vote down vote up
@Test
public void authenticationEnabled_registered_success() throws Exception {
    String username = "test-user";
    jenkins.getInstance().setSecurityRealm(jenkins.createDummySecurityRealm());
    GlobalMatrixAuthorizationStrategy authorizationStrategy = new GlobalMatrixAuthorizationStrategy();
    authorizationStrategy.add(Item.BUILD, username);
    jenkins.getInstance().setAuthorizationStrategy(authorizationStrategy);
    URL jenkinsURL = jenkins.getURL();
    jenkins.createFreeStyleProject("test");

    CloseableHttpClient client = HttpClientBuilder.create().build();
    HttpPost request = new HttpPost(jenkinsURL.toExternalForm() + "project/test");
    request.addHeader("X-Gitlab-Event", "Push Hook");
    String auth = username + ":" + username;
    request.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + new String(Base64.encodeBase64(auth.getBytes(Charset.forName("ISO-8859-1")))));
    request.setEntity(new StringEntity("{}"));

    CloseableHttpResponse response = client.execute(request);

    assertThat(response.getStatusLine().getStatusCode(), is(200));
}
 
Example #6
Source File: GitLabConnectionConfigTest.java    From gitlab-plugin with GNU General Public License v2.0 6 votes vote down vote up
@Test
public void authenticationDisabled_anonymous_success() throws IOException, URISyntaxException {
    jenkins.get(GitLabConnectionConfig.class).setUseAuthenticatedEndpoint(false);
    jenkins.getInstance().setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
    URL jenkinsURL = jenkins.getURL();
    jenkins.createFreeStyleProject("test");

    CloseableHttpClient client = HttpClientBuilder.create().build();
    HttpPost request = new HttpPost(jenkinsURL.toExternalForm() + "project/test");
    request.addHeader("X-Gitlab-Event", "Push Hook");
    request.setEntity(new StringEntity("{}"));

    CloseableHttpResponse response = client.execute(request);

    assertThat(response.getStatusLine().getStatusCode(), is(200));
}
 
Example #7
Source File: GlobalMatrixAuthorizationTest.java    From configuration-as-code-plugin with MIT License 5 votes vote down vote up
@Test
@ConfiguredWithReadme("matrix-auth/README.md")
public void checkCorrectlyConfiguredPermissions() throws Exception {
    assertEquals("The configured instance must use the Global Matrix Authentication Strategy", GlobalMatrixAuthorizationStrategy.class, Jenkins.get().getAuthorizationStrategy().getClass());
    GlobalMatrixAuthorizationStrategy gms = (GlobalMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy();

    List<String> adminPermission = new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER));
    assertEquals("authenticated", adminPermission.get(0));

    List<String> readPermission = new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ));
    assertEquals("anonymous", readPermission.get(0));
}
 
Example #8
Source File: ArtifactsSecurity564.java    From blueocean-plugin with MIT License 5 votes vote down vote up
/**
 * Uses matrix-auth to provide artifacts permission.
 *
 * If hudson.security.ArtifactsPermission is set then the user must have Run.ARTIFACTS set.
 *
 * @throws Exception
 */
@Issue("SECURITY-564")
@Test
public void testArtifactsWithPermissions() throws Exception {
    String JOB_NAME = "artifactPermissions";
    String artifactPath = "a/b/c";
    HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
    realm.createAccount("alice","alice");
    realm.createAccount("bob","bob");
    j.jenkins.setSecurityRealm(realm);

    GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
    j.jenkins.setAuthorizationStrategy(as);
    as.add(Hudson.READ,"alice");
    as.add(Item.READ,"alice");
    as.add(Run.ARTIFACTS,"alice");
    as.add(Hudson.READ,"bob");
    as.add(Item.READ,"bob");

    FreeStyleProject p = j.createFreeStyleProject(JOB_NAME);
    p.getBuildersList().add(new ArtifactBuilder(artifactPath, 100));
    p.getPublishersList().add(new ArtifactArchiver("**/*"));
    Run r = p.scheduleBuild2(0).waitForStart();

    r = j.waitForCompletion(r);

    List artifacts = request().authAlice().get("/organizations/jenkins/pipelines/"+JOB_NAME+"/runs/"+r.getId()+"/artifacts").build(List.class);

    Assert.assertEquals(100, artifacts.size());
    Assert.assertEquals(0, ((Map) artifacts.get(0)).get("size"));
    Assert.assertEquals(artifactPath + "/0.txt", ((Map) artifacts.get(0)).get("path"));
    Assert.assertEquals("/job/artifactPermissions/1/artifact/"+ artifactPath +"/0.txt", ((Map) artifacts.get(0)).get("url"));

    List artifactsBob = request().auth("bob", "bob").get("/organizations/jenkins/pipelines/"+JOB_NAME+"/runs/"+r.getId()+"/artifacts").build(List.class);

    Assert.assertEquals(0, artifactsBob.size());
}