[JEP-227] Replace Acegi Security with Spring Security & upgrade Spring Framework#4848
[JEP-227] Replace Acegi Security with Spring Security & upgrade Spring Framework#4848jeffret-b merged 168 commits intojenkinsci:masterfrom
Conversation
This comment has been minimized.
This comment has been minimized.
res0nance
added
the
work-in-progress
| // this way in Spring and what most developers would expect to happen. | ||
|
|
||
| final Set<Class> interfaces = ClassUtils.getAllInterfacesAsSet(instance); | ||
| final Set<Class<?>> interfaces = ClassUtils.getAllInterfacesAsSet(instance); |
There was a problem hiding this comment.
Just a signature change in Spring.
| // we just authenticate anonymous users as such, | ||
| // so that later authorization can reject them if so configured | ||
| AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("anonymous"); | ||
| AuthenticationManager authenticationManager = new ProviderManager(authenticator, rmap, aap); |
There was a problem hiding this comment.
Just translating the Groovy into equivalent Java.
core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java
Show resolved
Hide resolved
| import org.springframework.security.core.Authentication; | ||
| import org.springframework.security.core.userdetails.UserDetails; | ||
|
|
||
| public class PrincipalSid implements Sid { |
There was a problem hiding this comment.
Reimplementing these from scratch. Only used from SidAcl.
There was a problem hiding this comment.
and cloudbees/bluesteel -> TeamSecurity.java (which is not using SidACL in that class but underlying more it it is). (not sure you saw that or not)
There was a problem hiding this comment.
Ought to be compatible AFAICT.
| * | ||
| * @author Kohsuke Kawaguchi | ||
| */ | ||
| public class BindAuthenticator2 extends BindAuthenticator { |
There was a problem hiding this comment.
Seems to have been unused, and I do not want to depend on Spring Security modules for LDAP here; belongs in the ldap plugin only.
There was a problem hiding this comment.
Correction: was used by the ldap plugin, and should have been there all along (see 9b4cd99 & 32cba8f). Correcting in jenkinsci/ldap-plugin@a5267e6.
| * @deprecated TODO replacement | ||
| */ | ||
| @Deprecated | ||
| public interface UserDetailsService extends org.springframework.security.core.userdetails.UserDetailsService {} |
There was a problem hiding this comment.
Might just get deleted, TBD.
…k me a while to find that HttpSessionContextIntegrationFilter is now SecurityContextPersistenceFilter
…ns#4944 to be as well, to be released 2020-11-10
|
|
||
| public static void setProtectedFieldValue(String protectedField, Object object, Object newValue) { | ||
| try { | ||
| org.apache.commons.lang.reflect.FieldUtils.writeField(object, protectedField, newValue, true); |
| import jenkins.util.io.OnMaster; | ||
| import net.sf.json.JSONObject; | ||
|
|
||
| import org.acegisecurity.Authentication; |
There was a problem hiding this comment.
noting regression https://issues.jenkins-ci.org/browse/JENKINS-64746 addressed in #5216
|
@jglick / @jvz looks like the credentials API needs updating? https://github.com/jenkinsci/credentials-plugin/blob/3a603dec20412ccce754d9cbbd835d890ca06ee5/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L517 It takes the acegi security |
|
It could be updated, sure. |
This is the implementation of jenkinsci/jenkins#4848 for Credentials API. This will allow consumers of the credentials API to remove references to deprecated acegi APIs.
This is the implementation of jenkinsci/jenkins#4848 for Credentials API. This will allow consumers of the credentials API to remove references to deprecated acegi APIs.
This is the implementation of jenkinsci/jenkins#4848 for Credentials API. This will allow consumers of the credentials API to remove references to deprecated acegi APIs.
…APIs (#490) * [JEP-227] Replace Acegi Security with Spring Security APIs This is the implementation of jenkinsci/jenkins#4848 for Credentials API. This will allow consumers of the credentials API to remove references to deprecated acegi APIs. * Fix spotbugs issues * Fix reviews * Rename methods appropriately * Fixup some javadocs. * Remove unused method. * Forgot to remove usages. * Remove CredentialsProvider#getCredentials2(Class, ItemGroup, Authentication) in favor of CredentialsProvider#getCredentials2(Class, ItemGroup, Authentication, List) * Fix a few null checks while we are here. * Restore a method I deleted by mistake. * Add tests for new signatures * Rename *2 methods to *InItem/*InItemGroup to avoid ambiguous signatures * Update docs
9 participants
JEP-227
Proposed changelog entries
Proposed upgrade guidelines
https://www.jenkins.io/blog/2020/11/10/spring-xstream/
See the compatibility table.
Desired reviewers
@jenkinsci/core
Maintainer checklist
Before the changes are marked as
ready-for-merge:Proposed changelog entriesare correctupgrade-guide-neededlabel is set and there is aProposed upgrade guidelinessection in the PR title. (example)lts-candidateto be considered (see query).