| author | akozak | 2011-11-25 01:36:16 (EST) |
|---|---|---|
| committer | Winston Prakash | 2011-12-01 20:47:30 (EST) |
| commit | 61ae82b6715aa90e2f9e648e0ff42e87c4e6a03a (patch) (side-by-side diff) | |
| tree | cfe9c597dd35a87bb67ba6fe3564356510521c7a | |
| parent | c34e16424a37e72a5e68ffc76746d3e2c19e5be5 (diff) | |
| download | org.eclipse.hudson.core-61ae82b6715aa90e2f9e648e0ff42e87c4e6a03a.zip org.eclipse.hudson.core-61ae82b6715aa90e2f9e648e0ff42e87c4e6a03a.tar.gz org.eclipse.hudson.core-61ae82b6715aa90e2f9e648e0ff42e87c4e6a03a.tar.bz2 | |
Remove LegacyAuthorizationStrategy. Resolve HUDSON-8944
Signed-off-by: Winston Prakash <winston.prakash@gmail.com>
21 files changed, 12 insertions, 211 deletions
diff --git a/hudson-core/src/main/java/hudson/model/Hudson.java b/hudson-core/src/main/java/hudson/model/Hudson.java index c9a4c8d..3ca3232 100644 --- a/hudson-core/src/main/java/hudson/model/Hudson.java +++ b/hudson-core/src/main/java/hudson/model/Hudson.java @@ -73,8 +73,8 @@ import hudson.security.AccessControlled; import hudson.security.AuthorizationStrategy; import hudson.security.BasicAuthenticationFilter; import hudson.security.FederatedLoginService; +import hudson.security.FullControlOnceLoggedInAuthorizationStrategy; import hudson.security.HudsonFilter; -import hudson.security.LegacyAuthorizationStrategy; import hudson.security.LegacySecurityRealm; import hudson.security.Permission; import hudson.security.PermissionGroup; @@ -2394,7 +2394,7 @@ public final class Hudson extends Node implements ItemGroup<TopLevelItem>, Stapl if (useSecurity == null || !useSecurity) { authorizationStrategy = AuthorizationStrategy.UNSECURED; } else { - authorizationStrategy = new LegacyAuthorizationStrategy(); + authorizationStrategy = new FullControlOnceLoggedInAuthorizationStrategy(); } } if (securityRealm == null) { diff --git a/hudson-core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java b/hudson-core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java index 065b9d0..afe3178 100644 --- a/hudson-core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java +++ b/hudson-core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java @@ -16,46 +16,19 @@ package hudson.security; -import hudson.model.Descriptor; -import hudson.model.Hudson; -import hudson.Extension; -import org.springframework.security.acls.sid.GrantedAuthoritySid; -import org.kohsuke.stapler.StaplerRequest; -import net.sf.json.JSONObject; - -import java.util.Collection; -import java.util.Collections; +import hudson.RestrictedSince; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.DoNotUse; /** * {@link AuthorizationStrategy} implementation that emulates the legacy behavior. + * * @author Kohsuke Kawaguchi + * @deprecated as of 2.2.0 + * This strategy was removed due to <a href='http://issues.hudson-ci.org/browse/HUDSON-8944'>HUDSON-8944</a> */ -public final class LegacyAuthorizationStrategy extends AuthorizationStrategy { - private static final ACL LEGACY_ACL = new SparseACL(null) {{ - add(EVERYONE,Permission.READ,true); - add(new GrantedAuthoritySid("admin"), Hudson.ADMINISTER,true); - }}; - - public ACL getRootACL() { - return LEGACY_ACL; - } - - public Collection<String> getGroups() { - return Collections.singleton("admin"); - } - - @Extension - public static final class DescriptorImpl extends Descriptor<AuthorizationStrategy> { - public String getDisplayName() { - return Messages.LegacyAuthorizationStrategy_DisplayName(); - } - - public String getHelpFile() { - return "/help/security/legacy-auth-strategy.html"; - } - - public LegacyAuthorizationStrategy newInstance(StaplerRequest req, JSONObject formData) throws FormException { - return new LegacyAuthorizationStrategy(); - } - } +@Restricted(DoNotUse.class) +@RestrictedSince("2.2.0") +public final class LegacyAuthorizationStrategy extends FullControlOnceLoggedInAuthorizationStrategy { } + diff --git a/hudson-core/src/main/resources/hudson/security/Messages.properties b/hudson-core/src/main/resources/hudson/security/Messages.properties index 2ebbf5c..4267751 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages.properties @@ -17,7 +17,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=Matrix-based security HudsonPrivateSecurityRealm.WouldYouLikeToSignUp=This {0} {1} is new to Hudson. Would you like to sign up? -LegacyAuthorizationStrategy.DisplayName=Legacy mode HudsonPrivateSecurityRealm.DisplayName=Hudson''s own user database HudsonPrivateSecurityRealm.Details.DisplayName=Password diff --git a/hudson-core/src/main/resources/hudson/security/Messages_da.properties b/hudson-core/src/main/resources/hudson/security/Messages_da.properties index 188d782..d649d78 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_da.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_da.properties @@ -15,7 +15,6 @@ #************************************************************************** PAMSecurityRealm.User=Bruger ''{0}'' -LegacyAuthorizationStrategy.DisplayName=Legacy Tilstand LDAPSecurityRealm.InvalidPortNumber=Ugyldigt port nummer PAMSecurityRealm.Uid=uid: {0} PAMSecurityRealm.RunAsUserOrBelongToGroupAndChmod=\ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_de.properties b/hudson-core/src/main/resources/hudson/security/Messages_de.properties index 29efcb9..d7f0dfc 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_de.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_de.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=Matrix-basierte Sicherheit -LegacyAuthorizationStrategy.DisplayName=Legacy-Autorisierung - HudsonPrivateSecurityRealm.DisplayName=Hudsons eingebautes Benutzerverzeichnis HudsonPrivateSecurityRealm.Details.DisplayName=Passwort HudsonPrivateSecurityRealm.Details.PasswordError=\ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_es.properties b/hudson-core/src/main/resources/hudson/security/Messages_es.properties index 7783af5..8949115 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_es.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_es.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=Configuraci\u00F3n de seguridad -LegacyAuthorizationStrategy.DisplayName=Modo ''legacy'' - HudsonPrivateSecurityRealm.DisplayName=Usar base de datos de Hudson HudsonPrivateSecurityRealm.Details.DisplayName=Contrase\u00F1a HudsonPrivateSecurityRealm.Details.PasswordError=\ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_fr.properties b/hudson-core/src/main/resources/hudson/security/Messages_fr.properties index cb25e8d..409a7c9 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_fr.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_fr.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=S\u00E9curit\u00E9 bas\u00E9e sur une matrice -LegacyAuthorizationStrategy.DisplayName=Mode legacy - HudsonPrivateSecurityRealm.DisplayName=Base de donn\u00E9es des utilisateurs de Hudson HudsonPrivateSecurityRealm.Details.DisplayName=Mot de passe HudsonPrivateSecurityRealm.Details.PasswordError=\ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_ja.properties b/hudson-core/src/main/resources/hudson/security/Messages_ja.properties index 7cdf63c..1a105a2 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_ja.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_ja.properties @@ -17,7 +17,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=\u884c\u5217\u306b\u3088\u308b\u6a29\u9650\u8a2d\u5b9a HudsonPrivateSecurityRealm.WouldYouLikeToSignUp=\u3053\u306e{0}\u306e{1}\u306f\u3001Hudson\u306b\u306f\u767b\u9332\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u30b5\u30a4\u30f3\u30a2\u30c3\u30d7\u3057\u307e\u3059\u304b? -LegacyAuthorizationStrategy.DisplayName=\u4e92\u63db\u6027\u30e2\u30fc\u30c9 HudsonPrivateSecurityRealm.DisplayName=Hudson\u306e\u30e6\u30fc\u30b6\u30fc\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9 HudsonPrivateSecurityRealm.Details.DisplayName=\u30d1\u30b9\u30ef\u30fc\u30c9 diff --git a/hudson-core/src/main/resources/hudson/security/Messages_nl.properties b/hudson-core/src/main/resources/hudson/security/Messages_nl.properties index d32065b..23246ca 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_nl.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_nl.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=Matrix-gebaseerde beveiliging -LegacyAuthorizationStrategy.DisplayName=Legacy-mode - HudsonPrivateSecurityRealm.Details.DisplayName=Paswoord HudsonPrivateSecurityRealm.Details.PasswordError=\ Het bevestigingspaswoord is niet gelijk aan het opgegeven paswoord. \ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_pt_BR.properties b/hudson-core/src/main/resources/hudson/security/Messages_pt_BR.properties index b541a43..2dcfc35 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_pt_BR.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_pt_BR.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=Seguran\u00e7a baseada em matriz -LegacyAuthorizationStrategy.DisplayName=Modo legado - HudsonPrivateSecurityRealm.Details.DisplayName=Senha HudsonPrivateSecurityRealm.Details.PasswordError=\ A senha confirmada n\u00e3o \u00e9 igual a senha informada. \ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_ru.properties b/hudson-core/src/main/resources/hudson/security/Messages_ru.properties index d28bf41..b4f276a 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_ru.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_ru.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=\u041c\u0430\u0442\u0440\u0438\u0447\u043d\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0430\u0432 -LegacyAuthorizationStrategy.DisplayName="\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u0439" \u0440\u0435\u0436\u0438\u043c - HudsonPrivateSecurityRealm.Details.DisplayName=\u041f\u0430\u0440\u043e\u043b\u044c HudsonPrivateSecurityRealm.Details.PasswordError=\ \u041f\u0430\u0440\u043e\u043b\u044c \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043d\u0435 \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442. \ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_tr.properties b/hudson-core/src/main/resources/hudson/security/Messages_tr.properties index decc530..17ab196 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_tr.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_tr.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=Matris-temelli G\u00fcvenlik -LegacyAuthorizationStrategy.DisplayName=Miras modu - HudsonPrivateSecurityRealm.Details.DisplayName=\u015fifre HudsonPrivateSecurityRealm.Details.PasswordError=\ Do\u011frulama i\u00e7in girilen \u015fifre \u00f6nceki girilen ile ayn\u0131 de\u011fil. \ diff --git a/hudson-core/src/main/resources/hudson/security/Messages_zh_CN.properties b/hudson-core/src/main/resources/hudson/security/Messages_zh_CN.properties index ad49b67..7f2d27b 100644 --- a/hudson-core/src/main/resources/hudson/security/Messages_zh_CN.properties +++ b/hudson-core/src/main/resources/hudson/security/Messages_zh_CN.properties @@ -16,8 +16,6 @@ GlobalMatrixAuthorizationStrategy.DisplayName=\u5b89\u5168\u77e9\u9635 -LegacyAuthorizationStrategy.DisplayName=\u9057\u7559\u6a21\u5f0f - HudsonPrivateSecurityRealm.DisplayName=Hudson\u4e13\u6709\u7528\u6237\u6570\u636e\u5e93 HudsonPrivateSecurityRealm.Details.DisplayName=\u5bc6\u7801 HudsonPrivateSecurityRealm.Details.PasswordError=\ diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy.html deleted file mode 100644 index 9fae80b..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy.html +++ b/dev/null @@ -1,19 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - Behaves exactly the same as Hudson <1.164. Namely, if you have the "admin" role, - you'll be granted full control over the system, and otherwise (including anonyomus - users) you'll only have the read access. -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_de.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_de.html deleted file mode 100644 index 63860d0..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_de.html +++ b/dev/null @@ -1,19 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - Verhält sich exakt wie Hudson Version <1.164. In der Rolle 'admin' wird - Ihnen die volle Kontrolle über das System erteilt. In allen anderen Fällen - (dies schließt anonyme Anwender ein), wird nur lesender Zugriff gestattet. -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_fr.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_fr.html deleted file mode 100644 index 840dfd9..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_fr.html +++ b/dev/null @@ -1,21 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - Ceci permet un comportement exactement similaire à celui de Hudson - d'avant la version 1.164. C'est-à-dire que, si vous avez le rôle - "admin", vous aurez le contrôle complet sur le système. Si vous n'avez - pas ce rôle (ce qui est le cas des utilisateurs anonymes), vous n'aurez - que l'accès en lecture seule. -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_ja.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_ja.html deleted file mode 100644 index 50f7699..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_ja.html +++ b/dev/null @@ -1,19 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - 1.164未満のHudsonとまったく同様の権限管理を行います。 - すなわち、"admin"ロールを持っていれば、システム上全ての権限を持ちます。 - そうでなければ(匿名ユーザーを含めて)、参照のみできます。 -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_pt_BR.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_pt_BR.html deleted file mode 100644 index 9da47b4..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_pt_BR.html +++ b/dev/null @@ -1,19 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - Se comporta exatamente da mesma maneira que Hudson <1.164. Se você tem o papel "admin", - você terá controle total sobre o sistema, e caso contrário (incluindo usuário anônimos) - você apenas terá acesso de leitura. -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_ru.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_ru.html deleted file mode 100644 index 2790b38..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_ru.html +++ b/dev/null @@ -1,19 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - Поступает точно также как Hudson версий <1.164. То есть если у вас есть роль - "Администратор", вы получаете полный контроль над системой, иначе у вас есть - доступ только для просмотра. -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_tr.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_tr.html deleted file mode 100644 index 49d7d78..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_tr.html +++ b/dev/null @@ -1,19 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - Hudson'ın 1.164 sürümünden önceki güvenlik davranışıdır. Yani, kullanıcı "admin" - rolünde ise Hudson üzerinde tam kontrole sahiptir, aksi takdirde sadece okuma - hakkına sahip olacaktır. -</div> diff --git a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_zh_CN.html b/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_zh_CN.html deleted file mode 100644 index bf5cd51..0000000 --- a/hudson-war/src/main/webapp/help/security/legacy-auth-strategy_zh_CN.html +++ b/dev/null @@ -1,18 +0,0 @@ -<!-- ************************************************************************** -# -# Copyright (C) 2004-2009 Oracle Corporation -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Eclipse Public License v1.0 -# which accompanies this distribution, and is available at -# http://www.eclipse.org/legal/epl-v10.html -# -# Contributors: -# Kohsuke Kawaguchi -# -#************************************************************************** --> - -<div> - 适用于Hudson1.164以前的版本.也就是说,如果你是"admin"角色,那么你将拥有Hudson的一切控制权,其它角色(包括匿名用户) - 只有查看权限. -</div> |