[Issue 1555] New - Matrix based security requires Anonymous user Overall read right to remotely trigger builds

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555
                 Issue #|1555
                 Summary|Matrix based security requires Anonymous user Overall
                        |read right to remotely trigger builds
               Component|hudson
                 Version|current
                Platform|All
              OS/Version|All
                     URL|
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P4
            Subcomponent|www
             Assigned to|issues@hudson
             Reported by|subbaer






------- Additional comments from [hidden email] Tue Apr 15 15:59:58 +0000 2008 -------
I stepwise tried to harden my local hudson installation.
Security realm is set to "Active Directory".

From the Anonymous user I removed all Authorization rights. This broke
triggering hudson builds using URL with token.
To make it work again I had to assign the "Overall -> read" right to the
Anonymous user.

Actually, I didn't wanted to have Anonymous users see project details. Could the
current behavior be changed by checking the "Job -> Build" right prior to
triggered builds?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555



User subbaer changed the following:

                What    |Old value                 |New value
================================================================================
                 Summary|Matrix based security requ|Matrix based security requ
                        |ires Anonymous user Overal|ires anonymous user overal
                        |l read right to remotely t|l read right to remotely t
                        |rigger builds             |rigger builds
--------------------------------------------------------------------------------
            Subcomponent|www                       |security
--------------------------------------------------------------------------------
        Target milestone|milestone 1               |not determined
--------------------------------------------------------------------------------




------- Additional comments from [hidden email] Mon Jun 23 19:29:16 +0000 2008 -------
Defect noticed in combination with active-directory plugin (currently 1.4).

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555






------- Additional comments from [hidden email] Mon Jun 23 19:30:15 +0000 2008 -------
Created an attachment (id=294)
Sample configuration screen showing issue


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555






------- Additional comments from [hidden email] Wed Dec 31 01:19:33 +0000 2008 -------
This could be implemented by adding a condition like this in Hudson.getTarget():

|| (rest.matches("/job/.*/build") &&
Stapler.getCurrentRequest().getParameter("token") != null)

in the list of allowed URLs w/o READ permission.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555



User mindless changed the following:

                What    |Old value                 |New value
================================================================================
                 Summary|Matrix based security requ|Remote triggering of build
                        |ires anonymous user overal|s requires anonymous user
                        |l read right to remotely t|Read permission
                        |rigger builds             |
--------------------------------------------------------------------------------




------- Additional comments from [hidden email] Wed Dec 31 06:53:02 +0000 2008 -------
improving defect summary

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555






------- Additional comments from [hidden email] Wed Dec 31 06:54:17 +0000 2008 -------
*** Issue 2121 has been marked as a duplicate of this issue. ***

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

https://hudson.dev.java.net/issues/show_bug.cgi?id=1555






------- Additional comments from [hidden email] Sun Nov  8 05:56:33 +0000 2009 -------
*** Issue 4748 has been marked as a duplicate of this issue. ***

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]