(no subject)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

Miguelangel Fernandez
Hi everyone,

I've written a Jenkins plugin to implement my own authentication mechanism by extending hudson.security.SecurityRealm. Now I'm trying to create my own custom "Access Denied" page, to display when a user types in the wrong password or simply doesn't have access. To do this, I've created a file called accessDenied.jelly. So let's say the name of my company is "Foo" and the structure of my plugin (simplified here for practical reasons) is this:

src
|---main
    |---java
    |   |---com
    |       |---foo
    |           |---authn
    |               |---MySecurityRealm.java
    |---resources
    |   |---com
    |       |---foo
    |           |---authn
    |               |---MySecurityRealm
    |                   |---config.jelly
    |                   |---accessDenied.jelly
    |---webapp
        |---images
            |---foo.png

Now, I want to display my company logo -The foo.png file in the tree above- in my custom error page accessDenied.jelly. Again, for the sake of simplicity let's assume the short name of my plugin is simply foo and this is the content of accessDenied.jelly:

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
    <l:layout title="${%Login Error}" permission="${app.ANONYMOUS}">
        <l:main-panel>
            <h2>Access Denied</h2>
            <span class="message">
                You don't have access to this Jenkins console.
            </span>
            <img src="${app.getRootUrl()}plugin/foo/images/foo.png"/>
        </l:main-panel>
    </l:layout>
</j:jelly>

My problem here is I'm getting a broken image link for foo.png because the server returns a HTTP 403 Forbidden on serving it. Implying the user must be authenticated in order to access the static content in a plugin.

If instead of my company logo I use ${app.getRootUrl()}/favicon.ico for the source of my image, I do get the Jenkins icon displayed.

How can I make the static content in my plugin accessible without authentication? or public?

Notice I tried setting permission="${app.ANONYMOUS}" in my Jelly file, but this refers to the view being rendered, not to any static assets referenced by it.

If anyone would like the extra rep points in StackOverflow, I've posted the exact same question here:

https://stackoverflow.com/q/47830458/4124574

Thank you,

                                              Miguelángel Fernández M.

Life is what happens to you while you're busy making other plans.

                                                                                    --John Lennon.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAK2td25JiJ%3DoMzUYBvg%2BH_17nfm0zREpM%3DYnJuKaORHJNDoyng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re:

Daniel Beck

> On 21. Dec 2017, at 13:49, Miguelangel Fernandez <[hidden email]> wrote:
>
> How can I make the static content in my plugin accessible without authentication? or public?

Only specific URLs are allowed to be accessed without Overall/Read permission, and arbitrary resource files from plugins aren't. One of the URLs that work is /securityRealm, so the currently selected security realm is exposed, allowing users without any permissions to interact with the security realm. That means you can add a getter or similar with some wiring that serves your resource file programmatically.

When put next to the views of the security realm, the following addition to MySecurityRealm will serve the file at /securityRealm/logo
---
public void doLogo(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
    URL resource = MySecurityRealm.class.getResource("MySecurityRealm/logo.png");
    rsp.serveFile(req, resource);
}
---

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/D0912882-63C1-4C17-92E1-B37AAAA373EF%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re:

Jesse Glick-4
In reply to this post by Miguelangel Fernandez
On Thu, Dec 21, 2017 at 7:49 AM, Miguelangel Fernandez
<[hidden email]> wrote:
> I've written a Jenkins plugin to implement my own authentication mechanism
> by extending hudson.security.SecurityRealm. Now I'm trying to create my own
> custom "Access Denied" page

FWIW I do not recommend you even attempt this. Implement a simple
`AbstractPasswordBasedSecurityRealm` (in the unlikely event there is
not already one able to connect to your backend authentication system)
and leave it at that.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1frWHzL3XmUVTsbF2hLvzkuOmvV7%2B5KOTHFsao9JTA-Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re:

Miguelangel Fernandez
In reply to this post by Miguelangel Fernandez
Thank you @Daniel. Great answer. This solves my problem.

On Thursday, 21 December 2017 13:49:36 UTC+1, Miguelangel Fernandez wrote:
Hi everyone,

I've written a Jenkins plugin to implement my own authentication mechanism by extending hudson.security.SecurityRealm. Now I'm trying to create my own custom "Access Denied" page, to display when a user types in the wrong password or simply doesn't have access. To do this, I've created a file called accessDenied.jelly. So let's say the name of my company is "Foo" and the structure of my plugin (simplified here for practical reasons) is this:

src
|---main
    |---java
    |   |---com
    |       |---foo
    |           |---authn
    |               |---MySecurityRealm.java
    |---resources
    |   |---com
    |       |---foo
    |           |---authn
    |               |---MySecurityRealm
    |                   |---config.jelly
    |                   |---accessDenied.jelly
    |---webapp
        |---images
            |---foo.png

Now, I want to display my company logo -The foo.png file in the tree above- in my custom error page accessDenied.jelly. Again, for the sake of simplicity let's assume the short name of my plugin is simply foo and this is the content of accessDenied.jelly:

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
    <l:layout title="${%Login Error}" permission="${app.ANONYMOUS}">
        <l:main-panel>
            <h2>Access Denied</h2>
            <span class="message">
                You don't have access to this Jenkins console.
            </span>
            <img src="${app.getRootUrl()}plugin/foo/images/foo.png"/>
        </l:main-panel>
    </l:layout>
</j:jelly>

My problem here is I'm getting a broken image link for foo.png because the server returns a HTTP 403 Forbidden on serving it. Implying the user must be authenticated in order to access the static content in a plugin.

If instead of my company logo I use ${app.getRootUrl()}/favicon.ico for the source of my image, I do get the Jenkins icon displayed.

How can I make the static content in my plugin accessible without authentication? or public?

Notice I tried setting permission="${app.ANONYMOUS}" in my Jelly file, but this refers to the view being rendered, not to any static assets referenced by it.

If anyone would like the extra rep points in StackOverflow, I've posted the exact same question here:

<a href="https://stackoverflow.com/q/47830458/4124574" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fq%2F47830458%2F4124574\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEg3MlZzCgr3ui7Wt-CzDz9-HmQZw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fq%2F47830458%2F4124574\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEg3MlZzCgr3ui7Wt-CzDz9-HmQZw&#39;;return true;">https://stackoverflow.com/q/47830458/4124574

Thank you,

                                              Miguelángel Fernández M.

Life is what happens to you while you're busy making other plans.

                                                                                    --John Lennon.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/d11efd4b-375b-4755-bbfc-14eb06aa0ba6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.