Skip to main content


Eclipse Community Forums

      Home
Home » Archived » Hudson » SCM Post-commit notification should not require authentication(/notifyCommit urls for SCMs should be unprotected )
icon4.gif  SCM Post-commit notification should not require authentication [message #1314197] Fri, 25 April 2014 04:13 Go to next message
Eclipse UserFriend
Post-commit notification is send at /notifyCommit urls exposed by SCMs.

Those urls by itself are not protected, but sadly it requires overall READ permission for Hudson instance.
In more formal companies it's very common to completly secure Hudson instance, which invlolves removal of READ permisions from 'Anonymous' users.

Please introduce in Hudson concept of completly unprotected actions, which could be used in scenario described above.

It will be a small, but significant change, as seen in this commit:
https://github.com/jenkinsci/jenkins/commit/4093fcd4b92414035e61a563e0e2fc08126eb0fd

After introduction of UnprotectedRootAction it will be easy to unprotect /notifyCommit urls, as seen here:
https://github.com/jenkinsci/git-plugin/commit/b3891fabc448e4c388ec86f2a43c3a7d5bd0c41a
Re: SCM Post-commit notification should not require authentication [message #1314204 is a reply to message #1314197] Fri, 25 April 2014 04:15 Go to previous messageGo to next message
Eclipse UserFriend
Issue posted: https://bugs.eclipse.org/bugs/show_bug.cgi?id=433488
Re: SCM Post-commit notification should not require authentication [message #1387082 is a reply to message #1314204] Mon, 23 June 2014 21:50 Go to previous message
Eclipse UserFriend
Fixed in 3.2.0
Previous Topic:Hudson integration with eclipse
Next Topic:What would you like to see in Hudson 3.2?
Goto Forum:
  


Current Time: Sat Aug 16 06:01:28 EDT 2025

Powered by FUDForum. Page generated in 0.03896 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly