Jenkins : Authorize Project plugin

Created by Unknown User (ikedam), last modified on Oct 15, 2017

Plugin Information

View Authorize Project on the plugin site for more information.

Configure projects to run with specified authorization.

What's this?

This plugin provides following features:

  • You can configure projects to have their builds run with specified authorization.
  • Provides following ways to specify authorization.
    • Run as the user who triggered the build.
      • Does not work for scheduled, or polled builds.
      • Configuring projects are allowed only to users with the BUILD permission.
    • Run as anonymous.
    • Run as the specified user.
      • You are requested to enter the password of the specified user except following cases:
        • You are an administrator.
        • You are the specified user.
        • The specified user is not changed from the last configuration, and "No need for re-authentication" is checked.
          • This can threaten your Jenkins security. Be careful to use.
      • Configuring projects are allowed only to administrators and the user configured as the authorization.
        • "Don't restrict job configuration" allows other users (with the CONFIGURE permission) to configure the project. Ensure that only appropriate users have CONFIGURE permission for that project.
    • Run as SYSTEM
      • This is provided only to cancel the global configuration. SYSTEM authorization is often considered as "unconfigured", features provided by plugins may treat it as anonymous.
  • Provides an extension point to add new ways to specify authorization.

Screenshots

  • After installed Authorize Project plugin, you will find "Access Control for Builds" in "Manage Jenkins" > "Configure Global Security". Adding "Configure Build Authorizations in Project Configuration" enables Authorize Project plugin.
    • You can also disable specific strategies in this page. Disabled strategies are never used for authorization.
  • A new side bar menu "Authorization" will appear in project pages.
  • You can select how to authorize builds of the project in the "Authorization" page.
  • When selecting "Run as Specific User", you can enter User ID with whose authorization builds will run. If you enter a user ID except yourself and have no administrative privilege, you are required to enter the password of that user.
    • You can also use API token, especially for non password-based security realms.
  • Configuring project settings by unauthorized users are forbidden when you configure the authorization for the project. See #What's this? for details.

Extension point

A new way to authorize projects can be added with extending org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy, overriding the following method:

public abstract Authentication authenticate(hudson.model.AbstractProject<?, ?> project, hudson.model.Queue.Item item);

Use AuthorizeProjectStrategyDescriptor for Descriptor.
If you want to provide global configuration properties, do as following:

  • global-security.jelly is displayed in "Configure Global Security" page.
  • Override AuthorizeProjectStrategyDescriptor#configureFromGlobalSecurity to save configuration.

Issues

To report a bug or request an enhancement to this plugin please create a ticket in JIRA (you need to login or to sign up for an account). Also have a look on How to report an issue

Change Log

Version 1.3.0 (Feb 12, 2017)

Version 1.2.2 (May 28, 2016)

  • Fixed: Builds aren't start when security realm fail to find the user for authorization (e.g. Bind DN is not set for Active Directory plugin) (JENKINS-34279)

Version 1.2.1 (Apr 03, 2016)

  • Fixed: password / api token fields for "Run as Specific User" are broken JENKINS-33897

Version 1.2.0 (Mar 27, 2016)

  • Targets Jenkins 1.625
  • SECURITY FIX: Reject unauthenticated configurations via REST / CLI (JENKINS-28298)
  • Support global default authorization strategy (JENKINS-30574)
  • Displays an error when a built-in user is used for "Run as Specific User" (JENKINS-32769)
  • Added "Run as SYSTEM" (JENKINS-32770)
    • Disabled by default for projects. You have to enable it in the global security configuration page.

Version 1.1.0 (Aug 9, 2015)

  • Added a feature to enable / disable strategies. (JENKINS-28298)
    • "Run as Specific User" is disabled by default. You need to enable it after upgrading from a prior version if you use it.
  • Supports workflow (JENKINS-26670)
  • Supports apitoken for authentication. (JENKINS-22470)
  • Add support for upcoming $class annotation change (JENKINS-25403)

Version 1.0.3 (Apr 14, 2014)

  • SECURITY FIX: Authentication of "Run as Specific User" is easily bypassed by REST/CLIadded (Fixed JENKINS-22469)
  • Replaced radio buttons to dropdown selecting authorization strategies (Fixed JENKINS-20786)

Version 1.0.2 (Feb 22, 2014)

  • added AuthorizeProjectStrategyDescriptor JENKINS-20812
  • Not to send the password value to test whether password is required.

Version 1.0.1 (Nov 30, 2013)

  • Fix a problem that a new user created if you authenticate with non-existent user (Fix JENKINS-20784)
  • Works with MatrixProject (Fix JENKINS-20785)

Version 1.0.0 (Nov 24, 2013)

  • Initial release.

Attachments:

authorize-project_02_jobproperty.png (image/png)
authorize-project_03_specifyuser.png (image/png)
authorize-project_01_globalsecurity.png (image/png)
authorize-project_04_passwordrequired.png (image/png)
authorize-project_01_globalsecurity.png (image/png)
authorize-project_04_passwordrequired.png (image/png)
sidebar.png (image/png)
authorization-page.png (image/png)
authorization-page-specific-user.png (image/png)
access-denied.png (image/png)