From 8ff9c8450fb6d7cfb8fc5e772d40d64c1e80bed6 Mon Sep 17 00:00:00 2001 From: longping_tang Date: Thu, 22 Apr 2021 10:24:13 +0800 Subject: [PATCH] follow up 1c3c6f7 --- .../hudson/security/LDAPSecurityRealm.java | 50 ++++++++----------- .../plugins/ldap/LDAPConfiguration.java | 9 ++-- .../hudson/security/LDAPEmbeddedTest.java | 23 +++------ .../security/LDAPSecurityRealmTest.java | 10 ++-- .../security/LdapMultiEmbedded2Test.java | 3 +- .../security/LdapMultiEmbeddedTest.java | 6 +-- .../security/docker/MultiServerTest.java | 2 - .../security/docker/PlanetExpressTest.java | 2 +- .../plugins/ldap/LDAPConfigurationTest.java | 10 ++-- .../ldap/LDAPExtendedTemplateTest.java | 1 - .../compatAndConfig/config.xml | 1 - .../ldap/LDAPSecurityRealmTestNoSecret.yml | 1 - .../LDAPSecurityRealmTestNoSecretExpected.yml | 1 - .../jenkins/security/plugins/ldap/casc.yml | 1 - 14 files changed, 45 insertions(+), 75 deletions(-) diff --git a/src/main/java/hudson/security/LDAPSecurityRealm.java b/src/main/java/hudson/security/LDAPSecurityRealm.java index 7a79a01b..0dc8520c 100644 --- a/src/main/java/hudson/security/LDAPSecurityRealm.java +++ b/src/main/java/hudson/security/LDAPSecurityRealm.java @@ -250,14 +250,6 @@ public class LDAPSecurityRealm extends AbstractPasswordBasedSecurityRealm { @Deprecated @Restricted(NoExternalUse.class) public transient String server; - /** - * whether to verify ldaps sever certificate? default is false - */ - @SuppressFBWarnings(value = "UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD", - justification = "This public field is exposed to the plugin's API") - @Deprecated @Restricted(NoExternalUse.class) - public transient boolean sslVerify; - /** * The root DN to connect to. Normally something like "dc=sun,dc=com" * @@ -423,17 +415,17 @@ group target (CN is a reasonable default) * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, managerDN, managerPassword, inhibitInferRootDN, false); + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN) { + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, managerDN, managerPassword, inhibitInferRootDN, false); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, managerDN, managerPassword, inhibitInferRootDN, + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, null); } @@ -441,57 +433,57 @@ public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, null, null, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, cache); + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, null, null, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, cache); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, cache, null); + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache) { + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, cache, null); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, null, null); + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties) { + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, managerPassword, inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, null, null); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, Secret.fromString(managerPassword), inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, null, null); + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, String managerPassword, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipFilter, managerDN, Secret.fromString(managerPassword), inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, null, null); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, new FromGroupSearchLDAPGroupMembershipStrategy(groupMembershipFilter), managerDN, managerPasswordSecret, inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, displayNameAttributeName, mailAddressAttributeName); + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, new FromGroupSearchLDAPGroupMembershipStrategy(groupMembershipFilter), managerDN, managerPasswordSecret, inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, displayNameAttributeName, mailAddressAttributeName); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { - this(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipStrategy, managerDN, managerPasswordSecret, inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, displayNameAttributeName, mailAddressAttributeName, IdStrategy.CASE_INSENSITIVE, IdStrategy.CASE_INSENSITIVE); + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { + this(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipStrategy, managerDN, managerPasswordSecret, inhibitInferRootDN, disableMailAddressResolver, cache, environmentProperties, displayNameAttributeName, mailAddressAttributeName, IdStrategy.CASE_INSENSITIVE, IdStrategy.CASE_INSENSITIVE); } /** * @deprecated retained for backwards binary compatibility. */ @Deprecated - public LDAPSecurityRealm(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName, IdStrategy userIdStrategy, IdStrategy groupIdStrategy) { - this(createLdapConfiguration(server, sslVerify, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipStrategy, managerDN, managerPasswordSecret, inhibitInferRootDN, environmentProperties, displayNameAttributeName, mailAddressAttributeName), + public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, boolean disableMailAddressResolver, CacheConfiguration cache, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName, IdStrategy userIdStrategy, IdStrategy groupIdStrategy) { + this(createLdapConfiguration(server, rootDN, userSearchBase, userSearch, groupSearchBase, groupSearchFilter, groupMembershipStrategy, managerDN, managerPasswordSecret, inhibitInferRootDN, environmentProperties, displayNameAttributeName, mailAddressAttributeName), disableMailAddressResolver, cache, userIdStrategy, groupIdStrategy); } @@ -522,8 +514,8 @@ public LDAPSecurityRealm(List configurations, boolean disable this.groupIdStrategy = groupIdStrategy; } - private static List createLdapConfiguration(String server, boolean sslVerify, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { - LDAPConfiguration conf = new LDAPConfiguration(server, sslVerify, rootDN, inhibitInferRootDN, managerDN, managerPasswordSecret); + private static List createLdapConfiguration(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, LDAPGroupMembershipStrategy groupMembershipStrategy, String managerDN, Secret managerPasswordSecret, boolean inhibitInferRootDN, EnvironmentProperty[] environmentProperties, String displayNameAttributeName, String mailAddressAttributeName) { + LDAPConfiguration conf = new LDAPConfiguration(server, rootDN, inhibitInferRootDN, managerDN, managerPasswordSecret); conf.setUserSearchBase(userSearchBase); conf.setUserSearch(userSearch); conf.setGroupSearchBase(groupSearchBase); @@ -558,7 +550,7 @@ private Object readResolve() { managerPassword = null; } if (server != null) { - LDAPConfiguration conf = new LDAPConfiguration(server, sslVerify, rootDN, inhibitInferRootDN, managerDN, managerPasswordSecret); + LDAPConfiguration conf = new LDAPConfiguration(server, rootDN, inhibitInferRootDN, managerDN, managerPasswordSecret); server = null; rootDN = null; managerDN = null; diff --git a/src/main/java/jenkins/security/plugins/ldap/LDAPConfiguration.java b/src/main/java/jenkins/security/plugins/ldap/LDAPConfiguration.java index efa97cd0..7a846ac2 100644 --- a/src/main/java/jenkins/security/plugins/ldap/LDAPConfiguration.java +++ b/src/main/java/jenkins/security/plugins/ldap/LDAPConfiguration.java @@ -103,7 +103,7 @@ public class LDAPConfiguration extends AbstractDescribableImpl props = new Hashtable(); String url = LDAPSecurityRealm.toProviderUrl(getServerUrl(), ""); diff --git a/src/test/java/hudson/security/LDAPEmbeddedTest.java b/src/test/java/hudson/security/LDAPEmbeddedTest.java index 26ec5dd2..09991d04 100644 --- a/src/test/java/hudson/security/LDAPEmbeddedTest.java +++ b/src/test/java/hudson/security/LDAPEmbeddedTest.java @@ -75,7 +75,6 @@ public class LDAPEmbeddedTest { public void userLookup_rolesFromGroupSearch() throws Exception { LDAPSecurityRealm realm = new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -112,7 +111,6 @@ public void userLookup_rolesFromGroupSearch() throws Exception { public void userLookup_rolesFromUserRecord() throws Exception { LDAPSecurityRealm realm = new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -149,7 +147,6 @@ public void userLookup_rolesFromUserRecord() throws Exception { public void userLookup_rolesFromGroupSearch_modern() throws Exception { LDAPSecurityRealm realm = new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -187,7 +184,6 @@ public void userLookup_rolesFromGroupSearch_modern() throws Exception { public void userLookup_rolesFromUserRecord_modern() throws Exception { LDAPSecurityRealm realm = new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -235,7 +231,6 @@ private Set userGetAuthorities(UserDetails details) { public void groupLookup() throws Exception { r.jenkins.setSecurityRealm(new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -264,7 +259,6 @@ public void groupLookup() throws Exception { public void groupLookup_membersFromGroupSearch() throws Exception { r.jenkins.setSecurityRealm(new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -293,7 +287,6 @@ public void groupLookup_membersFromGroupSearch() throws Exception { public void groupLookup_membersFromUserRecord() throws Exception { r.jenkins.setSecurityRealm(new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -321,7 +314,7 @@ public void groupLookup_membersFromUserRecord() throws Exception { @LDAPSchema(ldif = "planetexpress", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void login() throws Exception { LDAPSecurityRealm realm = - new LDAPSecurityRealm(ads.getUrl(), false,"dc=planetexpress,dc=com", null, null, null, null, null, + new LDAPSecurityRealm(ads.getUrl(), "dc=planetexpress,dc=com", null, null, null, null, null, "uid=admin,ou=system", Secret.fromString("pass"), false, false, null, null, "cn", "mail", null, null); r.jenkins.setSecurityRealm(realm); @@ -341,7 +334,7 @@ public void login() throws Exception { @LDAPSchema(ldif = "planetexpress", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void login2() throws Exception { LDAPSecurityRealm realm = - new LDAPSecurityRealm(ads.getUrl(), false, "dc=com", "dc=planetexpress", null, "dc=planetexpress", null, null, + new LDAPSecurityRealm(ads.getUrl(), "dc=com", "dc=planetexpress", null, "dc=planetexpress", null, null, "uid=admin,ou=system", Secret.fromString("pass"), false, false, null, null, "cn", "mail", null, null); r.jenkins.setSecurityRealm(realm); @@ -361,7 +354,7 @@ public void login2() throws Exception { @LDAPSchema(ldif = "planetexpress", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void login3() throws Exception { LDAPSecurityRealm realm = - new LDAPSecurityRealm(ads.getUrl(), false,"", "dc=planetexpress,dc=com", null, "dc=planetexpress,dc=com", null, null, + new LDAPSecurityRealm(ads.getUrl(), "", "dc=planetexpress,dc=com", null, "dc=planetexpress,dc=com", null, null, "uid=admin,ou=system", Secret.fromString("pass"), false, false, null, null, "cn", "mail", null, null); r.jenkins.setSecurityRealm(realm); @@ -382,7 +375,6 @@ public void login3() throws Exception { public void validate() throws Exception { LDAPSecurityRealm realm = new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -492,7 +484,6 @@ public void validate() throws Exception { assertThat("Always report outer kind as OK", validation.kind, is(FormValidation.Kind.OK)); realm = new LDAPSecurityRealm( ads.getUrl(), - false, null, null, null, @@ -564,7 +555,7 @@ public void validate() throws Exception { @LDAPSchema(ldif = "planetexpress", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void usingEnvironmentProperties() throws Exception { log.record(LDAPSecurityRealm.class, Level.WARNING).capture(10); - LDAPConfiguration c = new LDAPConfiguration(ads.getUrl(), false,"", false, "uid=admin,ou=system", Secret.fromString("pass")); + LDAPConfiguration c = new LDAPConfiguration(ads.getUrl(), "", false, "uid=admin,ou=system", Secret.fromString("pass")); LDAPSecurityRealm.EnvironmentProperty[] environmentProperties = {new LDAPSecurityRealm.EnvironmentProperty("java.naming.security.protocol", "ssl")}; c.setEnvironmentProperties(environmentProperties); @@ -594,7 +585,7 @@ public void usingEnvironmentProperties() throws Exception { @Test @LDAPSchema(ldif = "planetexpressExtGroups_withCn", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void extGroupWithOneCN() throws Exception { - LDAPConfiguration ldapConfiguration = new LDAPConfiguration(ads.getUrl(), false,"", false, "uid=admin,ou=system", Secret.fromString("pass")); + LDAPConfiguration ldapConfiguration = new LDAPConfiguration(ads.getUrl(), "", false, "uid=admin,ou=system", Secret.fromString("pass")); LDAPSecurityRealm realm = new LDAPSecurityRealm(Collections.singletonList(ldapConfiguration),false, null, null, null); r.jenkins.setSecurityRealm(realm); @@ -606,7 +597,7 @@ public void extGroupWithOneCN() throws Exception { @LDAPSchema(ldif = "planetexpressExtGroups_withCn", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void extGroupWithMultipleCN() throws Exception { log.record(LDAPSecurityRealm.class, Level.ALL).capture(10); - LDAPConfiguration ldapConfiguration = new LDAPConfiguration(ads.getUrl(), false,"", false, "uid=admin,ou=system", Secret.fromString("pass")); + LDAPConfiguration ldapConfiguration = new LDAPConfiguration(ads.getUrl(), "", false, "uid=admin,ou=system", Secret.fromString("pass")); LDAPSecurityRealm realm = new LDAPSecurityRealm(Collections.singletonList(ldapConfiguration),false, null, null, null); r.jenkins.setSecurityRealm(realm); @@ -619,7 +610,7 @@ public void extGroupWithMultipleCN() throws Exception { @Issue("JENKINS-55813") @LDAPSchema(ldif = "planetexpressWithPPolicy", id = "planetexpress", dn = "dc=planetexpress,dc=com") public void userValidityAttributes() throws Exception { - LDAPConfiguration configuration = new LDAPConfiguration(ads.getUrl(), false, "dc=planetexpress,dc=com", false, "uid=admin,ou=system", Secret.fromString("pass")); + LDAPConfiguration configuration = new LDAPConfiguration(ads.getUrl(), "dc=planetexpress,dc=com", false, "uid=admin,ou=system", Secret.fromString("pass")); LDAPSecurityRealm realm = new LDAPSecurityRealm(Collections.singletonList(configuration), false, null, null, null); r.jenkins.setSecurityRealm(realm); r.configRoundtrip(); diff --git a/src/test/java/hudson/security/LDAPSecurityRealmTest.java b/src/test/java/hudson/security/LDAPSecurityRealmTest.java index 7e420b5c..a10c8b3d 100644 --- a/src/test/java/hudson/security/LDAPSecurityRealmTest.java +++ b/src/test/java/hudson/security/LDAPSecurityRealmTest.java @@ -133,7 +133,6 @@ public void groupMembershipAttribute() throws Exception { final String testValue = "testValue"; final LDAPSecurityRealm realm = new LDAPSecurityRealm( "ldap.itd.umich.edu", - false, null, null, null, @@ -186,7 +185,6 @@ public void configRoundTrip() throws Exception { final String managerSecret = "secret"; final LDAPSecurityRealm realm = new LDAPSecurityRealm( server, - false, rootDN, userSearchBase, null, @@ -245,7 +243,7 @@ public void configRoundTripTwo() throws Exception { List ldapConfigurations = new ArrayList<>(); for (int i = 0; i < confs.length; i++) { TestConf conf = confs[i]; - final LDAPConfiguration configuration = new LDAPConfiguration(conf.server, false,conf.rootDN, false, conf.managerDN, Secret.fromString(conf.managerSecret)); + final LDAPConfiguration configuration = new LDAPConfiguration(conf.server, conf.rootDN, false, conf.managerDN, Secret.fromString(conf.managerSecret)); configuration.setUserSearchBase(conf.userSearchBase); configuration.setIgnoreIfUnavailable(i % 2 == 0); ldapConfigurations.add(configuration); @@ -287,7 +285,7 @@ public void configRoundTwoThreeSameId() throws Exception { List ldapConfigurations = new ArrayList<>(); for (int i = 0; i < confs.length; i++) { TestConf conf = confs[i]; - final LDAPConfiguration configuration = new LDAPConfiguration(conf.server, false,conf.rootDN, false, conf.managerDN, Secret.fromString(conf.managerSecret)); + final LDAPConfiguration configuration = new LDAPConfiguration(conf.server, conf.rootDN, false, conf.managerDN, Secret.fromString(conf.managerSecret)); configuration.setUserSearchBase(conf.userSearchBase); ldapConfigurations.add(configuration); } @@ -331,7 +329,7 @@ public void configRoundTripThreeSameId() throws Exception { List ldapConfigurations = new ArrayList<>(); for (int i = 0; i < confs.length; i++) { TestConf conf = confs[i]; - final LDAPConfiguration configuration = new LDAPConfiguration(conf.server, false, conf.rootDN, false, conf.managerDN, Secret.fromString(conf.managerSecret)); + final LDAPConfiguration configuration = new LDAPConfiguration(conf.server, conf.rootDN, false, conf.managerDN, Secret.fromString(conf.managerSecret)); configuration.setUserSearchBase(conf.userSearchBase); ldapConfigurations.add(configuration); } @@ -375,7 +373,7 @@ public void configRoundTripEnvironmentProperties() throws Exception { final String managerDN = "cn=admin,ou=umich,ou.edu"; final String managerSecret = "secret"; - LDAPConfiguration c = new LDAPConfiguration(server, false, rootDN, false, managerDN, Secret.fromString(managerSecret)); + LDAPConfiguration c = new LDAPConfiguration(server, rootDN, false, managerDN, Secret.fromString(managerSecret)); LDAPSecurityRealm.EnvironmentProperty[] environmentProperties = {new LDAPSecurityRealm.EnvironmentProperty("java.naming.ldap.typesOnly", "true")}; c.setEnvironmentProperties(environmentProperties); diff --git a/src/test/java/hudson/security/LdapMultiEmbedded2Test.java b/src/test/java/hudson/security/LdapMultiEmbedded2Test.java index 4964ab67..ffba3ad3 100644 --- a/src/test/java/hudson/security/LdapMultiEmbedded2Test.java +++ b/src/test/java/hudson/security/LdapMultiEmbedded2Test.java @@ -51,7 +51,6 @@ public void setup() throws Exception { sevenSeasConf = new LDAPConfiguration( sevenSeas.getUrl(), - false, null, false, "uid=admin,ou=system", @@ -64,7 +63,7 @@ public void setup() throws Exception { sevenSeasConf.setDisplayNameAttributeName("sn"); //Different than the next so we can see that difference is made sevenSeasConf.setMailAddressAttributeName(null); - planetExpressConf = new LDAPConfiguration(planetExpress.getUrl(), false,"dc=planetexpress,dc=com", false, "uid=admin,ou=system", Secret.fromString("pass")); + planetExpressConf = new LDAPConfiguration(planetExpress.getUrl(), "dc=planetexpress,dc=com", false, "uid=admin,ou=system", Secret.fromString("pass")); planetExpressConf.setUserSearchBase("ou=people"); planetExpressConf.setUserSearch(null); planetExpressConf.setGroupSearchBase("ou=groups"); diff --git a/src/test/java/hudson/security/LdapMultiEmbeddedTest.java b/src/test/java/hudson/security/LdapMultiEmbeddedTest.java index 87e7c55e..0d2bfe49 100644 --- a/src/test/java/hudson/security/LdapMultiEmbeddedTest.java +++ b/src/test/java/hudson/security/LdapMultiEmbeddedTest.java @@ -52,7 +52,6 @@ public void setup() throws Exception { LDAPConfiguration sevenSeasConf = new LDAPConfiguration( sevenSeas.getUrl(), - false, null, false, "uid=admin,ou=system", @@ -65,7 +64,7 @@ public void setup() throws Exception { sevenSeasConf.setDisplayNameAttributeName("sn"); //Different than the next so we can see that difference is made sevenSeasConf.setMailAddressAttributeName(null); - LDAPConfiguration planetExpressConf = new LDAPConfiguration(planetExpress.getUrl(), false,"dc=planetexpress,dc=com", false, "uid=admin,ou=system", Secret.fromString("pass")); + LDAPConfiguration planetExpressConf = new LDAPConfiguration(planetExpress.getUrl(), "dc=planetexpress,dc=com", false, "uid=admin,ou=system", Secret.fromString("pass")); planetExpressConf.setUserSearchBase("ou=people"); planetExpressConf.setUserSearch(null); planetExpressConf.setGroupSearchBase("ou=groups"); @@ -134,7 +133,7 @@ public void loginWithBrokenServerInTheMiddle() throws Exception { //Insert a bad configuration in the middle LDAPSecurityRealm realm = (LDAPSecurityRealm) r.jenkins.getSecurityRealm(); ArrayList newList = new ArrayList<>(realm.getConfigurations()); - newList.add(1, new LDAPConfiguration("foobar.example.com", false,"dc=foobar,dc=example,dc=com", false, null, null)); + newList.add(1, new LDAPConfiguration("foobar.example.com", "dc=foobar,dc=example,dc=com", false, null, null)); LDAPSecurityRealm newRealm = new LDAPSecurityRealm(newList, realm.disableMailAddressResolver, realm.getCache(), realm.getUserIdStrategy(), realm.getGroupIdStrategy()); r.jenkins.setSecurityRealm(newRealm); @@ -184,7 +183,6 @@ private void reconfigure(LDAPRule rule, Set options) { options.contains(LdapConfigOption.BAD_SERVER_URL) ? INVALID_URL_PREFIX + rule.getPort() : repl.getServer(), - false, repl.getRootDN(), true, repl.getManagerDN(), diff --git a/src/test/java/hudson/security/docker/MultiServerTest.java b/src/test/java/hudson/security/docker/MultiServerTest.java index cf71bfa1..5b2a6aed 100644 --- a/src/test/java/hudson/security/docker/MultiServerTest.java +++ b/src/test/java/hudson/security/docker/MultiServerTest.java @@ -52,7 +52,6 @@ public class MultiServerTest { public void userLookup() throws Exception { LDAPConfiguration adsConf = new LDAPConfiguration( ads.getUrl(), - false, null, false, "uid=admin,ou=system", @@ -67,7 +66,6 @@ public void userLookup() throws Exception { LDAPConfiguration plExprs = new LDAPConfiguration( container.getHost() + ":" + container.getFirstMappedPort(), - false, PlanetExpressTest.DN, false, PlanetExpressTest.MANAGER_DN, diff --git a/src/test/java/hudson/security/docker/PlanetExpressTest.java b/src/test/java/hudson/security/docker/PlanetExpressTest.java index a123ee21..4f2785f2 100644 --- a/src/test/java/hudson/security/docker/PlanetExpressTest.java +++ b/src/test/java/hudson/security/docker/PlanetExpressTest.java @@ -55,7 +55,7 @@ private static class Login implements RealJenkinsRule.Step { } @Override public void run(JenkinsRule j) throws Throwable { - LDAPSecurityRealm realm = new LDAPSecurityRealm(server, false, DN, null, null, null, null, null, MANAGER_DN, Secret.fromString(MANAGER_SECRET), false, false, null, null, "cn", "mail", null,null); + LDAPSecurityRealm realm = new LDAPSecurityRealm(server, DN, null, null, null, null, null, MANAGER_DN, Secret.fromString(MANAGER_SECRET), false, false, null, null, "cn", "mail", null,null); j.jenkins.setSecurityRealm(realm); j.configRoundtrip(); String content = j.createWebClient().login("fry", "fry").goTo("whoAmI").getBody().getTextContent(); diff --git a/src/test/java/jenkins/security/plugins/ldap/LDAPConfigurationTest.java b/src/test/java/jenkins/security/plugins/ldap/LDAPConfigurationTest.java index 175b2004..8104f948 100644 --- a/src/test/java/jenkins/security/plugins/ldap/LDAPConfigurationTest.java +++ b/src/test/java/jenkins/security/plugins/ldap/LDAPConfigurationTest.java @@ -40,22 +40,22 @@ public class LDAPConfigurationTest { @Test public void getId() { - LDAPConfiguration c = new LDAPConfiguration("ldap.example.com", false,"dc=example,dc=com", true, null, null); + LDAPConfiguration c = new LDAPConfiguration("ldap.example.com", "dc=example,dc=com", true, null, null); String id = c.getId(); - c = new LDAPConfiguration("ldap.example.com", false,"dc=example,dc=com", true, null, null); //Same so far + c = new LDAPConfiguration("ldap.example.com", "dc=example,dc=com", true, null, null); //Same so far c.setUserSearchBase("cn=users,dc=example,dc=com"); String id2 = c.getId(); - c = new LDAPConfiguration("ldap.example.com", false,"dc=example,dc=com", true, null, null); //Same so far + c = new LDAPConfiguration("ldap.example.com", "dc=example,dc=com", true, null, null); //Same so far c.setUserSearchBase("cn=users,dc=example,dc=com"); //Same so far c.setUserSearch("sAMAccountName={}"); String id3 = c.getId(); - c = new LDAPConfiguration("ldap.example.com", false, "dc=example,dc=com", true, null, null); //Same so far + c = new LDAPConfiguration("ldap.example.com", "dc=example,dc=com", true, null, null); //Same so far c.setUserSearchBase("cn=users,dc=example,dc=com"); //Same so far c.setUserSearch("sAMAccountName={}"); //Same as well String id3Ident = c.getId(); //New instance with same data as id3 - c = new LDAPConfiguration("ldap://ldap.example.com:389", false, "dc=example,dc=com", true, null, null); //Same but different + c = new LDAPConfiguration("ldap://ldap.example.com:389", "dc=example,dc=com", true, null, null); //Same but different c.setUserSearchBase("cn=users,dc=example,dc=com"); //Same so far c.setUserSearch("sAMAccountName={}"); //New instance with same but different data as id3 String id3IdentButDifferent = c.getId(); diff --git a/src/test/java/jenkins/security/plugins/ldap/LDAPExtendedTemplateTest.java b/src/test/java/jenkins/security/plugins/ldap/LDAPExtendedTemplateTest.java index e00b2b99..9469a615 100644 --- a/src/test/java/jenkins/security/plugins/ldap/LDAPExtendedTemplateTest.java +++ b/src/test/java/jenkins/security/plugins/ldap/LDAPExtendedTemplateTest.java @@ -58,7 +58,6 @@ public void setup() throws Exception { ads.loadSchema("sevenSeas", "o=sevenSeas", getClass().getResourceAsStream("/hudson/security/sevenSeas.ldif")); LDAPConfiguration conf = new LDAPConfiguration( ads.getUrl(), - false, null, false, "uid=admin,ou=system", Secret.fromString("pass")); diff --git a/src/test/resources/hudson/security/LDAPSecurityRealmTest/compatAndConfig/config.xml b/src/test/resources/hudson/security/LDAPSecurityRealmTest/compatAndConfig/config.xml index 6e028df7..b4d01e15 100644 --- a/src/test/resources/hudson/security/LDAPSecurityRealmTest/compatAndConfig/config.xml +++ b/src/test/resources/hudson/security/LDAPSecurityRealmTest/compatAndConfig/config.xml @@ -8,7 +8,6 @@ s - false rDN=x true uSB diff --git a/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecret.yml b/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecret.yml index d7cfca5e..77f4d5ef 100644 --- a/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecret.yml +++ b/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecret.yml @@ -3,7 +3,6 @@ jenkins: ldap: configurations: - server: ldap.acme.com - sslVerify: false rootDN: dc=acme,dc=fr cache: size: 100 diff --git a/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecretExpected.yml b/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecretExpected.yml index e89cf389..888cf513 100644 --- a/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecretExpected.yml +++ b/src/test/resources/jenkins/security/plugins/ldap/LDAPSecurityRealmTestNoSecretExpected.yml @@ -5,7 +5,6 @@ configurations: - inhibitInferRootDN: false rootDN: "dc=acme,dc=fr" server: "ldap.acme.com" - sslVerify: false disableMailAddressResolver: false groupIdStrategy: "caseSensitive" userIdStrategy: "caseInsensitive" diff --git a/src/test/resources/jenkins/security/plugins/ldap/casc.yml b/src/test/resources/jenkins/security/plugins/ldap/casc.yml index 80064e73..96efcb2c 100644 --- a/src/test/resources/jenkins/security/plugins/ldap/casc.yml +++ b/src/test/resources/jenkins/security/plugins/ldap/casc.yml @@ -3,7 +3,6 @@ jenkins: ldap: configurations: - server: ldap.acme.com - sslVerify: false rootDN: dc=acme,dc=fr managerDN: "manager" managerPasswordSecret: ${LDAP_PASSWORD}