发表新帖
发表新帖

Jenkins security - hide all screens unless user is logged in

前端 未结
关注
4 1209
孤城傲影
孤城傲影 2021-02-01 00:48

I don\'t know why \"logged in users can do anything\" means Jenkins will happily allow non-authenticated users to view project details and access artifacts... Regardless, I nee

4条回答
  • 借酒劲吻你
    借酒劲吻你 (楼主)
    2021-02-01 01:43

    Answer to an old question but I came searching here as I am trying to auto spin up a Jenkins instance on Docker and found the same issue.

    Good chance this option wasn't available when the question was asked. As of this moment (v2.222.3 but not sure how far back), it turns out you can do this without installing any additional plugins.

    Manually

    • Navigate to Global Security (Jenkins > Manage Jenkins > Global Security)

    • Update the Authorization section to "Logged-in users can do anything".

      UNCHECK Allow anonymous read access

    Any unauthenticated access will redirect to login now.

    I would note that if you setup Jenkins through the setup wizard then anonymous read access is disabled by default. If you want this behaviour AND want to configure jenkins automatically, read on.

    Automated with Docker

    My situation is that I wanted to check out my repo, run my compose file and have all my config/users/plugins etc ready to go. Great post here with more detail if interested.

    In a nutshell:

    Dockerfile

    FROM jenkins/jenkins:lts-alpine

# Disable setup wizard since security.groovy creates our user
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"

COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy

    security.groovy

    #!groovy

import jenkins.model.*
import hudson.security.*

def instance = Jenkins.getInstance()

// Create Admin User
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount("admin", "admin") // Dont do this. This is bad
instance.setSecurityRealm(hudsonRealm)

// Set Auth to Full Control Once Logged In and prevent read-only access
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)

instance.save()

    In particular, strategy.setAllowAnonymousRead(false) is what's needed

    0 讨论(0)
 看不清?
提交回复
热议问题