[JENKINS-74800] Reverse Proxy Auth plugin 1.7.7 fails with 2.479.1 (#147)

Author: basil

pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.88</version>
+    <version>5.2</version>
     <relativePath />
   </parent>
 
@@ -46,8 +46,8 @@
     <revision>1.7.8</revision>
     <changelist>-SNAPSHOT</changelist>
     <gitHubRepo>jenkinsci/${project.artifactId}</gitHubRepo>
-    <jenkins.baseline>2.426</jenkins.baseline>
-    <jenkins.version>${jenkins.baseline}.3</jenkins.version>
+    <jenkins.baseline>2.479</jenkins.baseline>
+    <jenkins.version>${jenkins.baseline}.1</jenkins.version>
     <spotbugs.effort>Max</spotbugs.effort>
     <spotless.check.skip>false</spotless.check.skip>
   </properties>
@@ -57,78 +57,29 @@
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
         <artifactId>bom-${jenkins.baseline}.x</artifactId>
-        <version>3208.vb_21177d4b_cd9</version>
+        <version>3613.v584fca_12cf5c</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
     </dependencies>
   </dependencyManagement>
 
   <dependencies>
+    <!-- Repeat this from jenkins/core/pom.xml to avoid bundling Spring libraries already in core -->
     <dependency>
-      <!-- to appear earlier in the test CP for purposes of PCT -->
-      <groupId>org.jenkins-ci.main</groupId>
-      <artifactId>jenkins-core</artifactId>
-      <version>${jenkins.version}</version>
-    </dependency>
-    <dependency>
-      <!-- for compatibility with https://github.com/jenkinsci/jenkins/pull/4848 -->
-      <groupId>org.acegisecurity</groupId>
-      <artifactId>acegi-security</artifactId>
-      <version>1.0.7</version>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-web</artifactId>
+      <scope>provided</scope>
       <exclusions>
-        <exclusion>
-          <groupId>commons-codec</groupId>
-          <artifactId>commons-codec</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>commons-collections</groupId>
-          <artifactId>commons-collections</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>commons-lang</groupId>
-          <artifactId>commons-lang</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>log4j</groupId>
-          <artifactId>log4j</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-core</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-jdbc</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-remoting</artifactId>
-        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
-          <artifactId>spring-support</artifactId>
+          <artifactId>spring-jcl</artifactId>
         </exclusion>
       </exclusions>
     </dependency>
     <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-dao</artifactId>
-      <version>2.0.8</version>
-      <exclusions>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-beans</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-context</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-core</artifactId>
-        </exclusion>
-      </exclusions>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-ldap</artifactId>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
@@ -191,7 +142,7 @@
         <configuration>
           <pom>
             <sortPom>
-              <sortDependencies>scope</sortDependencies>
+              <sortDependencies>none</sortDependencies>
             </sortPom>
           </pom>
         </configuration>

src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java renamed to src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/BindAuthenticator2.java

@@ -21,12 +21,14 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-package org.acegisecurity.providers.ldap.authenticator;
+package org.jenkinsci.plugins.reverse_proxy_auth;
 
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
 
 /**
  * {@link BindAuthenticator} with improved diagnostics.
@@ -37,19 +39,19 @@ public class BindAuthenticator2 extends BindAuthenticator {
     /** If we ever had a successful authentication, */
     private boolean hadSuccessfulAuthentication;
 
-    public BindAuthenticator2(InitialDirContextFactory initialDirContextFactory) {
-        super(initialDirContextFactory);
+    public BindAuthenticator2(BaseLdapPathContextSource contextSource) {
+        super(contextSource);
     }
 
     @Override
-    public LdapUserDetails authenticate(String username, String password) {
-        LdapUserDetails user = super.authenticate(username, password);
+    public DirContextOperations authenticate(Authentication authentication) {
+        DirContextOperations operations = super.authenticate(authentication);
         hadSuccessfulAuthentication = true;
-        return user;
+        return operations;
     }
 
     @Override
-    void handleBindException(String userDn, String username, Throwable cause) {
+    protected void handleBindException(String userDn, String username, Throwable cause) {
         LOGGER.log(
                 hadSuccessfulAuthentication ? Level.FINE : Level.WARNING,
                 "Failed to bind to LDAP: userDn" + userDn + "  username=" + username,

src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySearchTemplate.java

@@ -1,9 +1,10 @@
 package org.jenkinsci.plugins.reverse_proxy_auth;
 
 import edu.umd.cs.findbugs.annotations.CheckForNull;
+import java.util.Collection;
 import java.util.Set;
-import org.acegisecurity.GrantedAuthority;
 import org.jenkinsci.plugins.reverse_proxy_auth.data.SearchTemplate;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * @author Wilder Rodrigues ([email protected])
@@ -15,10 +16,11 @@ public Set<String> executeReadOnly(ContextExecutor ce) {
     }
 
     public Set<String> searchForSingleAttributeValues(
-            final SearchTemplate template, final @CheckForNull GrantedAuthority[] authorities) {
+            final SearchTemplate template, final @CheckForNull Collection<? extends GrantedAuthority> authorities) {
 
         class SingleAttributeSearchCallback implements ContextExecutor {
 
+            @Override
             public Set<String> executeWithContext() {
                 return template.processAuthorities(authorities);
             }