I've written a Jenkins plugin to implement my own authentication mechanism by extending hudson.security.SecurityRealm
.
Now I'm trying to create my own custom "Access Denied" page, to display
when a user types in the wrong password or simply doesn't have access.
To do this, I've created a file called accessDenied.jelly
. So let's say the name of my company is "Foo" and the structure of my plugin (simplified here for practical reasons) is this:
src
|---main
|---java
| |---com
| |---foo
| |---authn
| |---MySecurityRealm.java
|---resources
| |---com
| |---foo
| |---authn
| |---MySecurityRealm
| |---config.jelly
| |---accessDenied.jelly
|---webapp
|---images
|---foo.png
Now, I want to display my company logo -The foo.png
file in the tree above- in my custom error page accessDenied.jelly
. Again, for the sake of simplicity let's assume the short name of my plugin is simply foo
and this is the content of accessDenied.jelly
:
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<l:layout title="${%Login Error}" permission="${app.ANONYMOUS}">
<l:main-panel>
<h2>Access Denied</h2>
<span class="message">
You don't have access to this Jenkins console.
</span>
<img src="${app.getRootUrl()}plugin/foo/images/foo.png"/>
</l:main-panel>
</l:layout>
</j:jelly>
My problem here is I'm getting a broken image link for foo.png
because the server returns a HTTP 403 Forbidden
on serving it. Implying the user must be authenticated in order to access the static content in a plugin.
If instead of my company logo I use ${app.getRootUrl()}/favicon.ico
for the source of my image, I do get the Jenkins icon displayed.
How can I make the static content in my plugin accessible without authentication? or public?
Notice I tried setting permission="${app.ANONYMOUS}"
in my Jelly file, but this refers to the view being rendered, not to any static assets referenced by it.