Help upgrading acegi-security to spring-security

[Steve Boardwell]

Hi everyone,

Does anyone with acegi-/spring-security experience fancy helping out with the https://github.com/jenkinsci/reverse-proxy-auth-plugin?

As part of the modernisation we need to upgrade acegi security to spring security and I have had an initial look at it but I think I'll need some help.

Any tips or suggestions are more than welcome.

Steve

[Ivan Fernandez Calvo]

I have made recently the migration of the SAML plugin to Spring-security, it was not too hard, change imports and some Jenkins classes now change to whatever2, I did not have to change functionality

https://github.com/jenkinsci/saml-plugin/pull/261

[Jesse Glick]

At least start by reading https://github.com/jenkinsci/reverse-proxy-auth-plugin/pull/40 and https://github.com/jenkinsci/ldap-plugin/pull/49.

https://github.com/jenkinsci/reverse-proxy-auth-plugin/pull/37 would perhaps help. The root problem is the lack of a general way in Jenkins to compose security realms—often to get “fallback” functionality (e.g. to log in while the primary system is down), but more pertinently here, to delegate calculation of granted authorities (“groups”) to another system such as LDAP while controlling the user identifier (login). `reverse-proxy-auth` therefore includes its own LDAP call layer because it cannot delegate that to the `ldap` plugin, so to migrate to Spring Security you have a lot of code to rewrite.