1

I would like to disable page "People" in Hudson. I don't want users to see other users. Is it possible to do?

yegor256
  • 102,010
  • 123
  • 446
  • 597

1 Answers1

2

I don't know if you can do it directly with Hudson, but you certainly be able to do it if you run Hudson within a Tomcat instance (I run mine in a Tomcat 7 without any problem).

You would define a JSP security-constraint, a bit like those ones (note: adapted for LDAP because I defer all user authentication to the webapp container of Hudson: in my case, Tomcat)

The OP asks:

You're suggesting to make changes to hudson/WEB-INF/web.xml? Could you please explicitly mention the file I have to change?

@Vincenzo: I don't! I never touch one bit of the hudson.jar. I only use it within a Tomcat instance, meaning:

  • I declare in <tomcat>/conf/Catalina/localhost a context for each Hudson I want to manage: 
  hudson-xxx -> /home/me/context/hudson-xxx.xml

(it is a link because I want to upgrade Tomcat easily, so I externalize the context definition outside of Tomcat). I define my Realm for ACL purposes:

<?xml version='1.0' encoding='utf-8'?>
<Context docBase="/home/me/hudson/hudson.war" path="/hudson-xxx">
  <Realm className="org.apache.catalina.real.CombinedRealm" >
    <Realm className="org.apache.catalina.real.JNDIRealm" debug="99"
           connectionURL="ldap://xxxxx:389"
           alternateURL="ldap://xxxxx:389"
           connexionName="yyyy"
           connectionPassword="zzzz"
           userPattern="CN={0},OU=...,DC=..."
           userRoleName="memberOf"
           useSubtree="false"
           roleBase="OU=...,DC=..."
           roleName="cn"
           roleSearch="(member={0})"
           roleSubtree="false"
    />
  </Realm>
  <Environment name="HUDSON_XXX" value="/home/me/hudson/hudson-xxx-home" type="java.lang.String" override="false" />
</Context>

(With that context, a hudson.war stored outside of Tomcat is automatically deployed with the </tomcat>/webapps directory, and access from http://tomcat-server/hudson-xxx, with an LDAP-based authentication)

  • I suggests modifying the </tomcat>/conf/web.xml to add security-constraint which would prevent anybody to access the user page while letting only certain tomcat users (as defined in /conf/tomcat-users.xml.
    (I haven't tested it yet)
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • You're suggesting to make changes to `hudson/WEB-INF/web.xml`? Could you please explicitly mention the file I have to change? Thanks – yegor256 Dec 06 '10 at 10:40
  • @Vincenzo: I have updated my answer with Tomcat-specific details. – VonC Dec 06 '10 at 11:19