Block Luntbuild 1.5.1 Anonymous Access

If you are using luntbuild for your continuous integration builds at work, you probably want to remove anonymous user access. In stead of adding that feature to the administrator “Properties” page where I’d expect it, you have to hack the Spring configuration in the webapps directory of luntbuild. Sigh. Here we go:

Open a command prompt and go to the directory where luntbuild is installed. Edit the /webapps/luntbuild/luntbuild-login.html file and remove the following line:

<a href="app.do?service=reset/Home&relogin=no">Anonymous</a>

Open the /webapps/luntbuild/WEB-INF/applicationContext.xml file and remove the following 2 Spring Beans:

<bean id="anonymousProcessingFilter"
     class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    <property name="key"><value>anonymous</value></property>
    <property name="userAttribute"><value>anonymous,ROLE_ANONYMOUS</value></property>
</bean>

<bean id="anonymousAuthenticationProvider"
     class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
    <property name="key"><value>anonymous</value></property>
</bean>

In the same file, searchfor the filterChainProxy bean and remove references to the anonymousProcessingFilter bean, and save the file.

Double check that when you do a cat applicationContext.xml | grep anonymousProcessingFilter, nothing is returned.

Now restart the luntbuild application. Please note that if you were logged in as anonymous before you rebooted the server, your session will still work. This is because you passed the security gates earlier, and Tomcat remembers your session. Press “Forget” and try to login as anonymous. This should no longer work.

I really hope that in luntbuild 2.0, anonymous access is removed or at least configurable from the administation pages, and that the “Forget” and “Logout” links are merged into one, because they seem to do the same thing to the user.

Advertisements

4 Responses to Block Luntbuild 1.5.1 Anonymous Access

  1. rolfje says:

    Apperently I revert to hacking and Googling before reading the manual, you can also find it here:
    http://luntbuild.javaforge.com/doc/installguide/installguide.html

    But still, an “allow anonymous access” setting on the admin page would be much nicer. And did I mention already that an “allow anonymous access” option on the admin page would me much nicer?

  2. thiago says:

    good one! it worked fine with me J

  3. larry carleton says:

    This did not work when I tried it on version 1.6 linux – see http://geowind.javaforge.com/issue/10459

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s