Merge branch 'master' into fully-nameable-model-object

Author: Vlatombe

.gitpod/Dockerfile

@@ -1,6 +1,6 @@
 FROM gitpod/workspace-full:latest
 ARG JAVA_VERSION=21.0.6-tem
-ARG MAVEN_VERSION=3.9.10
+ARG MAVEN_VERSION=3.9.11
 # Install Java 21, Maven and GitHub CLI
 RUN bash -c ". /home/gitpod/.sdkman/bin/sdkman-init.sh && \
     sdk install java ${JAVA_VERSION} && \

ath.sh

@@ -6,7 +6,7 @@ set -o xtrace
 cd "$(dirname "$0")"
 
 # https://github.com/jenkinsci/acceptance-test-harness/releases
-export ATH_VERSION=6294.v8837063f315d
+export ATH_VERSION=6300.v12732144c83f
 
 if [[ $# -eq 0 ]]; then
 	export JDK=17

bom/pom.xml

@@ -63,15 +63,15 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-framework-bom</artifactId>
-        <version>6.2.8</version>
+        <version>6.2.9</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
       <dependency>
         <!-- https://docs.spring.io/spring-security/reference/6.3/getting-spring-security.html#getting-maven-no-boot -->
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-bom</artifactId>
-        <version>6.5.1</version>
+        <version>6.5.2</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -119,7 +119,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
-        <version>2.19.0</version>
+        <version>2.20.0</version>
       </dependency>
       <dependency>
         <groupId>commons-lang</groupId>

core/src/main/java/hudson/Functions.java

@@ -41,7 +41,6 @@
 import hudson.model.Describable;
 import hudson.model.Descriptor;
 import hudson.model.DescriptorVisibilityFilter;
-import hudson.model.Hudson;
 import hudson.model.Item;
 import hudson.model.ItemGroup;
 import hudson.model.Items;
@@ -97,11 +96,9 @@
 import hudson.views.MyViewsTabBar;
 import hudson.views.ViewsTabBar;
 import hudson.widgets.RenderOnDemandClosure;
-import io.jenkins.servlet.ServletExceptionWrapper;
 import io.jenkins.servlet.http.CookieWrapper;
 import io.jenkins.servlet.http.HttpServletRequestWrapper;
 import io.jenkins.servlet.http.HttpServletResponseWrapper;
-import jakarta.servlet.ServletException;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -190,8 +187,6 @@
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerRequest2;
-import org.kohsuke.stapler.StaplerResponse;
-import org.kohsuke.stapler.StaplerResponse2;
 import org.springframework.security.access.AccessDeniedException;
 
 /**
@@ -921,11 +916,11 @@ public static String htmlAttributeEscape(String text) {
         return buf.toString();
     }
 
-    public static void checkPermission(Permission permission) throws IOException, ServletException {
+    public static void checkPermission(Permission permission) {
         checkPermission(Jenkins.get(), permission);
     }
 
-    public static void checkPermission(AccessControlled object, Permission permission) throws IOException, ServletException {
+    public static void checkPermission(AccessControlled object, Permission permission) {
         if (permission != null) {
             object.checkPermission(permission);
         }
@@ -936,7 +931,7 @@ public static void checkPermission(AccessControlled object, Permission permissio
      * degrades gracefully if "it" is not an {@link AccessControlled} object.
      * Otherwise it will perform no check and that problem is hard to notice.
      */
-    public static void checkPermission(Object object, Permission permission) throws IOException, ServletException {
+    public static void checkPermission(Object object, Permission permission) {
         if (permission == null)
             return;
 
@@ -961,15 +956,15 @@ public static void checkPermission(Object object, Permission permission) throws
      * @param permission
      *      If null, returns true. This defaulting is convenient in making the use of this method terse.
      */
-    public static boolean hasPermission(Permission permission) throws IOException, ServletException {
+    public static boolean hasPermission(Permission permission) {
         return hasPermission(Jenkins.get(), permission);
     }
 
     /**
      * This version is so that the 'hasPermission' can degrade gracefully
      * if "it" is not an {@link AccessControlled} object.
      */
-    public static boolean hasPermission(Object object, Permission permission) throws IOException, ServletException {
+    public static boolean hasPermission(Object object, Permission permission) {
         if (permission == null)
             return true;
         if (object instanceof AccessControlled)
@@ -986,36 +981,6 @@ public static boolean hasPermission(Object object, Permission permission) throws
         }
     }
 
-    /**
-     * @since 2.475
-     */
-    public static void adminCheck(StaplerRequest2 req, StaplerResponse2 rsp, Object required, Permission permission) throws IOException, ServletException {
-        // this is legacy --- all views should be eventually converted to
-        // the permission based model.
-        if (required != null && !Hudson.adminCheck(StaplerRequest.fromStaplerRequest2(req), StaplerResponse.fromStaplerResponse2(rsp))) {
-            // check failed. commit the FORBIDDEN response, then abort.
-            rsp.setStatus(HttpServletResponse.SC_FORBIDDEN);
-            rsp.getOutputStream().close();
-            throw new ServletException("Unauthorized access");
-        }
-
-        // make sure the user owns the necessary permission to access this page.
-        if (permission != null)
-            checkPermission(permission);
-    }
-
-   /**
-     * @deprecated use {@link #adminCheck(StaplerRequest2, StaplerResponse2, Object, Permission)}
-     */
-    @Deprecated
-    public static void adminCheck(StaplerRequest req, StaplerResponse rsp, Object required, Permission permission) throws IOException, javax.servlet.ServletException {
-        try {
-            adminCheck(StaplerRequest.toStaplerRequest2(req), StaplerResponse.toStaplerResponse2(rsp), required, permission);
-        } catch (ServletException e) {
-            throw ServletExceptionWrapper.fromJakartaServletException(e);
-        }
-    }
-
     /**
      * Infers the hudson installation URL from the given request.
      *
@@ -1298,7 +1263,7 @@ public static boolean hasAnyPermission(AccessControlled ac, Permission[] permiss
      *
      * @since 2.238
      */
-    public static boolean hasAnyPermission(Object object, Permission[] permissions) throws IOException, ServletException {
+    public static boolean hasAnyPermission(Object object, Permission[] permissions) {
         if (permissions == null || permissions.length == 0) {
             return true;
         }
@@ -1336,7 +1301,7 @@ public static void checkAnyPermission(AccessControlled ac, Permission[] permissi
      * degrades gracefully if "it" is not an {@link AccessControlled} object.
      * Otherwise it will perform no check and that problem is hard to notice.
      */
-    public static void checkAnyPermission(Object object, Permission[] permissions) throws IOException, ServletException {
+    public static void checkAnyPermission(Object object, Permission[] permissions) {
         if (permissions == null || permissions.length == 0) {
             return;
         }
@@ -2099,7 +2064,7 @@ public boolean hyperlinkMatchesCurrentPage(String href) {
     }
 
     /**
-     * If the given {@code Action} is a {@link RootAction#isPrimaryAction() primary} {code RootAction}, or a parent of the current page, return {@code true}.
+     * If the given {@code Action} is a {@link RootAction#isPrimaryAction() primary} {@code RootAction}, or a parent of the current page, return {@code true}.
      * Used in {@code actions.jelly} to decide if the action should shown in the main header or the hamburger.
      */
     @Restricted(NoExternalUse.class)

core/src/main/java/hudson/model/Hudson.java

@@ -42,7 +42,6 @@
 import io.jenkins.servlet.ServletExceptionWrapper;
 import jakarta.servlet.ServletContext;
 import jakarta.servlet.ServletException;
-import jakarta.servlet.http.HttpServletResponse;
 import java.io.File;
 import java.io.IOException;
 import java.text.NumberFormat;
@@ -51,7 +50,6 @@
 import jenkins.model.Jenkins;
 import org.jvnet.hudson.reactor.ReactorException;
 import org.kohsuke.stapler.QueryParameter;
-import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.interceptor.RequirePOST;
@@ -293,27 +291,6 @@ public static boolean isDarwin() {
         return Platform.isDarwin();
     }
 
-    /**
-     * @deprecated since 2007-12-18.
-     *      Use {@link #checkPermission(hudson.security.Permission)}
-     */
-    @Deprecated
-    public static boolean adminCheck() throws IOException {
-        return adminCheck(Stapler.getCurrentRequest(), Stapler.getCurrentResponse());
-    }
-
-    /**
-     * @deprecated since 2007-12-18.
-     *      Use {@link #checkPermission(hudson.security.Permission)}
-     */
-    @Deprecated
-    public static boolean adminCheck(StaplerRequest req, StaplerResponse rsp) throws IOException {
-        if (isAdmin(req)) return true;
-
-        rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
-        return false;
-    }
-
     /**
      * Checks if the current user (for which we are processing the current request)
      * has the admin access.

core/src/main/java/hudson/model/Slave.java

@@ -27,6 +27,7 @@
 
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.DescriptorExtensionList;
 import hudson.EnvVars;
 import hudson.FilePath;
@@ -102,6 +103,7 @@
  *
  * @author Kohsuke Kawaguchi
  */
+@SuppressFBWarnings(value = "DESERIALIZATION_GADGET", justification = "unhappy about existence of readResolve?")
 public abstract class Slave extends Node implements Serializable {
 
     private static final Logger LOGGER = Logger.getLogger(Slave.class.getName());
@@ -381,7 +383,9 @@ private void _setLabelString(String labelString) {
     @Override
     protected Set<LabelAtom> getLabelAtomSet() {
         if (labelAtomSet == null) {
-            warnPlugin();
+            if (!insideReadResolve.get()) {
+                warnPlugin();
+            }
             this.labelAtomSet = Collections.unmodifiableSet(Label.parse(label));
         }
         return labelAtomSet;
@@ -627,14 +631,21 @@ public int hashCode() {
         return name.hashCode();
     }
 
+    private static final ThreadLocal<Boolean> insideReadResolve = ThreadLocal.withInitial(() -> false);
+
     /**
      * Invoked by XStream when this object is read into memory.
      */
     protected Object readResolve() {
         if (nodeProperties == null)
             nodeProperties = new DescribableList<>(this);
         previouslyAssignedLabels = new HashSet<>();
-        _setLabelString(label);
+        insideReadResolve.set(true);
+        try {
+            _setLabelString(label);
+        } finally {
+            insideReadResolve.set(false);
+        }
         return this;
     }
 

core/src/main/java/jenkins/console/ConsoleUrlProviderUserProperty.java

@@ -25,10 +25,12 @@
 package jenkins.console;
 
 import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
 import hudson.model.User;
 import hudson.model.UserProperty;
 import hudson.model.UserPropertyDescriptor;
+import hudson.model.userproperty.UserPropertyCategory;
 import java.util.List;
 import org.jenkinsci.Symbol;
 import org.kohsuke.accmod.Restricted;
@@ -70,6 +72,11 @@ public String getDescription() {
             return Messages.consoleUrlProviderDisplayName_Description();
         }
 
+        @Override
+        public @NonNull UserPropertyCategory getUserPropertyCategory() {
+            return UserPropertyCategory.get(UserPropertyCategory.Appearance.class);
+        }
+
         @Override
         public UserProperty newInstance(User user) {
             return new ConsoleUrlProviderUserProperty();

core/src/main/java/jenkins/model/Jenkins.java

@@ -2837,7 +2837,7 @@ public <T> ExtensionList<T> getExtensionList(Class<T> extensionType) {
      *      For URL access to descriptors, see {@link hudson.model.DescriptorByNameOwner}.
      *      For URL access to specific other {@link hudson.Extension} annotated elements, create your own {@link hudson.model.Action}, like {@link hudson.console.ConsoleAnnotatorFactory.RootAction}.
      */
-    @Deprecated(since = "TODO")
+    @Deprecated(since = "2.519")
     public ExtensionList getExtensionList(String extensionType) throws ClassNotFoundException {
         return getExtensionList(pluginManager.uberClassLoader.loadClass(extensionType));
     }

core/src/main/resources/hudson/model/userproperty/UserPropertyCategoryAppearanceAction/index.jelly

@@ -30,7 +30,7 @@ THE SOFTWARE.
     <l:layout permission="${app.ADMINISTER}" title="${%title}">
         <st:include page="sidepanel.jelly" it="${it.targetUser}" />
         <l:main-panel>
-            <f:form method="post" action="configSubmit" name="config">
+            <f:form method="post" action="configSubmit" name="config" class="jenkins-form">
                 <h1>
                     ${%title}
                 </h1>
@@ -44,7 +44,7 @@ THE SOFTWARE.
                     <j:when test="${hasItems}">
                         <j:forEach var="d" items="${descriptors}" varStatus="loop">
                             <j:if test="${d.enabled}">
-                                <f:section title="${d.displayName}">
+                                <f:section title="${d.displayName}" description="${d.description}">
                                     <j:set var="it" value="${thisAction.targetUser}" />
                                     <j:set var="descriptor" value="${d}" />
                                     <j:set var="instance" value="${instances[d]}" />

core/src/main/resources/jenkins/console/ConsoleUrlProviderGlobalConfiguration/config.jelly

@@ -1,13 +1,8 @@
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:f="/lib/form">
     <j:if test="${descriptor.enabled}">
-        <f:section title="${%Console URL Provider}">
-            <f:block>
-                ${%description}
-            </f:block>
-            <f:entry>
-                <f:repeatableHeteroProperty field="providers" hasHeader="true" oneEach="true" header="${%Providers}" />
-            </f:entry>
+        <f:section title="${%Console URL Provider}" description="${%description}">
+            <f:repeatableHeteroProperty field="providers" hasHeader="true" oneEach="true" header="${%Providers}" />
         </f:section>
     </j:if>
 </j:jelly>