https://github.com/jenkinsci/authorize-project-plugin

Run a job with specified authorization
https://github.com/jenkinsci/authorize-project-plugin

adopt-this-plugin jenkins-plugin security

Last synced: 3 months ago
JSON representation

Run a job with specified authorization

• Host: GitHub
• URL: https://github.com/jenkinsci/authorize-project-plugin
• Owner: jenkinsci
• License: mit
• Created: 2013-11-23T10:51:33.000Z (almost 12 years ago)
• Default Branch: master
• Last Pushed: 2025-05-02T18:16:32.000Z (5 months ago)
• Last Synced: 2025-05-02T19:25:44.556Z (5 months ago)
• Topics: adopt-this-plugin, jenkins-plugin, security
• Language: Java
• Homepage: https://plugins.jenkins.io/authorize-project/
• Size: 894 KB
• Stars: 17
• Watchers: 98
• Forks: 38
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# Authorize Project Plugin for Jenkins

This plugin allows projects to run builds with specified authorization.

## What's this?

This plugin provides following features:

-   You can configure projects to have their builds run with specified

    authorization.

    -   This is an implementation of

        [QueueItemAuthenticator](http://javadoc.jenkins-ci.org/jenkins/security/QueueItemAuthenticator.html).

-   Provides following ways to specify authorization.

    -   Run as the user who triggered the build.

        -   Does not work for scheduled, or polled builds.

        -   Configuring projects are allowed only to users with the

            BUILD permission.

    -   Run as anonymous.

    -   Run as the specified user.

        -   You are requested to enter the password of the specified

            user except in the following cases:

            -   You are an administrator.

            -   You are the specified user.

            -   The specified user is not changed from the last

                configuration, and "No need for re-authentication" is

                checked.

                -   This can be a security risk

        -   Configuring projects are allowed only to administrators and

            the user configured as the authorization.

            -   "Don't restrict job configuration" allows other users

                (with the CONFIGURE permission) to configure the

                project. Ensure that only appropriate users have

                CONFIGURE permission for that project.

    -   Run as SYSTEM

        -   This is provided only to cancel the global configuration.

            SYSTEM authorization is often considered as "unconfigured",

            features provided by plugins may treat it as anonymous.

-   Provides an extension point to add new ways to specify

    authorization.

## Screenshots

-   The plugin adds "Access Control for Builds" in "Manage Jenkins" \> "Configure Global

    Security". Adding "Configure Build Authorizations in Project

    Configuration" enables Authorize Project plugin.

    ![](docs/images/authorize-project_01_globalsecurity.png)

    -   You can also disable specific strategies in this page. Disabled

        strategies are never used for authorization.

-   A new side bar menu "Authorization" will appear in project pages.

    ![](docs/images/sidebar.png)

-   You can select how to authorize builds of the project in the

    "Authorization" page.

    ![](docs/images/authorization-page.png)

-   When selecting "Run as Specific User", you can enter User ID with

    whose authorization builds will run. If you enter a user ID except

    yourself and have no administrative privilege, you are required to

    enter the password of that user.

    ![](docs/images/authorization-page-specific-user.png)

    -   You can also use API token, especially for non password-based

        security realms.

-   Configuring project settings by unauthorized users are forbidden

    when you configure the authorization for the project. See [What's this](/)? for details.

    ![](docs/images/access-denied.png)

## Extension point

A new way to authorize projects can be added by extending

[`AuthorizeProjectStrategy`](https://javadoc.jenkins.io/plugin/authorize-project/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.html),

overriding the following method:

``` syntaxhighlighter-pre

public abstract Authentication authenticate(

    hudson.model.AbstractProject, ?> project,

    hudson.model.Queue.Item item

);

```

Use `AuthorizeProjectStrategyDescriptor` for `Descriptor`.

If you want to provide global configuration properties, do as following:

-   `global-security.jelly` is displayed in "Configure Global Security"

    page.

-   Override

    `AuthorizeProjectStrategyDescriptor#configureFromGlobalSecurity` to

    save configuration.

## Issues

To report a bug or request an enhancement to this plugin please create a

ticket in JIRA (you need to login or to sign up for an account).

Also have a look on [How to report an issue](https://www.jenkins.io/participate/report-issue/)

-   [Bug report](https://issues.jenkins.io/secure/CreateIssueDetails!init.jspa?pid=10172&issuetype=1&components=18155&priority=4&assignee=ikedam)

-   [Request or propose an improvement of existing feature](https://issues.jenkins.io/secure/CreateIssueDetails!init.jspa?pid=10172&issuetype=4&components=18155&priority=4)

-   [Request or propose a new feature](https://issues.jenkins.io/secure/CreateIssueDetails!init.jspa?pid=10172&issuetype=2&components=18155&priority=4)

## Change Log

* See [GitHub Releases](https://github.com/jenkinsci/authorize-project-plugin/releases) for the recent releases

* See the [Changelog Archive](https://github.com/jenkinsci/authorize-project-plugin/blob/authorize-project-1.6.0/docs/CHANGELOG.old.md) for version 1.3.0 and older