Refresh plugin for November 2024 (#100)

Author: basil

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @jenkinsci/folder-auth-plugin-developers

.github/dependabot.yml

@@ -1,13 +1,12 @@
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+---
 version: 2
 updates:
-  - package-ecosystem: "maven"
-    directory: "/"
-    schedule: 
-      interval: "weekly"
-    reviewers:
-      - "oleg-nenashev"
-      - "AbhyudayaSharma"
-    ignore:
-      - dependency-name: "org.jenkins-ci.main:jenkins-core"
-      - dependency-name: "org.jenkins-ci.plugins*"
-      - dependency-name: "io.jenkins.plugins*"
+  - package-ecosystem: maven
+    directory: /
+    schedule:
+      interval: monthly
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly

.github/release-drafter.yml

@@ -1,3 +1,5 @@
+# See https://github.com/jenkinsci/.github/blob/master/.github/release-drafter.adoc
+---
 _extends: .github
 version-template: $MAJOR.$MINOR-$PATCH
 tag-template: folder-auth-$NEXT_MINOR_VERSION

.github/workflows/jenkins-security-scan.yml

@@ -0,0 +1,22 @@
+# More information about the Jenkins security scan can be found at the developer docs: https://www.jenkins.io/redirect/jenkins-security-scan/
+---
+name: Jenkins Security Scan
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+permissions:
+  security-events: write
+  contents: read
+  actions: read
+
+jobs:
+  security-scan:
+    uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v2
+    with:
+      java-cache: 'maven'  # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.
+      # java-version: 21  # Optionally specify what version of Java to set up for the build, or remove to use a recent default.

.github/workflows/release-drafter.yml

@@ -1,5 +1,6 @@
-# Note: additional setup is required, see https://github.com/jenkinsci/.github/blob/master/.github/release-drafter.adoc
-
+# Automates creation of Release Drafts using Release Drafter
+# More Info: https://github.com/jenkinsci/.github/blob/master/.github/release-drafter.adoc
+---
 name: Release Drafter
 
 on:
@@ -12,6 +13,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Drafts your next Release notes as Pull Requests are merged into the default branch
-      - uses: release-drafter/release-drafter@v5
+      - uses: release-drafter/release-drafter@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,43 +1,15 @@
 target
+
+# mvn hpi:run
 work
 
+# IntelliJ IDEA project files
+*.iml
+*.iws
+*.ipr
+.idea
+
 # Eclipse project files
 .settings
 .classpath
-.factorypath
 .project
-/nb-configuration.xml
-
-# From https://github.com/github/gitignore/blob/master/Global/JetBrains.gitignore
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm
-
-## Directory-based project format
-.idea/
-# if you remove the above rule, at least ignore user-specific stuff:
-# .idea/workspace.xml
-# .idea/tasks.xml
-# and these sensitive or high-churn files:
-# .idea/dataSources.ids
-# .idea/dataSources.xml
-# .idea/sqlDataSources.xml
-# .idea/dynamic.xml
-
-## File-based project format
-*.ipr
-*.iws
-*.iml
-
-## Additional for IntelliJ
-out/
-
-# generated by mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# generated by JIRA plugin
-atlassian-ide-plugin.xml
-
-# generated by Crashlytics plugin (for Android Studio and Intellij)
-com_crashlytics_export_strings.xml
-
-# JMH benchmark reports
-jmh-report.json

.mvn/extensions.xml

@@ -2,6 +2,6 @@
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>
-    <version>1.3</version>
+    <version>1.8</version>
   </extension>
 </extensions>

Jenkinsfile

@@ -2,7 +2,6 @@
 buildPlugin(
   useContainerAgent: true,
   configurations: [
-    [platform: 'linux', jdk: 8],
-    [platform: 'windows', jdk: 8],
+    [platform: 'linux', jdk: 21],
+    [platform: 'windows', jdk: 17],
 ])
-runBenchmarks('jmh-report.json')

pom.xml

@@ -1,10 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
-        <version>3.55</version>
+        <version>5.3</version>
         <relativePath />
     </parent>
 
@@ -14,7 +15,7 @@
     <version>${revision}${changelist}</version>
     <name>Folder-based Authorization Strategy</name>
     <description>Manage access to Folders</description>
-    <url>https://github.com/jenkinsci/folder-auth-plugin</url>
+    <url>https://github.com/jenkinsci/${project.artifactId}-plugin</url>
 
     <developers>
         <developer>
@@ -27,9 +28,9 @@
     <properties>
         <revision>1.5</revision>
         <changelist>-SNAPSHOT</changelist>
-        <jenkins.version>2.164.1</jenkins.version>
-        <java.level>8</java.level>
-        <configuration-as-code.version>1.35</configuration-as-code.version>
+        <jenkins.baseline>2.479</jenkins.baseline>
+        <jenkins.version>${jenkins.baseline}.1</jenkins.version>
+        <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
     </properties>
 
     <repositories>
@@ -55,30 +56,37 @@
     </licenses>
 
     <scm>
-        <connection>scm:git:ssh://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
-        <developerConnection>
-            scm:git:ssh://[email protected]/jenkinsci/${project.artifactId}-plugin.git
-        </developerConnection>
-        <url>https://github.com/jenkinsci/folder-auth-plugin</url>
+        <connection>scm:git:https://github.com/${gitHubRepo}.git</connection>
+        <developerConnection>scm:git:[email protected]:${gitHubRepo}.git</developerConnection>
+        <url>https://github.com/${gitHubRepo}</url>
         <tag>${scmTag}</tag>
     </scm>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.jenkins.tools.bom</groupId>
+                <artifactId>bom-${jenkins.baseline}.x</artifactId>
+                <version>3696.vb_b_4e2d1a_0542</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>cloudbees-folder</artifactId>
-            <version>6.4</version>
         </dependency>
         <dependency>
             <groupId>io.jenkins</groupId>
             <artifactId>configuration-as-code</artifactId>
-            <version>${configuration-as-code.version}</version>
             <optional>true</optional>
         </dependency>
         <dependency>
             <groupId>io.jenkins.configuration-as-code</groupId>
             <artifactId>test-harness</artifactId>
-            <version>${configuration-as-code.version}</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

src/main/java/io/jenkins/plugins/folderauth/FolderAuthorizationStrategyManagementLink.java

@@ -1,6 +1,8 @@
 package io.jenkins.plugins.folderauth;
 
 import com.cloudbees.hudson.plugins.folder.AbstractFolder;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
 import hudson.model.AbstractItem;
 import hudson.model.Api;
@@ -23,21 +25,7 @@
 import io.jenkins.plugins.folderauth.roles.AgentRole;
 import io.jenkins.plugins.folderauth.roles.FolderRole;
 import io.jenkins.plugins.folderauth.roles.GlobalRole;
-import jenkins.model.Jenkins;
-import net.sf.json.JSONArray;
-import org.kohsuke.accmod.Restricted;
-import org.kohsuke.accmod.restrictions.NoExternalUse;
-import org.kohsuke.stapler.QueryParameter;
-import org.kohsuke.stapler.Stapler;
-import org.kohsuke.stapler.export.ExportedBean;
-import org.kohsuke.stapler.interceptor.RequirePOST;
-import org.kohsuke.stapler.json.JsonBody;
-import org.kohsuke.stapler.verb.GET;
-
-import javax.annotation.CheckForNull;
-import javax.annotation.Nonnull;
-import javax.annotation.ParametersAreNonnullByDefault;
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashSet;
@@ -48,6 +36,17 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
+import javax.annotation.ParametersAreNonnullByDefault;
+import jenkins.model.Jenkins;
+import net.sf.json.JSONArray;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.Stapler;
+import org.kohsuke.stapler.export.ExportedBean;
+import org.kohsuke.stapler.interceptor.RequirePOST;
+import org.kohsuke.stapler.json.JsonBody;
+import org.kohsuke.stapler.verb.GET;
 
 @Extension
 @ExportedBean
@@ -65,7 +64,7 @@ public String getIconFileName() {
     /**
      * {@inheritDoc}
      */
-    @Nonnull
+    @NonNull
     @Override
     public String getDescription() {
         return Messages.FolderBasedAuthorizationStrategy_Description();
@@ -96,7 +95,7 @@ public String getCategoryName() {
         return "SECURITY";
     }
 
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public Set<Permission> getGlobalPermissions() {
@@ -105,7 +104,7 @@ public Set<Permission> getGlobalPermissions() {
         return getSafePermissions(groups);
     }
 
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public Set<Permission> getFolderPermissions() {
@@ -116,7 +115,7 @@ public Set<Permission> getFolderPermissions() {
         return getSafePermissions(groups);
     }
 
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public Set<Permission> getAgentPermissions() {
@@ -245,13 +244,13 @@ public void doAssignSidToAgentRole(@QueryParameter(required = true) String roleN
      */
     private void redirect() {
         try {
-            Stapler.getCurrentResponse().forwardToPreviousPage(Stapler.getCurrentRequest());
+            Stapler.getCurrentResponse2().forwardToPreviousPage(Stapler.getCurrentRequest2());
         } catch (ServletException | IOException e) {
             LOGGER.log(Level.WARNING, "Unable to redirect to previous page.");
         }
     }
 
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public SortedSet<GlobalRole> getGlobalRoles() {
@@ -269,7 +268,7 @@ public SortedSet<GlobalRole> getGlobalRoles() {
      * @return full names of all {@link AbstractFolder}s in the system
      */
     @GET
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     public JSONArray doGetAllFolders() {
         Jenkins jenkins = Jenkins.get();
@@ -288,7 +287,7 @@ public JSONArray doGetAllFolders() {
      *
      * @return all Computers in the system
      */
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public List<Computer> getAllComputers() {
@@ -310,7 +309,7 @@ public List<Computer> getAllComputers() {
      * @throws IllegalStateException when {@link Jenkins#getAuthorizationStrategy()} is
      *                               not {@link FolderBasedAuthorizationStrategy}
      */
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public SortedSet<FolderRole> getFolderRoles() {
@@ -322,7 +321,7 @@ public SortedSet<FolderRole> getFolderRoles() {
         }
     }
 
-    @Nonnull
+    @NonNull
     @Restricted(NoExternalUse.class)
     @SuppressWarnings("unused") // used by index.jelly
     public SortedSet<AgentRole> getAgentRoles() {
@@ -383,7 +382,7 @@ public void doDeleteAgentRole(@QueryParameter(required = true) String roleName)
         redirect();
     }
 
-    @Nonnull
+    @NonNull
     static Set<Permission> getSafePermissions(Set<PermissionGroup> groups) {
         TreeSet<Permission> safePermissions = new TreeSet<>(Permission.ID_COMPARATOR);
         groups.stream().map(PermissionGroup::getPermissions).forEach(safePermissions::addAll);