Previously, the untar code tries to set the last modified time and mode
on every untarred file.  However, if the tar contains a broken symlink,
or a symlink that points to a file that has not been untarred yet, the
time/mode setting would fail on the broken symlink.

Symlinks don't have meaningful modified times or modes of their own, so
only set these values on non-symlinks.

Rename the file "a" in the test to expose the bug.

Expose /whoAmI/api/*
Thanks

- Create WhoAmI UnprotectedRootAction

Namespace tools installation by tool name.
Thanks!

This prevents naming conflicts if someone names 2 tools installations
of different tools with the same name.

Added a link to an already fixed JIRA issue (5754)

If a resource with 'Set-Cookie' header is cached (either by intermediary
like HTTP proxy and reverse proxy, or by the browser), it'll cause
identity swap / session mix-up as discussed in this ticket.

I suspect this was caused by HttpSessionContextIntegrationFilter2, which
is the only code path that attempts to create a session when a request
to a static resource is made.

So I'm disabling the creation of session in
HttpSessionContextIntegrationFilter2. This in turn requires that we
have sessions already created when the authentication was successful and
people need to login (or else the login will have no effect.)

We already do so in layout.jelly, so any request that renders a Jenkins
page would have a session, but I've also added it in
AuthenticationProcessingFilter2, which ensures that a successful login
does have a session.

Clean up FilePath. Extract one method out and ensure closing of input stream after copy

Fixes JENKINS-13649

[FIXES JENKINS-13649] As FilePath(FilePath,String) expects multi-segment relative paths, we should ensure that the multiple segments are using the correct separator character for the remote OS

we shouldn't change the definition of it.

Instead, I'm creating a new tag.