Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11149

JNLP slave fails to connect if Anonymous has not permission READ

XMLWordPrintable

      Hi all,
      I do face a problem with JNLP based windows slaves in combination with restricted permissions of Anonymous.
      If user Anonymous doesn't has READ permission granted, the JNLP slave (converted to a windows service) fails to connect to the master.

      The jenkins-slave.xml contains
      ------------------------------------------------------------------------------------
      <arguments>-Xrs -jar "%BASE%\slave.jar" -jnlpUrl https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp -jnlpCredentials abcd:efgh -auth abcd:efgh</arguments>
      ------------------------------------------------------------------------------------

      The tomcat-users.xml contains
      ------------------------------------------------------------------------------------
      <tomcat-users>
      <role rolename="admin"/>
      <role rolename="manager"/>
      <user username="abcd" password="efgh" roles="admin,manager"/>
      </tomcat-users>
      ------------------------------------------------------------------------------------

      The jenkins-slave.err.log contains
      ------------------------------------------------------------------------------------
      Failing to obtain https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp
      java.io.IOException: Failed to load https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp: 500 Internal Server Error
      at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:228)
      at hudson.remoting.Launcher.run(Launcher.java:190)
      at hudson.remoting.Launcher.main(Launcher.java:166)
      Waiting 10 seconds before retry
      ------------------------------------------------------------------------------------

      The tomcat's localhost.2011-xx-xx.log contains
      ------------------------------------------------------------------------------------
      SEVERE: Servlet.service() for servlet Stapler threw exception
      hudson.security.AccessDeniedException2: anonymous is missing the Read permission
      at hudson.security.ACL.checkPermission(ACL.java:53)
      at hudson.model.Node.checkPermission(Node.java:363)
      at hudson.model.Hudson.getTarget(Hudson.java:3538)
      ...
      ------------------------------------------------------------------------------------

      The setup is as follows:
      ------------------------------------------------------------------------------------
      OS: Windows 7
      Tomcat: 6.0.33
      Jenkins: 1.4.10 (also not working with 1.4.31)
      JDK: 1.6.27
      Security Realm: Matrix based Security is enabled
      Authorization: Delegate to servlet container

      permissions of user abcd: Overall Read, Overall Administer
      permissions of user Anonymous: none
      ------------------------------------------------------------------------------------

            abayer Andrew Bayer
            matthias_vach Matthias Vach
            Votes:
            14 Vote for this issue
            Watchers:
            18 Start watching this issue

              Created:
              Updated:
              Resolved: