Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1235

403 Error for legitimate users on Tomcat

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • _unsorted
    • None
    • Platform: All, OS: Linux

      I am using the container managed security option with Hudson, and if a user does
      not have the role of 'admin', they get a 403 error when logging in. My
      tomcat-user.xml file is as follows:

      <?xml version='1.0' encoding='utf-8'?>
      <tomcat-users>
      <role rolename="build"/>
      <role rolename="admin"/>
      <user username="User2" password="xxxx" roles="build"/>
      <user username="User1" password="yyyy" roles="admin"/>
      </tomcat-users>

      Additionally, I added these two roles as groups in the Hudson configuration
      screen, with different permissions for each group; the names of the groups in
      Hudson match the names of the roles in the tomcat-users.xml file.

      User1 can log in without any trouble, but when User2 logs in, they get a 403
      error. If they type in the main home page URL manually, they can get to the
      screens they are allowed to see, and permissions seem to be working correctly.

      My hudson config.xml file is as follows (note that I have obfuscated my secret
      key to be extra careful):

      <?xml version='1.0' encoding='UTF-8'?>
      <hudson>
      <numExecutors>1</numExecutors>
      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy">
      <permission>hudson.model.Item.Build:build</permission>
      <permission>hudson.model.Item.Build:admin</permission>
      <permission>hudson.model.View.Create:admin</permission>
      <permission>hudson.model.View.Configure:admin</permission>
      <permission>hudson.model.Hudson.Read:build</permission>
      <permission>hudson.model.Hudson.Read:admin</permission>
      <permission>hudson.model.Item.Configure:admin</permission>
      <permission>hudson.model.View.Delete:admin</permission>
      <permission>hudson.model.Item.Create:admin</permission>
      <permission>hudson.model.Item.Delete:admin</permission>
      <permission>hudson.model.Run.Update:build</permission>
      <permission>hudson.model.Run.Update:admin</permission>
      <permission>hudson.model.Run.Delete:build</permission>
      <permission>hudson.model.Run.Delete:admin</permission>
      <permission>hudson.model.Hudson.Administer:admin</permission>
      </authorizationStrategy>
      <securityRealm class="hudson.security.LegacySecurityRealm"/>
      <jdks>
      <jdk>
      <name>JDK 1.5</name>
      <javaHome>/usr/java/jdk1.5.0_11/</javaHome>
      </jdk>
      </jdks>
      <slaves/>
      <quietPeriod>5</quietPeriod>
      <views/>
      <slaveAgentPort>0</slaveAgentPort>
      <secretKey>blahblahblah</secretKey>
      </hudson>

            Unassigned Unassigned
            deryl deryl
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: