• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • _unsorted
    • None
    • Platform: All, OS: Linux

      I am using the container managed security option with Hudson, and if a user does
      not have the role of 'admin', they get a 403 error when logging in. My
      tomcat-user.xml file is as follows:

      <?xml version='1.0' encoding='utf-8'?>
      <tomcat-users>
      <role rolename="build"/>
      <role rolename="admin"/>
      <user username="User2" password="xxxx" roles="build"/>
      <user username="User1" password="yyyy" roles="admin"/>
      </tomcat-users>

      Additionally, I added these two roles as groups in the Hudson configuration
      screen, with different permissions for each group; the names of the groups in
      Hudson match the names of the roles in the tomcat-users.xml file.

      User1 can log in without any trouble, but when User2 logs in, they get a 403
      error. If they type in the main home page URL manually, they can get to the
      screens they are allowed to see, and permissions seem to be working correctly.

      My hudson config.xml file is as follows (note that I have obfuscated my secret
      key to be extra careful):

      <?xml version='1.0' encoding='UTF-8'?>
      <hudson>
      <numExecutors>1</numExecutors>
      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy">
      <permission>hudson.model.Item.Build:build</permission>
      <permission>hudson.model.Item.Build:admin</permission>
      <permission>hudson.model.View.Create:admin</permission>
      <permission>hudson.model.View.Configure:admin</permission>
      <permission>hudson.model.Hudson.Read:build</permission>
      <permission>hudson.model.Hudson.Read:admin</permission>
      <permission>hudson.model.Item.Configure:admin</permission>
      <permission>hudson.model.View.Delete:admin</permission>
      <permission>hudson.model.Item.Create:admin</permission>
      <permission>hudson.model.Item.Delete:admin</permission>
      <permission>hudson.model.Run.Update:build</permission>
      <permission>hudson.model.Run.Update:admin</permission>
      <permission>hudson.model.Run.Delete:build</permission>
      <permission>hudson.model.Run.Delete:admin</permission>
      <permission>hudson.model.Hudson.Administer:admin</permission>
      </authorizationStrategy>
      <securityRealm class="hudson.security.LegacySecurityRealm"/>
      <jdks>
      <jdk>
      <name>JDK 1.5</name>
      <javaHome>/usr/java/jdk1.5.0_11/</javaHome>
      </jdk>
      </jdks>
      <slaves/>
      <quietPeriod>5</quietPeriod>
      <views/>
      <slaveAgentPort>0</slaveAgentPort>
      <secretKey>blahblahblah</secretKey>
      </hudson>

          [JENKINS-1235] 403 Error for legitimate users on Tomcat

          deryl created issue -
          Kohsuke Kawaguchi made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          deryl made changes -
          Resolution Original: Fixed [ 1 ]
          Status Original: Resolved [ 5 ] New: Reopened [ 4 ]
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Reopened [ 4 ] New: Resolved [ 5 ]
          Andrew Bayer made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 131308 ] New: JNJira + In-Review [ 200554 ]
          Jenkins IRC Bot made changes -
          Component/s New: _unsorted [ 19622 ]
          Component/s Original: security [ 15508 ]

            Unassigned Unassigned
            deryl deryl
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: