Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12543

CliAuthenticator (username/password) called too late to parse arguments (like job names)

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Won't Fix
    • core
    • Linux AWS, 64 bit

    Description

      I am using Jenkins 1.448, with 'Jenkins own user database' and 'Project-
      based Matrix Authorization Strategy'. I am able to get CLI to work as
      anonymous with permissions Overall build, Job read, and Job build enabled using
      the following command:

      java -jar jenkins-cli.jar -s http://my.domain.com:8080/ build -c
      myJobName

      However, when I try to do this as an authenticated user:

      java -jar jenkins-cli.jar -s http://my.domain.com:8080/ build -c
      myJobName --username myUsername --password myPassword

      I get the following error:

      No such job 'myJobName'

      If I however have Build read for anonymous checked, it works even though I have it
      checked for my other username also.

      Attachments

        Issue Links

          Activity

            jglick Jesse Glick added a comment -

            Only affects deprecated Remoting-based CLI.

            jglick Jesse Glick added a comment - Only affects deprecated Remoting-based CLI.

            Code changed in jenkins
            User: Jesse Glick
            Path:
            cli/src/main/java/hudson/cli/CLI.java
            cli/src/main/java/hudson/cli/CLIConnectionFactory.java
            cli/src/main/resources/hudson/cli/client/Messages.properties
            core/src/main/java/hudson/cli/CLICommand.java
            core/src/main/java/hudson/cli/ClientAuthenticationCache.java
            core/src/main/java/hudson/cli/LoginCommand.java
            core/src/main/java/hudson/cli/LogoutCommand.java
            core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java
            core/src/main/java/hudson/security/CliAuthenticator.java
            core/src/main/java/hudson/security/SecurityRealm.java
            core/src/main/resources/hudson/cli/Messages.properties
            test/src/test/java/hudson/cli/CLIActionTest.java
            http://jenkins-ci.org/commit/jenkins/12ae48ebb491b4f45ccb40ca8394bca8426f4e64
            Log:
            Deprecating -username/-password and login/logout in favor of new -auth option passing BASIC authentication to /cli endpoint.
            Simpler, does not rely on Remoting, allows use of API tokens, and bypasses JENKINS-12543.
            (You could actually do this before but only by embedding userinfo in the -s URL, especially awkward for usernames containing @.)

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: cli/src/main/java/hudson/cli/CLI.java cli/src/main/java/hudson/cli/CLIConnectionFactory.java cli/src/main/resources/hudson/cli/client/Messages.properties core/src/main/java/hudson/cli/CLICommand.java core/src/main/java/hudson/cli/ClientAuthenticationCache.java core/src/main/java/hudson/cli/LoginCommand.java core/src/main/java/hudson/cli/LogoutCommand.java core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java core/src/main/java/hudson/security/CliAuthenticator.java core/src/main/java/hudson/security/SecurityRealm.java core/src/main/resources/hudson/cli/Messages.properties test/src/test/java/hudson/cli/CLIActionTest.java http://jenkins-ci.org/commit/jenkins/12ae48ebb491b4f45ccb40ca8394bca8426f4e64 Log: Deprecating - username/ -password and login/logout in favor of new -auth option passing BASIC authentication to /cli endpoint. Simpler, does not rely on Remoting, allows use of API tokens, and bypasses JENKINS-12543 . (You could actually do this before but only by embedding userinfo in the -s URL, especially awkward for usernames containing @.)

            Code changed in jenkins
            User: Jesse Glick
            Path:
            test/src/test/java/hudson/cli/CLIActionTest.java
            http://jenkins-ci.org/commit/jenkins/c2a5d8512356aca5532be83a5444b2f941e72510
            Log:
            Establishing baseline behavior of JENKINS-12543: no workaround when using Remoting transport other than SSH authentication.
            (Verifying that this affects only @Argument in CLICommand, not @CLIMethod.)
            With the new HTTP protocol in JENKINS-41745, API tokens may be used to set a transport authentication.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/java/hudson/cli/CLIActionTest.java http://jenkins-ci.org/commit/jenkins/c2a5d8512356aca5532be83a5444b2f941e72510 Log: Establishing baseline behavior of JENKINS-12543 : no workaround when using Remoting transport other than SSH authentication. (Verifying that this affects only @Argument in CLICommand, not @CLIMethod.) With the new HTTP protocol in JENKINS-41745 , API tokens may be used to set a transport authentication.
            jglick Jesse Glick added a comment -

            The situation with CLIRegisterer […] is different, because the MethodBinder list is called after using the authenticator. […] Unfortunately this code creates an authenticator but never configures it!

            FTR this was fixed in JENKINS-23988.

            jglick Jesse Glick added a comment - The situation with CLIRegisterer […] is different, because the MethodBinder list is called after using the authenticator. […] Unfortunately this code creates an authenticator but never configures it! FTR this was fixed in JENKINS-23988 .
            jglick Jesse Glick added a comment -

            Again: the recommended workaround is to use SSH authentication.

            jglick Jesse Glick added a comment - Again: the recommended workaround is to use SSH authentication.

            People

              Unassigned Unassigned
              mattfair Matt Fair
              Votes:
              15 Vote for this issue
              Watchers:
              31 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: