[JENKINS-14736] Secured pages should redirect to login prompt instead of generating 404

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: _unsorted
Labels:
- 404
- authentication
- error
- security

Similar Issues:
Powered by SuggestiMate

Show

Using version 1.475

We have set our permissions to disallow anonymous "read job". What ends up happening is that when you are logged out and try to access a build or a job (Example: http://jenkins.core:8080/job/campaign-management%20release-candidate/210/) Jenkins returns 404 instead of redirecting you to the log-in page. At the minimum, it should display an error message that you are not authenticated.

Error returned below:

Status Code: 404

Exception:
Stacktrace:
(none)

Generated by Winstone Servlet Engine v0.9.10 at Wed Aug 08 16:00:55 EDT 2012

is blocking

JENKINS-13999 The new discover permission breaks the tabbed view

Resolved

Alex Rovner created issue - 2012-08-08 20:11

evernat added a comment - 2013-08-08 08:57

reproduced using Jenkins 1.526

evernat added a comment - 2013-08-08 08:57 reproduced using Jenkins 1.526

Klokie Grossfeld made changes - 2013-10-19 08:54

Labels

New: 404 authentication error security

mdp added a comment - 2013-11-28 12:08

Isn't it what the discover permission is for?

mdp added a comment - 2013-11-28 12:08 Isn't it what the discover permission is for?

Klokie Grossfeld added a comment - 2013-11-28 12:22 - edited

You're right - I had no idea! I enabled the "Discover" permission for Jobs, and now anonymous users are redirected to the login form.
I've noted this in the documentation for Matrix-based security.
Cheers!

Klokie Grossfeld added a comment - 2013-11-28 12:22 - edited You're right - I had no idea! I enabled the "Discover" permission for Jobs, and now anonymous users are redirected to the login form. I've noted this in the documentation for Matrix-based security . Cheers!

Klokie Grossfeld made changes - 2013-11-28 12:26

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Joshua Ayson added a comment - 2013-12-06 21:10

When using discover permission with anonymous user it overrides ability to limit build access to users assigned explicit permissions set by turning authenticated to just overall read, without build or view read. In this case with discover on, authenticated users see no jobs.

Joshua Ayson added a comment - 2013-12-06 21:10 When using discover permission with anonymous user it overrides ability to limit build access to users assigned explicit permissions set by turning authenticated to just overall read, without build or view read. In this case with discover on, authenticated users see no jobs.

Joshua Ayson made changes - 2013-12-06 21:10

Link

New: This issue is blocking ~~JENKINS-13999~~ [ ~~JENKINS-13999~~ ]

R. Tyler Croy made changes - 2016-07-25 23:55

Workflow

Original: JNJira [ 145432 ]

New: JNJira + In-Review [ 191485 ]

Jenkins IRC Bot made changes - 2017-04-15 23:15

Component/s		New: _unsorted [ 19622 ]
Component/s	Original: security [ 15508 ]

Assignee:: Unassigned

Reporter:: Alex Rovner

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2012-08-08 20:11

Updated:: 2017-04-15 23:15

Resolved:: 2013-11-28 12:26

Details

Description

Attachments

Issue Links

Activity

Collapse comment: evernat added a comment - 2013-08-08 08:57

Expand comment: evernat added a comment - 2013-08-08 08:57

Collapse comment: mdp added a comment - 2013-11-28 12:08

Expand comment: mdp added a comment - 2013-11-28 12:08

Collapse comment: Klokie Grossfeld added a comment - 2013-11-28 12:22, Edited by Klokie Grossfeld - 2013-11-28 12:25

Expand comment: Klokie Grossfeld added a comment - 2013-11-28 12:22, Edited by Klokie Grossfeld - 2013-11-28 12:25

Collapse comment: Joshua Ayson added a comment - 2013-12-06 21:10

Expand comment: Joshua Ayson added a comment - 2013-12-06 21:10

People

Dates