Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15437

ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core

      I have Jenkins set up with Project-based Matrix Authorization Strategy and have several custom build views.

      If a user attempts to switch to a view that has 1 or more projects that they do not have access to, Chrome brings up an error page with Error 330 (net::ERR_CONTENT_DECODING_FAILED: Unknown Error. Firefox brings up an error page saying "Content Encoding Error".

      Expected behavior would be to show no error and only show projects that the user has access to.

          [JENKINS-15437] ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization

          Grant Limberg created issue -

          I cannot reproduce this. Can you give me some more exact steps. Also, are you using the view-job-filters plugin?

          Jacob Robertson added a comment - I cannot reproduce this. Can you give me some more exact steps. Also, are you using the view-job-filters plugin?

          Grant Limberg added a comment -

          My mistake. I think I miscategorized the component for this case. The issue I'm dealing with is in the normal dashboard views. I'm not using the view-job-filters plugin.

          Grant Limberg added a comment - My mistake. I think I miscategorized the component for this case. The issue I'm dealing with is in the normal dashboard views. I'm not using the view-job-filters plugin.
          Grant Limberg made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: view-job-filters [ 15736 ]

          Grant Limberg added a comment -

          Just to add a bit more detail to the issue I'm running up against.

          I'm using Project-based Matrix Authorization Strategy with the Unix user/group database security realm. I have 3 groups of users. The access configuration can be seen here: http://i.imgur.com/YiIMr.png

          The jenkins-user group is given access to jobs on a job-by-job basis. An example job matrix auth strategy for a project the 'jenkins-user' group has access to can be seen here: http://i.imgur.com/UW1ZK.png.

          Now, if I add a view (any view but the All view) to Jenkins that contains a single project that doesn't have the "Job Read" access level checked for a member of the jenkins-user group, the jenkins-user group member gets the error as described above. If all jobs in a view have the "Job Read" acces level checked for the jenkins-user group, then all is fine and the view loads as expected.

          Grant Limberg added a comment - Just to add a bit more detail to the issue I'm running up against. I'm using Project-based Matrix Authorization Strategy with the Unix user/group database security realm. I have 3 groups of users. The access configuration can be seen here: http://i.imgur.com/YiIMr.png The jenkins-user group is given access to jobs on a job-by-job basis. An example job matrix auth strategy for a project the 'jenkins-user' group has access to can be seen here: http://i.imgur.com/UW1ZK.png . Now, if I add a view (any view but the All view) to Jenkins that contains a single project that doesn't have the "Job Read" access level checked for a member of the jenkins-user group, the jenkins-user group member gets the error as described above. If all jobs in a view have the "Job Read" acces level checked for the jenkins-user group, then all is fine and the view loads as expected.
          Grant Limberg made changes -
          Component/s New: gui [ 15492 ]
          Jacob Robertson made changes -
          Assignee Original: Jacob Robertson [ jacob_robertson ]

          Grant Limberg added a comment - - edited

          Here's the list of plugins I'm currently running as well.

          name version enabled pinned
          external-monitor-job 1.1 true true
          ldap 1.1 true false
          pam-auth 1.0 true false
          ant 1.1 true false
          javadoc 1.0 true false
          cvs 2.6 true true
          next-build-number 1.0 false false
          scp 1.8 false false
          jython 1.9 true false
          bugzilla 1.5 false false
          setenv 1.1 true false
          cmakebuilder 1.9 false false
          ftppublisher 1.2 true false
          locks-and-latches 0.6 false false
          python 1.2 true false
          chucknorris 0.4 true false
          subversion 1.43 true true
          parameterized-trigger 2.16 true false
          token-macro 1.5.1 true false
          maven-plugin 1.486 true true
          copyartifact 1.24 true false
          jira 1.35 false false
          perforce 1.3.17 true false
          analysis-core 1.48 true false
          s3 0.3.0-SNAPSHOT (private-04/19/2012 22:11-grant) true false
          email-ext 2.24.1 true false
          view-job-filters 1.22 true false
          publish-over-ssh 1.8 false false
          translation 1.9 true true
          shelve-project-plugin 1.3 false false
          virtualbox 0.6 true false
          cppcheck 1.10 true false
          warnings 4.18 true false
          jenkins-multijob-plugin 1.5 true false
          redmine 0.10 true false
          ssh-slaves 0.21 true true
          xcode-plugin 1.3.1 true false
          envinject 1.72 true false
          promoted-builds 2.7 true false
          scm-sync-configuration 0.0.6 false false
          greenballs 1.12 true false
          timestamper 1.3.2 true false
          clang-scanbuild-plugin 1.3.1 true false
          ci-game 1.19 true false

          Grant Limberg added a comment - - edited Here's the list of plugins I'm currently running as well. name version enabled pinned external-monitor-job 1.1 true true ldap 1.1 true false pam-auth 1.0 true false ant 1.1 true false javadoc 1.0 true false cvs 2.6 true true next-build-number 1.0 false false scp 1.8 false false jython 1.9 true false bugzilla 1.5 false false setenv 1.1 true false cmakebuilder 1.9 false false ftppublisher 1.2 true false locks-and-latches 0.6 false false python 1.2 true false chucknorris 0.4 true false subversion 1.43 true true parameterized-trigger 2.16 true false token-macro 1.5.1 true false maven-plugin 1.486 true true copyartifact 1.24 true false jira 1.35 false false perforce 1.3.17 true false analysis-core 1.48 true false s3 0.3.0-SNAPSHOT (private-04/19/2012 22:11-grant) true false email-ext 2.24.1 true false view-job-filters 1.22 true false publish-over-ssh 1.8 false false translation 1.9 true true shelve-project-plugin 1.3 false false virtualbox 0.6 true false cppcheck 1.10 true false warnings 4.18 true false jenkins-multijob-plugin 1.5 true false redmine 0.10 true false ssh-slaves 0.21 true true xcode-plugin 1.3.1 true false envinject 1.72 true false promoted-builds 2.7 true false scm-sync-configuration 0.0.6 false false greenballs 1.12 true false timestamper 1.3.2 true false clang-scanbuild-plugin 1.3.1 true false ci-game 1.19 true false

          joni r added a comment -

          I came across same issue while setting up Project-based Matrix Authorization Strategy -scheme. As a workaround I set job-read permission to all authenticated users at Jenkins level.

          joni r added a comment - I came across same issue while setting up Project-based Matrix Authorization Strategy -scheme. As a workaround I set job-read permission to all authenticated users at Jenkins level.
          Kohsuke Kawaguchi made changes -
          Assignee New: Kohsuke Kawaguchi [ kohsuke ]

            kohsuke Kohsuke Kawaguchi
            glimberg Grant Limberg
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: