[JENKINS-1678] Securing Remote Triggers with tokens not working

Type: Bug
Resolution: Won't Fix
Priority: Major
Component/s: other
Labels:
None
Environment:
Platform: All, OS: All

Similar Issues:
Powered by SuggestiMate

Show

Configuration: Hudson is configured for internal user authentication,
matrix-based security.

As per bug 1555, if anonymous does not have overall read permission in addition
to job/build, then remote trigger does not work, with or without token.

If token is configured on a job, and anonymous is granted overall/read and
job/build rights (bug 1555 - read access required to trigger remote build), the
job can be built without a token - job/JOBNAME/build will build (no need for
?token=xyz).

Hudson version 1.184

depends on

JENKINS-1555 Remote triggering of builds requires anonymous user Read permission

Resolved

brettcave added a comment - 2008-05-15 03:14

have upgraded to 1.213, this is still not resolved.

brettcave added a comment - 2008-05-15 03:14 have upgraded to 1.213, this is still not resolved.

Alan Harder added a comment - 2010-01-18 20:13

Closing old issue.. reopen and explain in more detail if there is still a problem on a recent Hudson release, thanks.

Alan Harder added a comment - 2010-01-18 20:13 Closing old issue.. reopen and explain in more detail if there is still a problem on a recent Hudson release, thanks.

peter_schuetze added a comment - 2010-04-21 05:50 - edited

My last test was with Hudson 1.329 and Active Directory Plugin 1.16, I have matrix security setup and the anonymous user got overall read access so you see the login link when connecting to http://server:port. There is no anonymous read access to jobs, since they should be hidden to non authorized users.

I set up the security token for one job. and try to trigger it. No success. Than I added build permissions for the anonymous user for that job. No success. Than I added read permissions for the anonymous user. Now it works. However, everyone can see the job, which is no go for us. In addition, I don't need the token to trigger the build.

peter_schuetze added a comment - 2010-04-21 05:50 - edited My last test was with Hudson 1.329 and Active Directory Plugin 1.16, I have matrix security setup and the anonymous user got overall read access so you see the login link when connecting to http://server:port . There is no anonymous read access to jobs, since they should be hidden to non authorized users. I set up the security token for one job. and try to trigger it. No success. Than I added build permissions for the anonymous user for that job. No success. Than I added read permissions for the anonymous user. Now it works. However, everyone can see the job, which is no go for us. In addition, I don't need the token to trigger the build.

Alan Harder added a comment - 2010-04-21 19:50

Reclosing.. see (B) in JENKINS-3822.

Alan Harder added a comment - 2010-04-21 19:50 Reclosing.. see (B) in JENKINS-3822 .

Assignee:: Unassigned

Reporter:: brettcave

Votes:: 2 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2008-05-13 08:22

Updated:: 2011-02-10 19:21

Resolved:: 2010-04-21 19:50

Details

Description

Attachments

Issue Links

Activity

Collapse comment: brettcave added a comment - 2008-05-15 03:14

Expand comment: brettcave added a comment - 2008-05-15 03:14

Collapse comment: Alan Harder added a comment - 2010-01-18 20:13

Expand comment: Alan Harder added a comment - 2010-01-18 20:13

Collapse comment: peter_schuetze added a comment - 2010-04-21 05:50, Edited by peter_schuetze - 2010-04-21 05:51

Expand comment: peter_schuetze added a comment - 2010-04-21 05:50, Edited by peter_schuetze - 2010-04-21 05:51

Collapse comment: Alan Harder added a comment - 2010-04-21 19:50

Expand comment: Alan Harder added a comment - 2010-04-21 19:50

People

Dates