Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1684

403 errors on project configuration with matrix-based security

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Critical Critical
    • matrix-auth-plugin
    • None
    • Platform: All, OS: All

      Kirk True <ktrue@linkedin.com> wrote to mailing list:

      Hi all,

      We're running 1.198 and are trying to switch over to matrix-based security, but
      we're seeing some issues.

      I have defined a user that has all permissions (job create, configure, etc.)
      except Administer (under the "Overall" section).

      When that user views an existing job configuration screen, we see the following
      error under the "Repository URL" and "Repository browser" URL sections:

      Status Code: 403
      Exception:
      Stacktrace:

      (none)

      Attempting to save the configuration as this user doesn't work either as we get
      the same 403 error on a screen all by itself. However, nothing seems to show up
      in the logs.

      When that user attempts to create a new job, we get a new job configuration
      screen (which has the same ‘403’ error right under the new job name), but this
      time I see some output in the logs:

      [webapp 2008/05/05 22:31:09] - Error while serving
      http://hudson.qa.linkedin.com:8080null
      java.lang.reflect.InvocationTargetException
      at sun.reflect.GeneratedMethodAccessor748.invoke(Unknown Source)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
      at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:69)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.MetaClass$9.doDispatch(MetaClass.java:248)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:301)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:98)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:52)
      at
      hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:28)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: java.lang.IllegalStateException: OutputStream already committed
      at winstone.WinstoneResponse.sendRedirect(WinstoneResponse.java:723)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at hudson.model.Job.doConfigSubmit(Job.java:738)
      at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:292)
      ... 40 more

      [Winstone 2008/05/05 22:31:09] - Untrapped Error in Servlet
      java.lang.IllegalStateException: OutputStream already committed
      at winstone.WinstoneResponse.sendRedirect(WinstoneResponse.java:723)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at hudson.model.Job.doConfigSubmit(Job.java:738)
      at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:292)
      at sun.reflect.GeneratedMethodAccessor748.invoke(Unknown Source)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
      at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:69)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.MetaClass$9.doDispatch(MetaClass.java:248)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:301)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:98)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:52)
      at
      hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:28)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:595)

      javax.servlet.ServletException: OutputStream already committed
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:374)
      at org.kohsuke.stapler.MetaClass$9.doDispatch(MetaClass.java:248)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:301)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:98)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:52)
      at
      hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:28)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:595)

      Any ideas?

      Kirk

      I have same problem with last version of Hudson 1.213.

          [JENKINS-1684] 403 errors on project configuration with matrix-based security

          shamoh added a comment -

          Created an attachment (id=251)
          403 error on job edit page.

          shamoh added a comment - Created an attachment (id=251) 403 error on job edit page.

          Alan Harder added a comment -

          I think this should be fixed by my patch in issue #2715

          Alan Harder added a comment - I think this should be fixed by my patch in issue #2715

          Alan Harder added a comment -

          Setting to started

          Alan Harder added a comment - Setting to started

          Alan Harder added a comment -

          issue #2715 has been fixed, closing this as duplicate.

              • This issue has been marked as a duplicate of 2715 ***

          Alan Harder added a comment - issue #2715 has been fixed, closing this as duplicate. This issue has been marked as a duplicate of 2715 ***

          Currently exactly the same happens to us again.

          Thorsten Löber added a comment - Currently exactly the same happens to us again.

          evernat added a comment -

          @Thorsten
          Is it reproduced with a recent version of Jenkins?

          evernat added a comment - @Thorsten Is it reproduced with a recent version of Jenkins?

          Dmytro F added a comment -

          I have similar problem on 1.520. "Build now" doesn't work. "Post-build" dropdown does nothing. In all these cases console shows "POST ... 403 Fobidden".

          Dmytro F added a comment - I have similar problem on 1.520. "Build now" doesn't work. "Post-build" dropdown does nothing. In all these cases console shows "POST ... 403 Fobidden".

          Dmytro F added a comment -

          I have found "Prevent Cross Site Request Forgery exploits" was causing this problem.

          Dmytro F added a comment - I have found "Prevent Cross Site Request Forgery exploits" was causing this problem.

          James Nord added a comment -

          This is an incredibly old report and there are lots of users of this plugin.

           

          So is this still an issue for anyone here - or can it be closed as unpronounceable?

          James Nord added a comment - This is an incredibly old report and there are lots of users of this plugin.   So is this still an issue for anyone here - or can it be closed as unpronounceable?

          Daniel Beck added a comment -

          Probably long obsolete.

          If anyone encounters something that looks like this, please file a new issue, instead of reopening this one, which is almost a decade old.

          Daniel Beck added a comment - Probably long obsolete. If anyone encounters something that looks like this, please file a new issue, instead of reopening this one, which is almost a decade old.

            Unassigned Unassigned
            shamoh shamoh
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: