Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1684

403 errors on project configuration with matrix-based security

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Critical Critical
    • matrix-auth-plugin
    • None
    • Platform: All, OS: All

      Kirk True <ktrue@linkedin.com> wrote to mailing list:

      Hi all,

      We're running 1.198 and are trying to switch over to matrix-based security, but
      we're seeing some issues.

      I have defined a user that has all permissions (job create, configure, etc.)
      except Administer (under the "Overall" section).

      When that user views an existing job configuration screen, we see the following
      error under the "Repository URL" and "Repository browser" URL sections:

      Status Code: 403
      Exception:
      Stacktrace:

      (none)

      Attempting to save the configuration as this user doesn't work either as we get
      the same 403 error on a screen all by itself. However, nothing seems to show up
      in the logs.

      When that user attempts to create a new job, we get a new job configuration
      screen (which has the same ‘403’ error right under the new job name), but this
      time I see some output in the logs:

      [webapp 2008/05/05 22:31:09] - Error while serving
      http://hudson.qa.linkedin.com:8080null
      java.lang.reflect.InvocationTargetException
      at sun.reflect.GeneratedMethodAccessor748.invoke(Unknown Source)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
      at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:69)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.MetaClass$9.doDispatch(MetaClass.java:248)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:301)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:98)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:52)
      at
      hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:28)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: java.lang.IllegalStateException: OutputStream already committed
      at winstone.WinstoneResponse.sendRedirect(WinstoneResponse.java:723)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at hudson.model.Job.doConfigSubmit(Job.java:738)
      at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:292)
      ... 40 more

      [Winstone 2008/05/05 22:31:09] - Untrapped Error in Servlet
      java.lang.IllegalStateException: OutputStream already committed
      at winstone.WinstoneResponse.sendRedirect(WinstoneResponse.java:723)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525)
      at
      javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:70)
      at hudson.model.Job.doConfigSubmit(Job.java:738)
      at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:292)
      at sun.reflect.GeneratedMethodAccessor748.invoke(Unknown Source)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
      at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:69)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.MetaClass$9.doDispatch(MetaClass.java:248)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:301)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:98)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:52)
      at
      hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:28)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:595)

      javax.servlet.ServletException: OutputStream already committed
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:374)
      at org.kohsuke.stapler.MetaClass$9.doDispatch(MetaClass.java:248)
      at
      org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:365)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:301)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:98)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:52)
      at
      hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:28)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at
      hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:55)
      at
      hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:44)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at
      winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
      at java.lang.Thread.run(Thread.java:595)

      Any ideas?

      Kirk

      I have same problem with last version of Hudson 1.213.

        1. 0-hudson-developer-permissions.png
          43 kB
          shamoh
        2. 1-hudson-developer-new_job.png
          49 kB
          shamoh
        3. 2-hudson-developer-job_edit.png
          48 kB
          shamoh
        4. screenshot-1.jpg
          44 kB
          Thorsten Löber

            Unassigned Unassigned
            shamoh shamoh
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: