-
Bug
-
Resolution: Unresolved
-
Blocker
-
Platforms: Linux-64
Security Realm: LDAP
Authorization: Role-Based Strategy,
Plugin: Project-Inheritance, Ownership, Role Strategy
Browser: firefox
I plan to manage and assign roles as below attachments (ManageRole.png, AssignRole.png).
For Global role, Admin is "siclee" and project role has been assigned based on project owner (using ownership plugin).
The problem is I can delete, configure, cancel JOB "A" (using Inheritance Project) but not able to run/build it under swbuild user (keep prompt me "Access Denied: swbuild is missing the Job/Build permission").
Note: Only have this issue when I using Inheritance method to create a job.
Any ideas for this issue? Is configuration or plugin issue?
Your advices needed.
- is related to
-
-
- Open
-
[JENKINS-21390] [Inheritance Plugin] - Not able to build using build button when creating a job by using Inheritance Project together with ownership + project role configuration
Sorry for the late response. Seems I've missed the notification.
I have not much experience with Inheritance plugin, so I'm not sure how it generates jobs, handles inheritance, etc. I'll try to reproduce the issue on the next week. Then I'll be able to provide some ETAs.
P.S.: I also recommend to use @OwnerNoSid and @CoOwnerNoSid macros (see the example in https://wiki.jenkins-ci.org/display/JENKINS/Ownership-Based+security). In such way you will be able to set ownership to groups (including "authenticated"), etc.
I see the stack overflow error after clicking on "Build" inside "Build Specific Version".
It seems to be an issue inside "Inheritance Plugin". Accessing to project properties from security plugins leads to such recursions, because the plugin calls permission checks.
I'll re-assign the issue to Inheritance plugin in order to get Martin's feedback
...
at hudson.security.SidACL$1.hasPermission(SidACL.java:141)
at hudson.security.SidACL._hasPermission(SidACL.java:69)
at hudson.security.SidACL.hasPermission(SidACL.java:51)
at hudson.security.ACL.hasPermission(ACL.java:64)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:448)
at jenkins.model.Jenkins.getItem(Jenkins.java:2236)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectByName(InheritanceProject.java:521)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectFromRequest(InheritanceProject.java:1826)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getUserDesiredVersionFromRequest(InheritanceProject.java:1930)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getUserDesiredVersion(InheritanceProject.java:2015)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getUserDesiredVersion(InheritanceProject.java:2008)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:182)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:2818)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:2953)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:2945)
at com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper.getOwnerProperty(JobOwnerHelper.java:57)
at com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro.getOwnership(AbstractOwnershipRoleMacro.java:68)
at com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro.hasPermission(AbstractOwnershipRoleMacro.java:94)
at com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.OwnerRoleMacro.hasPermission(OwnerRoleMacro.java:56)
at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.hasPermission(RoleMap.java:77)
at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.access$000(RoleMap.java:51)
at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap$AclImpl.hasPermission(RoleMap.java:302)
at hudson.security.SidACL$1.hasPermission(SidACL.java:141)
at hudson.security.SidACL._hasPermission(SidACL.java:69)
at hudson.security.SidACL.hasPermission(SidACL.java:51)
at hudson.security.ACL.hasPermission(ACL.java:64)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:448)
at jenkins.model.Jenkins.getItem(Jenkins.java:2236)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectByName(InheritanceProject.java:521)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectFromRequest(InheritanceProject.java:1826)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getUserDesiredVersionFromRequest(InheritanceProject.java:1930)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getUserDesiredVersion(InheritanceProject.java:2015)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getUserDesiredVersion(InheritanceProject.java:2008)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:182)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:2818)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:2953)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:2945)
at com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper.getOwnerProperty(JobOwnerHelper.java:57)
at com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro.getOwnership(AbstractOwnershipRoleMacro.java:68)
at com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro.hasPermission(AbstractOwnershipRoleMacro.java:94)
at com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.OwnerRoleMacro.hasPermission(OwnerRoleMacro.java:56)
at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.hasPermission(RoleMap.java:77)
at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.access$000(RoleMap.java:51)
at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap$AclImpl.hasPermission(RoleMap.java:302)
at hudson.security.SidACL$1.hasPermission(SidACL.java:141)
at hudson.security.SidACL._hasPermission(SidACL.java:69)
at hudson.security.SidACL.hasPermission(SidACL.java:51)
at hudson.security.ACL.hasPermission(ACL.java:64)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:448)
at jenkins.model.Jenkins.getItem(Jenkins.java:2236)
JENKINS-21021 is a similar issue. I suppose that there is nothing to do inside ownership and role-strategy plugins
Alex Ouzounis
added a comment - Hi all,
Is anyone working on this? I would be interested in having a look as long someone throws me some pointers.
Many thanks,
Alex
Alex Ouzounis
added a comment - Hi all,
Is anyone working on this? I would be interested in having a look as long someone throws me some pointers.
Many thanks,
Alex 
Martin Schröder
added a comment - Hi Alex, hi everyone else.
We've seen the issue on this tracker and have added it to our internal bug tracking system, as soon as it appeared.
Unfortunately, a big product roll-out is binding up all of our resources since the start of the year.
That means, that we can't fully focus on external bug reports, as long as we can't replicate them in our setup. We had used the "Role-Based Permission Plugin" earlier, but switched to a different in-house permission plugin, making replication problematic.
Even when we used the other plugin, we did not see an issue like this. As far as security permissions go, the Inheritance Plugin behaves exactly like any other Project, since it leaves permission handling to the "Project" superclass. The obvious caveat to this is of course, that permissions do not "trickle-down" to inherited projects. Job permissions must match a job (or its name) exactly, no inheritance is applied on them.
The weirdest thing about the issue described in the bug report is, that the screenshot shows the "Build" options in the side-panel. Those check exactly the same permissions that are needed for actually scheduling the build.
We'll try to replicate this issue and see if we can indeed find a problem.
Best regards,
Martin.
Martin Schröder
added a comment - Hi Alex, hi everyone else.
We've seen the issue on this tracker and have added it to our internal bug tracking system, as soon as it appeared.
Unfortunately, a big product roll-out is binding up all of our resources since the start of the year.
That means, that we can't fully focus on external bug reports, as long as we can't replicate them in our setup. We had used the "Role-Based Permission Plugin" earlier, but switched to a different in-house permission plugin, making replication problematic.
Even when we used the other plugin, we did not see an issue like this. As far as security permissions go, the Inheritance Plugin behaves exactly like any other Project, since it leaves permission handling to the "Project" superclass. The obvious caveat to this is of course, that permissions do not "trickle-down" to inherited projects. Job permissions must match a job (or its name) exactly, no inheritance is applied on them.
The weirdest thing about the issue described in the bug report is, that the screenshot shows the "Build" options in the side-panel. Those check exactly the same permissions that are needed for actually scheduling the build.
We'll try to replicate this issue and see if we can indeed find a problem.
Best regards,
Martin. Hi Martin,
Thanks for your reply.
To reproduce the reported issue, all you need is:
1. Install the Role Strategy Plugin
2. Install the Inheritance Plugin
3. Create Abstract inheritance project, lets call it projA, with parameter paramA, over-writable.
4. Create Inheritance project, lets call it project_final, that extends projA and overwrite inheritance parameter reference paramA.
5. Make sure user TEST_USER has no build privileges in Manage Roles, then create a Project Role with pattern project_.* and enable the job build permissions.
6. assign that role to TEST_USER via the assign roles page.
7. sign in as TEST_USER and you will see the build with parameters button in p which when you click you get user TEST_USER has no job/build permissions.
Even when I set the pattern in step 5 to .* ie everything, I still get the same error, as initially I thought that someone building project_final would require build rights for projA (sounded more like a bug rather than anything else but still)
I will try and have a look in the code to see what is happening.
Alex
Alex Ouzounis
added a comment - - edited Hi Martin,
Thanks for your reply.
To reproduce the reported issue, all you need is:
1. Install the Role Strategy Plugin
2. Install the Inheritance Plugin
3. Create Abstract inheritance project, lets call it projA, with parameter paramA, over-writable.
4. Create Inheritance project, lets call it project_final, that extends projA and overwrite inheritance parameter reference paramA.
5. Make sure user TEST_USER has no build privileges in Manage Roles, then create a Project Role with pattern project_.* and enable the job build permissions.
6. assign that role to TEST_USER via the assign roles page.
7. sign in as TEST_USER and you will see the build with parameters button in p which when you click you get user TEST_USER has no job/build permissions.
Even when I set the pattern in step 5 to .* ie everything, I still get the same error, as initially I thought that someone building project_final would require build rights for projA (sounded more like a bug rather than anything else but still)
I will try and have a look in the code to see what is happening.
Alex
Alex Ouzounis
added a comment - I also forgot to mention that I am using afitz/jenkins-inheritance-plugin which contains bugfixes I really need related to scm polling etc.
The issue reported is also present in the master i-m-c/jenkins-inheritance-plugin so no difference here, I just thought to mention it.
Alex Ouzounis
added a comment - I also forgot to mention that I am using afitz/jenkins-inheritance-plugin which contains bugfixes I really need related to scm polling etc.
The issue reported is also present in the master i-m-c/jenkins-inheritance-plugin so no difference here, I just thought to mention it. Martin Schröder
added a comment - It's very curious, because the reproduction steps outlined by you closely mirror what we did, when we still used the "Role Strategy Plugin".
But since the issue seems really easy to replicate (thanks for the detailed guide, by the way!), we should be able to track down this issue.
As for using the afitz/jenkins-inheritance-plugin branch, that's okay. Our own code-base is using a related patch to the one in his branch, so it shouldn't be a problem. When we get a bit more breathing room after the roll-out is done, we'll publish all those changes that have occurred in out internal codebase.
At the moment, we simply lack the time to properly test the openly published releases. After all, testing for an internal project is always easier than testing for the rest of the world. 
Martin Schröder
added a comment - It's very curious, because the reproduction steps outlined by you closely mirror what we did, when we still used the "Role Strategy Plugin".
But since the issue seems really easy to replicate (thanks for the detailed guide, by the way!), we should be able to track down this issue.
As for using the afitz/jenkins-inheritance-plugin branch, that's okay. Our own code-base is using a related patch to the one in his branch, so it shouldn't be a problem. When we get a bit more breathing room after the roll-out is done, we'll publish all those changes that have occurred in out internal codebase.
At the moment, we simply lack the time to properly test the openly published releases. After all, testing for an internal project is always easier than testing for the rest of the world. @Martin
See the stacktrace above.
The issue is caused by getProjectByName(), which invokes the permission check on the job.
If any SecurityStrategy tries to access job properties, there will be an infinite cycle
Alex Ouzounis
added a comment - Hi Martin,
I am seeing the exact same issue when using the Jenkins core "Project-based Matrix Authorization Strategy".
So we can clearly rule out this being an issue of the Role-Based Strategy Plugin.
Alex
Alex Ouzounis
added a comment - Hi Martin,
I am seeing the exact same issue when using the Jenkins core "Project-based Matrix Authorization Strategy".
So we can clearly rule out this being an issue of the Role-Based Strategy Plugin.
Alex Alex Ouzounis
added a comment - Hi Oleg,
So what do you propose in doing ? All the code does is call the Jenkins.getItem method which in turn check for read permissions.
That looks sensible to me. What do you think ?
Alex
Alex Ouzounis
added a comment - Hi Oleg,
So what do you propose in doing ? All the code does is call the Jenkins.getItem method which in turn check for read permissions.
That looks sensible to me. What do you think ?
Alex @Oleg
We previously already had a bug, that caused a deadlock on getProperties(), that was also caused by a zealous property check on a seemingly innocuous function call. That was solved by adding a suitable locking mechanism.
As such, it is possible that the code might not just risk a deadlock or infinite loop, but also might run into the simple permission check issue from this ticket. After all, to determine if a Job can be built, it must look if the settings it inherits from its parent make sense; thus it needs to retrieve the properties of its parents.
We'll try to trace this bug in a debugging session based on your stacktrace and Alex's replication guide. We'll keep you posted once we've fixed it. Of course, since the code is open source, you can also try to dig into it. We are certainly no strangers to "external" patch submissions.
Martin Schröder
added a comment - - edited @Oleg
We previously already had a bug, that caused a deadlock on getProperties(), that was also caused by a zealous property check on a seemingly innocuous function call. That was solved by adding a suitable locking mechanism.
As such, it is possible that the code might not just risk a deadlock or infinite loop, but also might run into the simple permission check issue from this ticket. After all, to determine if a Job can be built, it must look if the settings it inherits from its parent make sense; thus it needs to retrieve the properties of its parents.
We'll try to trace this bug in a debugging session based on your stacktrace and Alex's replication guide. We'll keep you posted once we've fixed it. Of course, since the code is open source, you can also try to dig into it. We are certainly no strangers to "external" patch submissions. Hi Martin,
Some good news.
I noticed your recent changes and I pulled them to my fork ( https://github.com/alexouzounis/jenkins-inheritance-plugin ) which in turn is a fork of https://github.com/afitz/jenkins-inheritance-plugin because I need the changes for the SCM trigger etc.
As a quick Sunday project I pulled your changes from https://github.com/i-m-c/jenkins-inheritance-plugin and apart from a few conflicts in the InheritanceGovernor the merge went fine.
Rebooted Jenkins and it seems that now the Role Strategy plugins works as expected. Creating a role for some inheritance projects to have build rights works now as expected.
As far as I am concerned the issue is now resolved from your latest changes and the ticket can be closed.
It would be nice though for you to merge the changes from https://github.com/afitz/jenkins-inheritance-plugin ( I think there is a pull request from him already ) so that we can stop maintaining our own forks.
Thanks,
Alex
======
UPATE: see comment below, still it does not work
Alex Ouzounis
added a comment - - edited Hi Martin,
Some good news.
I noticed your recent changes and I pulled them to my fork ( https://github.com/alexouzounis/jenkins-inheritance-plugin ) which in turn is a fork of https://github.com/afitz/jenkins-inheritance-plugin because I need the changes for the SCM trigger etc.
As a quick Sunday project I pulled your changes from https://github.com/i-m-c/jenkins-inheritance-plugin and apart from a few conflicts in the InheritanceGovernor the merge went fine.
Rebooted Jenkins and it seems that now the Role Strategy plugins works as expected. Creating a role for some inheritance projects to have build rights works now as expected.
As far as I am concerned the issue is now resolved from your latest changes and the ticket can be closed.
It would be nice though for you to merge the changes from https://github.com/afitz/jenkins-inheritance-plugin ( I think there is a pull request from him already ) so that we can stop maintaining our own forks.
Thanks,
Alex
======
UPATE: see comment below, still it does not work please ignore the above comment..
unfortunately I spoke too soon.. 
I just had a misconfiguration in the role strategies.. Well it was worth the try anyway..
All I get is:
INFO: While serving http://JENKINS_HOME/job/JOB_TO_BUILD/build: hudson.security.AccessDeniedException2: USER is missing the Job/Build permission
no exception or anything which is rather confusing
Alex Ouzounis
added a comment - - edited please ignore the above comment..
unfortunately I spoke too soon.. I just had a misconfiguration in the role strategies.. Well it was worth the try anyway..
All I get is:
INFO: While serving http://JENKINS_HOME/job/JOB_TO_BUILD/build: hudson.security.AccessDeniedException2: USER is missing the Job/Build permission
no exception or anything which is rather confusing found the bug and fixed it in my fork. The problem was in the doBuild method of the InheritanceProject where you call the ACL to see if the user has permissions to build. Problem was you were not using the super method checkPermission from the AbstractItem but implementing it your self.
here is my commit: https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef
As you can see, what was currently happening is:
ACL acl = Jenkins.getInstance().getACL();
acl.checkPermission(BUILD);
whereas the super.checkPermission does:
Jenkins.getInstance().getAuthorizationStrategy().getACL(this).checkPermission(BUILD);
The difference is that before the ROOT ACL was used (i.e. the global config) whereas now it also takes into account permissions available specifically for that project.
Feel free to merge back.
Alex
Alex Ouzounis
added a comment - - edited found the bug and fixed it in my fork. The problem was in the doBuild method of the InheritanceProject where you call the ACL to see if the user has permissions to build. Problem was you were not using the super method checkPermission from the AbstractItem but implementing it your self.
here is my commit: https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef
As you can see, what was currently happening is:
ACL acl = Jenkins.getInstance().getACL();
acl.checkPermission(BUILD);
whereas the super.checkPermission does:
Jenkins.getInstance().getAuthorizationStrategy().getACL(this).checkPermission(BUILD);
The difference is that before the ROOT ACL was used (i.e. the global config) whereas now it also takes into account permissions available specifically for that project.
Feel free to merge back.
Alex 
Helmut Schaa
added a comment - I've just ran into the same issue where the inheritance plugin in conjunction with the project based matrix authorization plugin causes a stack overflow due to an infinite recursion.
The fix mentioned by Alex in the previous commit does however not fix the problem.
Here's part of the strack trace. I've cut it since it's repeating anyway.
java.lang.StackOverflowError
at hudson.model.ParameterDefinition.<init>(ParameterDefinition.java:111)
at hudson.model.SimpleParameterDefinition.<init>(SimpleParameterDefinition.java:19)
at hudson.model.ChoiceParameterDefinition.<init>(ChoiceParameterDefinition.java:44)
at hudson.model.ChoiceParameterDefinition.copyWithDefaultValue(ChoiceParameterDefinition.java:53)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194)
at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54)
at hudson.model.Job.getACL(Job.java:1482)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505)
at jenkins.model.Jenkins.getItem(Jenkins.java:2344)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectByName(InheritanceProject.java:521)
at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.reloadProjectObject(AbstractProjectReference.java:90)
at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.<init>(AbstractProjectReference.java:71)
at hudson.plugins.project_inheritance.projects.references.SimpleProjectReference.<init>(SimpleProjectReference.java:43)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllParentReferences(InheritanceProject.java:2599)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.getAllScopedParameterDefinitions(InheritanceParametersDefinitionProperty.java:551)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getParent(InheritableStringParameterReferenceDefinition.java:80)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getDescription(InheritableStringParameterReferenceDefinition.java:168)
at hudson.model.StringParameterDefinition.getDefaultParameterValue(StringParameterDefinition.java:68)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:641)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:56)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194)
at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54)
at hudson.model.Job.getACL(Job.java:1482)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505)
at jenkins.model.Jenkins.getItem(Jenkins.java:2344)
Helmut Schaa
added a comment - I've just ran into the same issue where the inheritance plugin in conjunction with the project based matrix authorization plugin causes a stack overflow due to an infinite recursion.
The fix mentioned by Alex in the previous commit does however not fix the problem.
Here's part of the strack trace. I've cut it since it's repeating anyway.
java.lang.StackOverflowError
at hudson.model.ParameterDefinition.<init>(ParameterDefinition.java:111)
at hudson.model.SimpleParameterDefinition.<init>(SimpleParameterDefinition.java:19)
at hudson.model.ChoiceParameterDefinition.<init>(ChoiceParameterDefinition.java:44)
at hudson.model.ChoiceParameterDefinition.copyWithDefaultValue(ChoiceParameterDefinition.java:53)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194)
at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54)
at hudson.model.Job.getACL(Job.java:1482)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505)
at jenkins.model.Jenkins.getItem(Jenkins.java:2344)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectByName(InheritanceProject.java:521)
at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.reloadProjectObject(AbstractProjectReference.java:90)
at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.<init>(AbstractProjectReference.java:71)
at hudson.plugins.project_inheritance.projects.references.SimpleProjectReference.<init>(SimpleProjectReference.java:43)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllParentReferences(InheritanceProject.java:2599)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.getAllScopedParameterDefinitions(InheritanceParametersDefinitionProperty.java:551)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getParent(InheritableStringParameterReferenceDefinition.java:80)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getDescription(InheritableStringParameterReferenceDefinition.java:168)
at hudson.model.StringParameterDefinition.getDefaultParameterValue(StringParameterDefinition.java:68)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:641)
at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:56)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181)
at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71)
at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062)
at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038)
at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202)
at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194)
at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54)
at hudson.model.Job.getACL(Job.java:1482)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505)
at jenkins.model.Jenkins.getItem(Jenkins.java:2344)
Abhishek Joshi
added a comment - I am also facing the same issue, with Inheritance and Role strategy plug-in; I have project roles for some specific jobs and everything works fine except Build, when you try to build the job( Build with parameters link is displayed correctly) it shows Access Denied error -
Has anyone tried the fix provided by Alex Ouzounis?
Abhishek Joshi
added a comment - I am also facing the same issue, with Inheritance and Role strategy plug-in; I have project roles for some specific jobs and everything works fine except Build, when you try to build the job( Build with parameters link is displayed correctly) it shows Access Denied error -
Has anyone tried the fix provided by Alex Ouzounis? 
Suvir Pavin
added a comment - We are also having similar issue. Can this be fixed ASAP? We have to give user's Global Permission as a workaround which is not good. Please fix this ASAP.
Suvir Pavin
added a comment - We are also having similar issue. Can this be fixed ASAP? We have to give user's Global Permission as a workaround which is not good. Please fix this ASAP. Suvir Pavin
added a comment - oleg_nenashev I tested change done by alex_ouzounis https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef
This seems to be working, can we include this as part of next release
Suvir Pavin
added a comment - oleg_nenashev I tested change done by alex_ouzounis https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef
This seems to be working, can we include this as part of next release suvir_pavin I am not a maintainer of the Inheritance Project plugin, so I cannot help much. Currently the plugin is being hosted outside the jenkinsci organization on GitHub, and I am not sure that mhschroe is reachable. I would recommend reaching out to the maintainer somehow.
Suvir Pavin
added a comment - Suvir Pavin
added a comment - Thanks oleg_nenashev for the info.
mhschroe can you please include the fix as part of next release?
Owners no have permission to run the build in Jenkins.