Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2305

Project-based Matrix Security is not working after Hudson restart

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • _unsorted
    • None
    • Platform: All, OS: All

    Description

      This issue has come up in a thread on the Hudson mailing list so thought I'd
      transfer here for an "official" record:

      "I am having a problem when I restart hudson after "successfully" setting up
      matrix based security.

      To set up the Hudson security, I am selecting "Enable Security", then choosing
      "Hudson's own user database" and "Project-based Matrix Authorization Strategy".

      I then give the anonymous account, "Overall-Read" and "Job-Build" rights, and I
      create an admin account that has the right to do everything except "SCM-Tag".

      I save this config and everything works great until I try to restart hudson.

      When I try to restart hudson I can no longer click around and view the builds as
      the non logged in anonymous user like I could before the restart.

      Instead I am only prompted for a username and password. When I enter the admin
      username and password (which worked many times before therestart), I get this
      error message:

      Access Denied
      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@410ce2ce:
      Username: hudson.security.HudsonPrivateSecurityRealm$Details@8e7f54; Password:
      [PROTECTED]; Authenticated: true; Details:
      org.acegisecurity.ui.WebAuthenticationDetails@7798: RemoteIpAddress:
      129.150.66.123; SessionId: 49daddb10088039a2d196487a5ae0a73; Granted
      Authorities: authenticated is missing Read

      I am using Hudson 1.248
      and JDK build 1.5.0_09"

      +

      "I'm experiencing the same problem. While using "Hudson's own user database,"
      I have tried using both the general matrix auth strategy as well as the
      project based version. In both cases I also cannot log in to hudson after
      restarting Tomcat. The error message I get is:
      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@3efe96a3:
      Username: hudson.security.HudsonPrivateSecurityRealm$Details@5777b4d3;
      Password: [PROTECTED]; Authenticated: true; Details:
      org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress:
      127.0.0.1; SessionId: A9A673194D39F0426C655FB715F1BB4B; Granted Authorities:
      authenticated is missing Read

      I am using:
      Hudson 1.245
      Tomcat 6.0.16
      Apache 2.2.3 (reverse proxy to hudson on Tomcat)
      Java 1.6.0_06"

      +

      I have the same issue with 1.245 running as Windows service.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-2454 Project-base Matrix Authorization Strategy

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 8 older comments
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in hudson
            User: : dty
            Path:
            trunk/hudson/main/core/src/main/java/hudson/security/AuthorizationMatrixProperty.java
            trunk/hudson/main/core/src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
            trunk/www/changelog.html
            http://fisheye4.cenqua.com/changelog/hudson/?cs=13223
            Log:
            FIX JENKINS-2305 - Use Project Security setting not being persisted.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : dty Path: trunk/hudson/main/core/src/main/java/hudson/security/AuthorizationMatrixProperty.java trunk/hudson/main/core/src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=13223 Log: FIX JENKINS-2305 - Use Project Security setting not being persisted.
            dty Dean Yu added a comment -

            I believe this is completely fixed with 1.262.

            dty Dean Yu added a comment - I believe this is completely fixed with 1.262.
            holgergp holgergp added a comment -

            I am still getting complaints when using Project-based Matrix Security:

            Access Denied

            org.acegisecurity.providers.UsernamePasswordAuthenticationToken@932218e3:
            Username: hudson.security.HudsonPrivateSecurityRealm$Details@f2c499; Password:
            [PROTECTED]; Authenticated: true; Details:
            org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 192.168.5.43;
            SessionId: D53F6B32BB4C41115A77FDBA9BE2F136; Granted Authorities: authenticated
            is missing Administer.

            I am using v. 1.262
            JDK 1.6.0_10
            Tomcat 6.0.18 running as Windows service

            I am using Project-based Matrix Security with one administrative role (having
            every single right)and various users lacking the "administer"-right. I both
            tried the internal user db and Active Directory. If I configure my project
            logged in as a "user" then those aforementioned error messages appear on the
            configuration page.

            holgergp holgergp added a comment - I am still getting complaints when using Project-based Matrix Security: Access Denied org.acegisecurity.providers.UsernamePasswordAuthenticationToken@932218e3: Username: hudson.security.HudsonPrivateSecurityRealm$Details@f2c499; Password: [PROTECTED] ; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 192.168.5.43; SessionId: D53F6B32BB4C41115A77FDBA9BE2F136; Granted Authorities: authenticated is missing Administer. I am using v. 1.262 JDK 1.6.0_10 Tomcat 6.0.18 running as Windows service I am using Project-based Matrix Security with one administrative role (having every single right)and various users lacking the "administer"-right. I both tried the internal user db and Active Directory. If I configure my project logged in as a "user" then those aforementioned error messages appear on the configuration page.
            dty Dean Yu added a comment -

            Do you have this problem only after you restart Hudson? Or does it not work ever?

            dty Dean Yu added a comment - Do you have this problem only after you restart Hudson? Or does it not work ever?
            mindless Alan Harder added a comment -

            Probably the remaining issue from that last comment is from validators.. those
            permission checks now fixed from issue #2715. Closing this one again, reopen if
            there is still any issue in 1.268 or newer.

            mindless Alan Harder added a comment - Probably the remaining issue from that last comment is from validators.. those permission checks now fixed from issue #2715. Closing this one again, reopen if there is still any issue in 1.268 or newer.

            People

              Unassigned Unassigned
              r2b2_nz Richard Bywater
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: