Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2329

Access Denied (Project-based Matrix Authorization Strategy)

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • _unsorted
    • None
    • Platform: All, OS: All

      Hi @ll,

      I've set up hudson (user administration of hudson itself) with Project-based
      Matrix Authorization Strategy. I've added my name and gave myself all privileges
      (including Read...). If I now close hudson (without doing something else) and
      restart it by commandline, I get the following message and have no more access
      to the configuration or anything else...

      ========================
      Access Denied

      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@923d1bfd:
      Username: hudson.security.HudsonPrivateSecurityRealm$Details@1d8417c; Password:
      [PROTECTED]; Authenticated: true; Details:
      org.acegisecurity.ui.WebAuthenticationDetails@255f8: RemoteIpAddress:
      XXX.XXX.XXX.XXX; SessionId: 8013c98834de5a46ef9f6277930606ce; Granted
      Authorities: authenticated is missing Read
      ========================

          [JENKINS-2329] Access Denied (Project-based Matrix Authorization Strategy)

          klattenhoff created issue -

          added myself to the CC list

          iamsteveholmes added a comment - added myself to the CC list

          Dean Yu added a comment -

          What version of Hudson did you have this problem in? There was a bug between
          1.255 and 1.260 that caused the authorization strategy to revert after Hudson is
          restarted. 1.261 has a partial fix which will prevent this reversion, but
          exposed another problem where the security setting on individual projects was
          not remembered. This is fixed in 1.262.

          Dean Yu added a comment - What version of Hudson did you have this problem in? There was a bug between 1.255 and 1.260 that caused the authorization strategy to revert after Hudson is restarted. 1.261 has a partial fix which will prevent this reversion, but exposed another problem where the security setting on individual projects was not remembered. This is fixed in 1.262.

          Dean Yu added a comment -

          Adding myself to cc

          Dean Yu added a comment - Adding myself to cc

          For those who are seeing this problem, please report more details about your set
          up. What security realm do you use, what container do you run Hudson in, where
          did you set your permissions (is that in a project or in the system config?) Did
          you get any stack trace with the error message? etc.

          Kohsuke Kawaguchi added a comment - For those who are seeing this problem, please report more details about your set up. What security realm do you use, what container do you run Hudson in, where did you set your permissions (is that in a project or in the system config?) Did you get any stack trace with the error message? etc.
          Kohsuke Kawaguchi made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

          Alan Harder added a comment -

          closing this one.. please reopen if anyone still sees this and provide more
          detail as kohsuke requested. There have been several fixes in project-specific
          permissions in the last couple months, so hopefully this one is resolved. Also
          see issue 2324 regarding read permission at project level.

          Alan Harder added a comment - closing this one.. please reopen if anyone still sees this and provide more detail as kohsuke requested. There have been several fixes in project-specific permissions in the last couple months, so hopefully this one is resolved. Also see issue 2324 regarding read permission at project level.
          Alan Harder made changes -
          Resolution New: Cannot Reproduce [ 5 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

          Alan Harder added a comment -
              • Issue 2375 has been marked as a duplicate of this issue. ***

          Alan Harder added a comment - Issue 2375 has been marked as a duplicate of this issue. ***
          Alan Harder made changes -
          Link New: This issue is duplicated by JENKINS-2375 [ JENKINS-2375 ]

            mindless Alan Harder
            klattenhoff klattenhoff
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: