Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2375

project-based matrix repeatably gives: Granted Authorities: is missing Read

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • _unsorted
    • None
    • Platform: Macintosh, OS: All

      Upgraded from 1.228 to 1.252, on notification that project-based matrix authorization was available.

      Once I switch from matrix to project-matrix, and restart hudson, two things happen:

      1) even though I have given anonymous read and build access, any access attempt redirects to the login
      page.

      2) when I login, although I have every checkbox checked, I get the error mentioned in the summary: Granted Authorities: is missing Read. That error, in full:

      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@c7ebecf6: Username:
      org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@15517e5e; Password: [PROTECTED];
      Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress:
      10.97.48.71; SessionId: e10a539733d193a2dd19756d5ccb2d42; Granted Authorities: is missing Read

      Configuration: hudson run from the jar (debian, via startup script). Normally, LDAP security (works for
      matrix, but above results for project-matrix; results identical when switched to Hudson's private user
      database).

      Other attempts to debug:

      1) tried to correct the (egregious) misspelling of 'permissions' as 'permisisons' in config.xml. This
      causes an exception to be thrown on parse, so presumably it's reading the same misspelling that it's
      writing, tending to suggest that this is not the fault.

      2) enabled all permissions for anonymous user, including administer. Still failed. Still redirects to the
      login screen, even though not-logged-in-users should be able to administer hudson in this
      configuration.

      3) attempted to debug config.xml, looking for a "Read" permission without appropriate reference to the
      defined admins (I'm an XML geek, so pointy brackets are soothing when life has become otherwise
      miserable). Shockingly complicated stuff you've got in there; especially shocking given the quantum
      leap in complexity from .228. Gave up on that one; it's a twisty maze of references, all different.

      So, I'm kind of stuck. I gather, from the blog that informed me of the new functionality, that this works
      ... for some people. Turning on project-matrix security completely disables access, in my environment.

          [JENKINS-2375] project-based matrix repeatably gives: Granted Authorities: is missing Read

          amyzing added a comment -

          Ah ... keyword search in bugzilla is pants. This turns out to be a duplicate of 2329.

          amyzing added a comment - Ah ... keyword search in bugzilla is pants. This turns out to be a duplicate of 2329.

          I reported the same behavior on the user group at:

          http://www.nabble.com/Problem-with-Per-Job-security-locking-out-users-
          to19424988.html

          Although I worded it differently it is the exact same type of errors I get.

          iamsteveholmes added a comment - I reported the same behavior on the user group at: http://www.nabble.com/Problem-with-Per-Job-security-locking-out-users- to19424988.html Although I worded it differently it is the exact same type of errors I get.

          amyzing added a comment -

          Following up:

          another hudson administrator in my company reports that his installation uses project-matrix security
          successfully. His is deployed inside tomcat, on Windows Server of some version. I believe the
          important bit is the Tomcat container.

          A colleague (the one who particularly wants this functionality on my server) acquired the JNLP version,
          running on Windows, and saw behavior identical to that which I reported when switching to project-
          matrix security and restarting.

          So ... I would venture to guess that this might be related to the Winstone container, or to the
          delegation of security (perhaps it's delegating to Winstone, which is returning answers that lead to the
          conclusion that there are no permissions?).

          amyzing added a comment - Following up: another hudson administrator in my company reports that his installation uses project-matrix security successfully. His is deployed inside tomcat, on Windows Server of some version. I believe the important bit is the Tomcat container. A colleague (the one who particularly wants this functionality on my server) acquired the JNLP version, running on Windows, and saw behavior identical to that which I reported when switching to project- matrix security and restarting. So ... I would venture to guess that this might be related to the Winstone container, or to the delegation of security (perhaps it's delegating to Winstone, which is returning answers that lead to the conclusion that there are no permissions?).

          We are using JBoss on Solaris. I don't think it's a JNLP or Windows issue.

          iamsteveholmes added a comment - We are using JBoss on Solaris. I don't think it's a JNLP or Windows issue.

          added myself to cc list

          iamsteveholmes added a comment - added myself to cc list

          henderc2 added a comment -

          We are using Hudson at California Department of Justice. We just upgraded to
          1.252 and are using JBoss on Solaris. We are receiving the same error.

          henderc2 added a comment - We are using Hudson at California Department of Justice. We just upgraded to 1.252 and are using JBoss on Solaris. We are receiving the same error.

          I found this functionality to be a bit flakey overall.

          Another way to reproduce the error, assuming it is working for you, is to add a
          new plugin to your Hudson installation. Upon doing so (and following the
          subsequent restart of Hudson) I run into this problem consistently.

          jonathan_w_brown added a comment - I found this functionality to be a bit flakey overall. Another way to reproduce the error, assuming it is working for you, is to add a new plugin to your Hudson installation. Upon doing so (and following the subsequent restart of Hudson) I run into this problem consistently.

          Alan Harder added a comment -

          marking as dup of issue 2329 as suggested; several project-permission fixes over
          the last couple months, so hopefully this old issue is resolved.

              • This issue has been marked as a duplicate of 2329 ***

          Alan Harder added a comment - marking as dup of issue 2329 as suggested; several project-permission fixes over the last couple months, so hopefully this old issue is resolved. This issue has been marked as a duplicate of 2329 ***

            Unassigned Unassigned
            amyzing amyzing
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: