Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2375

project-based matrix repeatably gives: Granted Authorities: is missing Read

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • _unsorted
    • None
    • Platform: Macintosh, OS: All

      Upgraded from 1.228 to 1.252, on notification that project-based matrix authorization was available.

      Once I switch from matrix to project-matrix, and restart hudson, two things happen:

      1) even though I have given anonymous read and build access, any access attempt redirects to the login
      page.

      2) when I login, although I have every checkbox checked, I get the error mentioned in the summary: Granted Authorities: is missing Read. That error, in full:

      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@c7ebecf6: Username:
      org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@15517e5e; Password: [PROTECTED];
      Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress:
      10.97.48.71; SessionId: e10a539733d193a2dd19756d5ccb2d42; Granted Authorities: is missing Read

      Configuration: hudson run from the jar (debian, via startup script). Normally, LDAP security (works for
      matrix, but above results for project-matrix; results identical when switched to Hudson's private user
      database).

      Other attempts to debug:

      1) tried to correct the (egregious) misspelling of 'permissions' as 'permisisons' in config.xml. This
      causes an exception to be thrown on parse, so presumably it's reading the same misspelling that it's
      writing, tending to suggest that this is not the fault.

      2) enabled all permissions for anonymous user, including administer. Still failed. Still redirects to the
      login screen, even though not-logged-in-users should be able to administer hudson in this
      configuration.

      3) attempted to debug config.xml, looking for a "Read" permission without appropriate reference to the
      defined admins (I'm an XML geek, so pointy brackets are soothing when life has become otherwise
      miserable). Shockingly complicated stuff you've got in there; especially shocking given the quantum
      leap in complexity from .228. Gave up on that one; it's a twisty maze of references, all different.

      So, I'm kind of stuck. I gather, from the blog that informed me of the new functionality, that this works
      ... for some people. Turning on project-matrix security completely disables access, in my environment.

            Unassigned Unassigned
            amyzing amyzing
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: