Status: Closed (View Workflow)
Platform: Macintosh, OS: All
Upgraded from 1.228 to 1.252, on notification that project-based matrix authorization was available.
Once I switch from matrix to project-matrix, and restart hudson, two things happen:
1) even though I have given anonymous read and build access, any access attempt redirects to the login
2) when I login, although I have every checkbox checked, I get the error mentioned in the summary: Granted Authorities: is missing Read. That error, in full:
org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@15517e5e; Password: [PROTECTED];
Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress:
10.97.48.71; SessionId: e10a539733d193a2dd19756d5ccb2d42; Granted Authorities: is missing Read
Configuration: hudson run from the jar (debian, via startup script). Normally, LDAP security (works for
matrix, but above results for project-matrix; results identical when switched to Hudson's private user
Other attempts to debug:
1) tried to correct the (egregious) misspelling of 'permissions' as 'permisisons' in config.xml. This
causes an exception to be thrown on parse, so presumably it's reading the same misspelling that it's
writing, tending to suggest that this is not the fault.
2) enabled all permissions for anonymous user, including administer. Still failed. Still redirects to the
login screen, even though not-logged-in-users should be able to administer hudson in this
3) attempted to debug config.xml, looking for a "Read" permission without appropriate reference to the
defined admins (I'm an XML geek, so pointy brackets are soothing when life has become otherwise
miserable). Shockingly complicated stuff you've got in there; especially shocking given the quantum
leap in complexity from .228. Gave up on that one; it's a twisty maze of references, all different.
So, I'm kind of stuck. I gather, from the blog that informed me of the new functionality, that this works
... for some people. Turning on project-matrix security completely disables access, in my environment.
JENKINS-2329 Access Denied (Project-based Matrix Authorization Strategy)
I reported the same behavior on the user group at:
Although I worded it differently it is the exact same type of errors I get.
another hudson administrator in my company reports that his installation uses project-matrix security
successfully. His is deployed inside tomcat, on Windows Server of some version. I believe the
important bit is the Tomcat container.
A colleague (the one who particularly wants this functionality on my server) acquired the JNLP version,
running on Windows, and saw behavior identical to that which I reported when switching to project-
matrix security and restarting.
So ... I would venture to guess that this might be related to the Winstone container, or to the
delegation of security (perhaps it's delegating to Winstone, which is returning answers that lead to the
conclusion that there are no permissions?).
We are using JBoss on Solaris. I don't think it's a JNLP or Windows issue.
We are using Hudson at California Department of Justice. We just upgraded to
1.252 and are using JBoss on Solaris. We are receiving the same error.
I found this functionality to be a bit flakey overall.
Another way to reproduce the error, assuming it is working for you, is to add a
new plugin to your Hudson installation. Upon doing so (and following the
subsequent restart of Hudson) I run into this problem consistently.
marking as dup of issue 2329 as suggested; several project-permission fixes over
the last couple months, so hopefully this old issue is resolved.
- This issue has been marked as a duplicate of 2329 ***
|Field||Original Value||New Value|
|Resolution||Duplicate [ 3 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
This issue duplicates
|Status||Resolved [ 5 ]||Closed [ 6 ]|
|Workflow||JNJira [ 132448 ]||JNJira + In-Review [ 201417 ]|
|Component/s||_unsorted [ 19622 ]|
|Component/s||security [ 15508 ]|
Ah ... keyword search in bugzilla is pants. This turns out to be a duplicate of 2329.