Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2375

project-based matrix repeatably gives: Granted Authorities: is missing Read

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • _unsorted
    • None
    • Platform: Macintosh, OS: All

    Description

      Upgraded from 1.228 to 1.252, on notification that project-based matrix authorization was available.

      Once I switch from matrix to project-matrix, and restart hudson, two things happen:

      1) even though I have given anonymous read and build access, any access attempt redirects to the login
      page.

      2) when I login, although I have every checkbox checked, I get the error mentioned in the summary: Granted Authorities: is missing Read. That error, in full:

      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@c7ebecf6: Username:
      org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl@15517e5e; Password: [PROTECTED];
      Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress:
      10.97.48.71; SessionId: e10a539733d193a2dd19756d5ccb2d42; Granted Authorities: is missing Read

      Configuration: hudson run from the jar (debian, via startup script). Normally, LDAP security (works for
      matrix, but above results for project-matrix; results identical when switched to Hudson's private user
      database).

      Other attempts to debug:

      1) tried to correct the (egregious) misspelling of 'permissions' as 'permisisons' in config.xml. This
      causes an exception to be thrown on parse, so presumably it's reading the same misspelling that it's
      writing, tending to suggest that this is not the fault.

      2) enabled all permissions for anonymous user, including administer. Still failed. Still redirects to the
      login screen, even though not-logged-in-users should be able to administer hudson in this
      configuration.

      3) attempted to debug config.xml, looking for a "Read" permission without appropriate reference to the
      defined admins (I'm an XML geek, so pointy brackets are soothing when life has become otherwise
      miserable). Shockingly complicated stuff you've got in there; especially shocking given the quantum
      leap in complexity from .228. Gave up on that one; it's a twisty maze of references, all different.

      So, I'm kind of stuck. I gather, from the blog that informed me of the new functionality, that this works
      ... for some people. Turning on project-matrix security completely disables access, in my environment.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-2329 Access Denied (Project-based Matrix Authorization Strategy)

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              Unassigned Unassigned
              amyzing amyzing
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: