Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23793

Default crumb name forbidden by nginx, breaking UI

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • core
    • Ubuntu 14.04 1GB RAM 1 Core CPU

      Any drop-down menu buttons (such as "Add Installer" in the JDK options) do not do anything when I have selected an option. It just closes itself back up and does nothing.

      Further, when trying to add credentials into Jenkins this error crops up again.

      As seen here, this is what I see upon trying to add new credentials:
      http://i.imgur.com/9bBc4Cs.png

      When I try to add credentials with this, I get a stack trace that contains the following:
      javax.servlet.ServletException: java.lang.IllegalArgumentException: Failed to instantiate interface com.cloudbees.plugins.credentials.Credentials from

      {"stapler-class":"com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey","scope":"","id":"cf32bb49-ae98-4b1c-9263-9fefdd7ed3e4","username":"jenkins","description":"","passphrase":"8I4fqdZL90fQx7bmLfozFw==","crumb":"5c8280506a9ee4163a347731aa35834b"}

      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:778)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:248)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:248)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:390)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:85)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:74)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      at org.eclipse.jetty.server.Server.handle(Server.java:370)
      at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
      at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
      at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:744)
      Caused by: java.lang.IllegalArgumentException: Failed to instantiate interface com.cloudbees.plugins.credentials.Credentials from

      {"stapler-class":"com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey","scope":"","id":"cf32bb49-ae98-4b1c-9263-9fefdd7ed3e4","username":"jenkins","description":"","passphrase":"8I4fqdZL90fQx7bmLfozFw==","crumb":"5c8280506a9ee4163a347731aa35834b"}

      at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:589)
      at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:400)
      at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:396)
      at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.doUpdateSubmit(CredentialsStoreAction.java:448)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:606)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      ... 70 more
      Caused by: java.lang.IllegalArgumentException: Failed to convert the scope parameter of the constructor public com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey(com.cloudbees.plugins.credentials.CredentialsScope,java.lang.String,java.lang.String,com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$PrivateKeySource,java.lang.String,java.lang.String)
      at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:686)
      at org.kohsuke.stapler.RequestImpl.access$100(RequestImpl.java:81)
      at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:587)
      ... 83 more
      Caused by: java.lang.IllegalArgumentException: No enum constant com.cloudbees.plugins.credentials.CredentialsScope.
      at java.lang.Enum.valueOf(Enum.java:236)
      at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:639)
      at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:400)
      at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:684)
      ... 85 more

      Which appears to show that the scope was not entered. Well, how can I enter it if the button doesn't work?

      Will check back in for any replies. If you need more info, please let me know.

      I am running the latest Jenkins.

          [JENKINS-23793] Default crumb name forbidden by nginx, breaking UI

          Peter Tee added a comment -

          Same for me. Freshly installed jenkins. Tried to overwrite current version to older from repository, but no success.

          Peter Tee added a comment - Same for me. Freshly installed jenkins. Tried to overwrite current version to older from repository, but no success.

          Jake Andersen added a comment -

          Okay, I fixed my problem by going to the security settings and enabling proxy crumb. This didn't work at first, because I'm using nginx and it overrides the default Jenkins crumb (".crumb") which it sees as invalid. So, to fix this I went to "/etc/default" and edited the "jenkins" file there. In the "JAVA_ARGS" opt, I added: "-Dhudson.security.csrf.requestfield=Jenkins-crumb" which changes the crumb from ".crumb" to "Jenkins-crumb" and it works fine. Thanks to my friend for figuring this out for me. I hope this works for someone else?

          Jake Andersen added a comment - Okay, I fixed my problem by going to the security settings and enabling proxy crumb. This didn't work at first, because I'm using nginx and it overrides the default Jenkins crumb (".crumb") which it sees as invalid. So, to fix this I went to "/etc/default" and edited the "jenkins" file there. In the "JAVA_ARGS" opt, I added: "-Dhudson.security.csrf.requestfield=Jenkins-crumb" which changes the crumb from ".crumb" to "Jenkins-crumb" and it works fine. Thanks to my friend for figuring this out for me. I hope this works for someone else?

          Peter Tee added a comment -

          Works for me, thanks.

          Peter Tee added a comment - Works for me, thanks.

          Jake Andersen added a comment -

          Okay, so basically what needs to be fixed in Jenkins by the Jenkins team is to change the default crumb name, as nginx sees that as an error and IGNORES IT, disabling many essential parts of Jenkins for users of nginx.

          Jake Andersen added a comment - Okay, so basically what needs to be fixed in Jenkins by the Jenkins team is to change the default crumb name, as nginx sees that as an error and IGNORES IT, disabling many essential parts of Jenkins for users of nginx.

          Fred Diego added a comment - - edited

          Crud. I just ran across the same error. But my /etc/default has no jenkins file in it. Any pointers?

          fresh install running on Amazon Linux instance.

          Fred Diego added a comment - - edited Crud. I just ran across the same error. But my /etc/default has no jenkins file in it. Any pointers? fresh install running on Amazon Linux instance.

          Jake Andersen added a comment -

          Not sure why your /etc/default would have no file for Jenkins in it. Jenkins should make that automatically. You might want to remove and reinstall. That's very odd!

          Jake Andersen added a comment - Not sure why your /etc/default would have no file for Jenkins in it. Jenkins should make that automatically. You might want to remove and reinstall. That's very odd!

          Jesse Glick added a comment -

          Nothing to do with the Credentials plugin that I can see. Probably a duplicate.

          Jesse Glick added a comment - Nothing to do with the Credentials plugin that I can see. Probably a duplicate.

          Jesse Glick added a comment -

          BTW using simply crumb as the field name is a CSRF security hole, which is why the default name starts with .. Needs review by someone with web security expertise to pick a default name that it both secure and compliant with all proxies.

          Jesse Glick added a comment - BTW using simply crumb as the field name is a CSRF security hole, which is why the default name starts with . . Needs review by someone with web security expertise to pick a default name that it both secure and compliant with all proxies.

          Daniel Beck added a comment -

          Duplicates JENKINS-12875.

          Daniel Beck added a comment - Duplicates JENKINS-12875 .

            stephenconnolly Stephen Connolly
            jakea Jake Andersen
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: