• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • _unsorted
    • None
    • Platform: All, OS: All

      set HUDSON_HOME=http://192.168.1.104:8080/
      set CLASSPATH=d:/hudson/hudson-core-1.276.jar;d:/hudson/remoting-
      1.276.jar;d:/hudson/ant-1.7.0.jar;d:/hudson/commons-lang-2.1.jar
      java -jar hudson-core-1.276.jar command_dir dir2.bat

      This works if security off.

      If security is on. (project based security)
      http://192.168.1.104:8080/ is not Hudson (Forbidden)

          [JENKINS-2873] Monitoring external jobs with security on

          keanuho added a comment -

          Find a way to make it work.

          In hudson config, grant read permission only to anonymous user. (not project
          level)

          In project level, no permission grant to anonymous user.

          So, the question is why it works if the project level grant no permission to Anonymous user.

          I think monitoring the external job should work only if project level run
          (update) permission granted to anonymous user.

          By the way, it is must better monitored job can provide username/password in
          order to update hudson when security is on.

          keanuho added a comment - Find a way to make it work. In hudson config, grant read permission only to anonymous user. (not project level) In project level, no permission grant to anonymous user. So, the question is why it works if the project level grant no permission to Anonymous user. I think monitoring the external job should work only if project level run (update) permission granted to anonymous user. By the way, it is must better monitored job can provide username/password in order to update hudson when security is on.

          Alan Harder added a comment -

          only a subset of the permissions are controlled at project level.. READ is not
          one of them, so assigning READ at global level assigns that permission across
          all projects. "Run" permission does kind of make sense here, as you are
          providing the results of some external "run"...

          Alan Harder added a comment - only a subset of the permissions are controlled at project level.. READ is not one of them, so assigning READ at global level assigns that permission across all projects. "Run" permission does kind of make sense here, as you are providing the results of some external "run"...

          Alan Harder added a comment -

          I think I'll use Job/Build permission instead of Run/Update, as you're entering
          a new build.

          Alan Harder added a comment - I think I'll use Job/Build permission instead of Run/Update, as you're entering a new build.

          Code changed in hudson
          User: : mindless
          Path:
          trunk/hudson/main/core/src/main/java/hudson/model/AbstractProject.java
          trunk/hudson/main/core/src/main/java/hudson/model/ExternalJob.java
          trunk/hudson/main/core/src/main/java/hudson/model/Job.java
          trunk/hudson/main/core/src/main/java/hudson/security/AuthorizationStrategy.java
          trunk/hudson/main/core/src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
          trunk/www/changelog.html
          http://fisheye4.cenqua.com/changelog/hudson/?cs=14640
          Log:
          [FIXED JENKINS-2873] Require BUILD permission to post results for an external job.
          (previously had no permission check other than overall READ permission).
          Changed AuthorizationStrategy.getACL(AbstractProject) to getACL(Job) and moved
          getACL() from AbstractProject.java to Job.java so this permission would apply
          to ExternalJob type.

          SCM/JIRA link daemon added a comment - Code changed in hudson User: : mindless Path: trunk/hudson/main/core/src/main/java/hudson/model/AbstractProject.java trunk/hudson/main/core/src/main/java/hudson/model/ExternalJob.java trunk/hudson/main/core/src/main/java/hudson/model/Job.java trunk/hudson/main/core/src/main/java/hudson/security/AuthorizationStrategy.java trunk/hudson/main/core/src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=14640 Log: [FIXED JENKINS-2873] Require BUILD permission to post results for an external job. (previously had no permission check other than overall READ permission). Changed AuthorizationStrategy.getACL(AbstractProject) to getACL(Job) and moved getACL() from AbstractProject.java to Job.java so this permission would apply to ExternalJob type.

            mindless Alan Harder
            keanuho keanuho
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: