• Type: Bug
• Resolution: Fixed
• Priority: Major
• Component/s: reverse-proxy-auth-plugin, suppress-stack-trace-plugin
• Labels:

  • security
  • stacktrace
• Environment:

  Hide

  Operating System
  -bash-4.1$ cat /etc/oracle-release && uname -a
  Oracle Linux Server release 6.5
  Linux dsdsesvcai101v 3.8.13-68.2.2.el6uek.x86_64 #2 SMP Tue May 12 15:10:51 PDT 2015 x86_64 x86_64 x86_64 GNU/Linux
  
  Java
  -bash-4.1$ /etc/alternatives/java -version
  java version "1.8.0_40"
  Java(TM) SE Runtime Environment (build 1.8.0_40-b26)
  Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)
  
  Jenkins & Plugins
  System Properties
  
  Name ↓
  Value
  awt.toolkit sun.awt.X11.XToolkit
  executable-war /usr/lib/jenkins/jenkins.war
  file.encoding UTF-8
  file.encoding.pkg sun.io
  file.separator /
  hudson.diyChunking true
  hudson.DNSMultiCast.disabled true
  java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
  java.awt.headless true
  java.awt.printerjob sun.print.PSPrinterJob
  java.class.path /usr/lib/jenkins/jenkins.war
  java.class.version 52.0
  java.endorsed.dirs /usr/java/jdk1.8.0_40/jre/lib/endorsed
  java.ext.dirs /usr/java/jdk1.8.0_40/jre/lib/ext:/usr/java/packages/lib/ext
  java.home /usr/java/jdk1.8.0_40/jre
  java.io.tmpdir /tmp
  java.library.path /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
  java.runtime.name Java(TM) SE Runtime Environment
  java.runtime.version 1.8.0_40-b26
  java.specification.name Java Platform API Specification
  java.specification.vendor Oracle Corporation
  java.specification.version 1.8
  java.vendor Oracle Corporation
  java.vendor.url http://java.oracle.com/
  java.vendor.url.bug http://bugreport.sun.com/bugreport/
  java.version 1.8.0_40
  java.vm.info mixed mode
  java.vm.name Java HotSpot(TM) 64-Bit Server VM
  java.vm.specification.name Java Virtual Machine Specification
  java.vm.specification.vendor Oracle Corporation
  java.vm.specification.version 1.8
  java.vm.vendor Oracle Corporation
  java.vm.version 25.40-b25
  JENKINS_HOME /apps/jenkins
  jna.platform.library.path /usr/lib64:/lib64:/usr/lib:/lib
  jnidispatch.path /tmp/jna--1712433994/jna6000391753915357396.tmp
  line.separator
  mail.smtp.sendpartial true
  mail.smtps.sendpartial true
  os.arch amd64
  os.name Linux
  os.version 3.8.13-68.2.2.el6uek.x86_64
  path.separator :
  sun.arch.data.model 64
  sun.boot.class.path /usr/java/jdk1.8.0_40/jre/lib/resources.jar:/usr/java/jdk1.8.0_40/jre/lib/rt.jar:/usr/java/jdk1.8.0_40/jre/lib/sunrsasign.jar:/usr/java/jdk1.8.0_40/jre/lib/jsse.jar:/usr/java/jdk1.8.0_40/jre/lib/jce.jar:/usr/java/jdk1.8.0_40/jre/lib/charsets.jar:/usr/java/jdk1.8.0_40/jre/lib/jfr.jar:/usr/java/jdk1.8.0_40/jre/classes
  sun.boot.library.path /usr/java/jdk1.8.0_40/jre/lib/amd64
  sun.cpu.endian little
  sun.cpu.isalist
  sun.font.fontmanager sun.awt.X11FontManager
  sun.io.unicode.encoding UnicodeLittle
  sun.java.command /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=8009 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
  sun.java.launcher SUN_STANDARD
  sun.jnu.encoding UTF-8
  sun.management.compiler HotSpot 64-Bit Tiered Compilers
  sun.os.patch.level unknown
  user.country US
  user.dir /
  user.home /var/lib/jenkins
  user.language en
  user.name jenkins
  user.timezone America/Chicago
  Environment Variables
  
  Name ↓
  Value
  _ /etc/alternatives/java
  HOME /var/lib/jenkins
  LANG en_US.UTF-8
  LOGNAME jenkins
  NLSPATH /usr/dt/lib/nls/msg/%L/%N.cat
  PATH /sbin:/usr/sbin:/bin:/usr/bin
  PWD /
  SHELL /bin/bash
  SHLVL 2
  TERM xterm-256color
  USER jenkins
  XFILESEARCHPATH /usr/dt/app-defaults/%L/Dt
  Plugins
  
  Name ↓
  Version
  Enabled
  Pinned
  ant 1.2 true false
  antisamy-markup-formatter 1.3 true true
  cloudbees-folder 4.10 true false
  credentials 1.24 true true
  credentials-binding 1.6 true false
  cvs 2.12 false true
  external-monitor-job 1.4 true false
  git 2.4.0 true false
  git-client 1.19.0 true false
  javadoc 1.3 true true
  junit 1.9 true true
  ldap 1.11 true false
  mailer 1.15 true true
  matrix-auth 1.2 true true
  matrix-project 1.6 true true
  maven-plugin 2.12.1 true true
  metrics 3.1.2 true false
  pam-auth 1.2 true true
  plain-credentials 1.1 true false
  reverse-proxy-auth-plugin 1.4.0 true false
  saml 0.4 false false
  scm-api 0.2 true false
  script-security 1.15 true true
  shiningpanda 0.22 true false
  ssh-agent 1.8 true false
  ssh-credentials 1.11 true true
  ssh-slaves 1.10 true true
  suppress-stack-trace 1.4 true false
  translation 1.12 false true
  windows-slaves 1.1 false true
  workflow-step-api 1.10.1 true false
  
  
  Jenkins running directly (no container)
  
  Jenkins accessed via reverse proxy
  Access Control: HTTP Header by reverse proxy

  Show

  Operating System -bash-4.1$ cat /etc/oracle-release && uname -a Oracle Linux Server release 6.5 Linux dsdsesvcai101v 3.8.13-68.2.2.el6uek.x86_64 #2 SMP Tue May 12 15:10:51 PDT 2015 x86_64 x86_64 x86_64 GNU/Linux Java -bash-4.1$ /etc/alternatives/java -version java version "1.8.0_40" Java(TM) SE Runtime Environment (build 1.8.0_40-b26) Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode) Jenkins & Plugins System Properties Name ↓ Value awt.toolkit sun.awt.X11.XToolkit executable-war /usr/lib/jenkins/jenkins.war file.encoding UTF-8 file.encoding.pkg sun.io file.separator / hudson.diyChunking true hudson.DNSMultiCast.disabled true java.awt.graphicsenv sun.awt.X11GraphicsEnvironment java.awt.headless true java.awt.printerjob sun.print.PSPrinterJob java.class.path /usr/lib/jenkins/jenkins.war java.class.version 52.0 java.endorsed.dirs /usr/java/jdk1.8.0_40/jre/lib/endorsed java.ext.dirs /usr/java/jdk1.8.0_40/jre/lib/ext:/usr/java/packages/lib/ext java.home /usr/java/jdk1.8.0_40/jre java.io.tmpdir /tmp java.library.path /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.runtime.name Java(TM) SE Runtime Environment java.runtime.version 1.8.0_40-b26 java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 1.8 java.vendor Oracle Corporation java.vendor.url http://java.oracle.com/ java.vendor.url.bug http://bugreport.sun.com/bugreport/ java.version 1.8.0_40 java.vm.info mixed mode java.vm.name Java HotSpot(TM) 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 1.8 java.vm.vendor Oracle Corporation java.vm.version 25.40-b25 JENKINS_HOME /apps/jenkins jna.platform.library.path /usr/lib64:/lib64:/usr/lib:/lib jnidispatch.path /tmp/jna--1712433994/jna6000391753915357396.tmp line.separator mail.smtp.sendpartial true mail.smtps.sendpartial true os.arch amd64 os.name Linux os.version 3.8.13-68.2.2.el6uek.x86_64 path.separator : sun.arch.data.model 64 sun.boot.class.path /usr/java/jdk1.8.0_40/jre/lib/resources.jar:/usr/java/jdk1.8.0_40/jre/lib/rt.jar:/usr/java/jdk1.8.0_40/jre/lib/sunrsasign.jar:/usr/java/jdk1.8.0_40/jre/lib/jsse.jar:/usr/java/jdk1.8.0_40/jre/lib/jce.jar:/usr/java/jdk1.8.0_40/jre/lib/charsets.jar:/usr/java/jdk1.8.0_40/jre/lib/jfr.jar:/usr/java/jdk1.8.0_40/jre/classes sun.boot.library.path /usr/java/jdk1.8.0_40/jre/lib/amd64 sun.cpu.endian little sun.cpu.isalist sun.font.fontmanager sun.awt.X11FontManager sun.io.unicode.encoding UnicodeLittle sun.java.command /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=8009 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 sun.java.launcher SUN_STANDARD sun.jnu.encoding UTF-8 sun.management.compiler HotSpot 64-Bit Tiered Compilers sun.os.patch.level unknown user.country US user.dir / user.home /var/lib/jenkins user.language en user.name jenkins user.timezone America/Chicago Environment Variables Name ↓ Value _ /etc/alternatives/java HOME /var/lib/jenkins LANG en_US.UTF-8 LOGNAME jenkins NLSPATH /usr/dt/lib/nls/msg/%L/%N.cat PATH /sbin:/usr/sbin:/bin:/usr/bin PWD / SHELL /bin/bash SHLVL 2 TERM xterm-256color USER jenkins XFILESEARCHPATH /usr/dt/app-defaults/%L/Dt Plugins Name ↓ Version Enabled Pinned ant 1.2 true false antisamy-markup-formatter 1.3 true true cloudbees-folder 4.10 true false credentials 1.24 true true credentials-binding 1.6 true false cvs 2.12 false true external-monitor-job 1.4 true false git 2.4.0 true false git-client 1.19.0 true false javadoc 1.3 true true junit 1.9 true true ldap 1.11 true false mailer 1.15 true true matrix-auth 1.2 true true matrix-project 1.6 true true maven-plugin 2.12.1 true true metrics 3.1.2 true false pam-auth 1.2 true true plain-credentials 1.1 true false reverse-proxy-auth-plugin 1.4.0 true false saml 0.4 false false scm-api 0.2 true false script-security 1.15 true true shiningpanda 0.22 true false ssh-agent 1.8 true false ssh-credentials 1.11 true true ssh-slaves 1.10 true true suppress-stack-trace 1.4 true false translation 1.12 false true windows-slaves 1.1 false true workflow-step-api 1.10.1 true false Jenkins running directly (no container) Jenkins accessed via reverse proxy Access Control: HTTP Header by reverse proxy

1. stacktrace.txt

   6 kB

   2016-04-05 19:52

2. 

   jenkins-23417594.png

   602 kB

   2015-11-17 20:40

[JENKINS-31612] Stack trace shown with suppress-stack-trace plugin installed

Josh Cook created issue - 2015-11-17 20:43

Collapse comment: Daniel Beck added a comment - 2016-03-22 16:52

Daniel Beck added a comment - 2016-03-22 16:52

jec Could you provide the full output of the error page in textual form? Did you restart Jenkins after installing the plugin?

Expand comment: Daniel Beck added a comment - 2016-03-22 16:52

Daniel Beck added a comment - 2016-03-22 16:52 jec Could you provide the full output of the error page in textual form? Did you restart Jenkins after installing the plugin?

Collapse comment: Josh Cook added a comment - 2016-04-05 19:52

Josh Cook added a comment - 2016-04-05 19:52

Text sample of stack trace output

Expand comment: Josh Cook added a comment - 2016-04-05 19:52

Josh Cook added a comment - 2016-04-05 19:52 Text sample of stack trace output

Josh Cook made changes - 2016-04-05 19:52

Attachment

New: stacktrace.txt [ 32364 ]

Collapse comment: Josh Cook added a comment - 2016-04-05 19:56

Josh Cook added a comment - 2016-04-05 19:56

danielbeck I've attached a text copy of a stacktrace I received. Jenkins has been restarted multiple times since installing the plugin. I was able to trigger this exception by browsing to this page and submitting the form:

https://$JENKINS_HOST/user/$NOT_MY_USERNAME/credential-store/newDomain

Since this form is meant for another user, I get an access denied error with the stack trace displayed.

Expand comment: Josh Cook added a comment - 2016-04-05 19:56

Josh Cook added a comment - 2016-04-05 19:56 danielbeck I've attached a text copy of a stacktrace I received. Jenkins has been restarted multiple times since installing the plugin. I was able to trigger this exception by browsing to this page and submitting the form: https://$JENKINS_HOST/user/$NOT_MY_USERNAME/credential-store/newDomain Since this form is meant for another user, I get an access denied error with the stack trace displayed.

Collapse comment: Daniel Beck added a comment - 2016-04-05 20:11

Daniel Beck added a comment - 2016-04-05 20:11

AccessDeniedExceptions are whitelisted, but probably needs to determine this using some logic taking into account current authentication – Maybe it's as simple as "if anonymous, rethrow to show login, else, suppress". I wonder whether there's a regression involved.

https://github.com/jenkinsci/suppress-stack-trace-plugin/blob/master/src/main/java/org/jenkinsci/plugins/suppress_stack_trace/SuppressionFilter.java#L41

Expand comment: Daniel Beck added a comment - 2016-04-05 20:11

Daniel Beck added a comment - 2016-04-05 20:11 AccessDeniedExceptions are whitelisted, but probably needs to determine this using some logic taking into account current authentication – Maybe it's as simple as "if anonymous, rethrow to show login, else, suppress". I wonder whether there's a regression involved. https://github.com/jenkinsci/suppress-stack-trace-plugin/blob/master/src/main/java/org/jenkinsci/plugins/suppress_stack_trace/SuppressionFilter.java#L41

Collapse comment: Daniel Beck added a comment - 2016-05-06 23:33

Daniel Beck added a comment - 2016-05-06 23:33

I am unable to reproduce this problem in Jenkins 1.642.2 using a user with Overall/Read permission only. The page just shows "username is missing the Overall/Administer permission", with or without the Suppress Stacktrace Plugin. Security realm is PAM, authorization strategy is Matrix Auth.

Expand comment: Daniel Beck added a comment - 2016-05-06 23:33

Daniel Beck added a comment - 2016-05-06 23:33 I am unable to reproduce this problem in Jenkins 1.642.2 using a user with Overall/Read permission only. The page just shows "username is missing the Overall/Administer permission", with or without the Suppress Stacktrace Plugin. Security realm is PAM, authorization strategy is Matrix Auth.

Collapse comment: Daniel Beck added a comment - 2016-05-06 23:35

Daniel Beck added a comment - 2016-05-06 23:35

I used the URL shown in the screenshot (doUninstall) rather than the credentials store, due to less dependencies (Credentials Plugin version).

Expand comment: Daniel Beck added a comment - 2016-05-06 23:35

Daniel Beck added a comment - 2016-05-06 23:35 I used the URL shown in the screenshot (doUninstall) rather than the credentials store, due to less dependencies (Credentials Plugin version).

Collapse comment: Josh Cook added a comment - 2016-05-10 18:30, Edited by Josh Cook - 2016-05-10 18:30

Josh Cook added a comment - 2016-05-10 18:30 - edited

danielbeck I am still able to reproduce this in a few ways with Jenkins ver. 1.642.4 Stack Trace Suppression Plugin ver. 1.4.

Using an account that only has the Overall / Read permission, if I visit the page < https://$MY_JENKINS/pluginManager/ > I get the following stack trace:

{{
hudson.security.AccessDeniedException2: $USERNAME is missing the Overall/Administer permission
at hudson.security.ACL.checkPermission(ACL.java:63)
at hudson.model.Node.checkPermission(Node.java:463)
at hudson.Functions.checkPermission(Functions.java:745)
at hudson.Functions.checkPermission(Functions.java:765)
at sun.reflect.GeneratedMethodAccessor282.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51)
at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
at org.apache.commons.jelly.parser.EscapingExpression.evaluate(EscapingExpression.java:24)
at org.apache.commons.jelly.impl.ExpressionScript.run(ExpressionScript.java:66)
at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:95)
at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:63)
at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:53)
at org.kohsuke.stapler.jelly.JellyClassTearOff.serveIndexJelly(JellyClassTearOff.java:112)
at org.kohsuke.stapler.jelly.JellyFacet.handleIndexRequest(JellyFacet.java:127)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:735)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:183)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
at org.jenkinsci.plugins.suppress_stack_trace.SuppressionFilter.doFilter(SuppressionFilter.java:34)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:92)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm$1.doFilter(ReverseProxySecurityRealm.java:514)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
}}

Expand comment: Josh Cook added a comment - 2016-05-10 18:30, Edited by Josh Cook - 2016-05-10 18:30

Josh Cook added a comment - 2016-05-10 18:30 - edited danielbeck I am still able to reproduce this in a few ways with Jenkins ver. 1.642.4 Stack Trace Suppression Plugin ver. 1.4. Using an account that only has the Overall / Read permission, if I visit the page < https://$MY_JENKINS/pluginManager/ > I get the following stack trace: {{ hudson.security.AccessDeniedException2: $USERNAME is missing the Overall/Administer permission at hudson.security.ACL.checkPermission(ACL.java:63) at hudson.model.Node.checkPermission(Node.java:463) at hudson.Functions.checkPermission(Functions.java:745) at hudson.Functions.checkPermission(Functions.java:765) at sun.reflect.GeneratedMethodAccessor282.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258) at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104) at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83) at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57) at org.apache.commons.jexl.parser.ASTReferenceExpression.value(ASTReferenceExpression.java:51) at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80) at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74) at org.apache.commons.jelly.parser.EscapingExpression.evaluate(EscapingExpression.java:24) at org.apache.commons.jelly.impl.ExpressionScript.run(ExpressionScript.java:66) at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95) at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95) at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99) at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95) at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99) at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95) at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105) at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120) at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105) at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120) at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105) at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:95) at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:63) at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:53) at org.kohsuke.stapler.jelly.JellyClassTearOff.serveIndexJelly(JellyClassTearOff.java:112) at org.kohsuke.stapler.jelly.JellyFacet.handleIndexRequest(JellyFacet.java:127) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:735) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:183) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129) at org.jenkinsci.plugins.suppress_stack_trace.SuppressionFilter.doFilter(SuppressionFilter.java:34) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129) at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:92) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm$1.doFilter(ReverseProxySecurityRealm.java:514) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) }}

Collapse comment: Daniel Beck added a comment - 2016-05-10 22:17

Daniel Beck added a comment - 2016-05-10 22:17

This behavior seems to be specific to the ReverseProxySecurityRealm. I can reproduce the stack trace with that plugin installed and configured. Not exactly a much installed plugin: https://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin

Expand comment: Daniel Beck added a comment - 2016-05-10 22:17

Daniel Beck added a comment - 2016-05-10 22:17 This behavior seems to be specific to the ReverseProxySecurityRealm. I can reproduce the stack trace with that plugin installed and configured. Not exactly a much installed plugin: https://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin

Load more newer events