[JENKINS-37768] Jenkins 2.5 container authentication returns HTTP 403 (web.xml issue) ? - Jenkins Jira

Type: Bug
Resolution: Not A Defect
Priority: Major
Component/s: core
Labels:
- regression
- security
Environment:
Linux Centos 6.8

Similar Issues:
Powered by SuggestiMate

Show

We Delegate security to servlet container (tomcat 7 / over jdk 7)
Works fine in jenkins < 2

But authentication through container now returns an error HTTP 403 when accessing page "/loginEntry?from=%2Fjenkins%2F" since we've upgraded in last jenkins version (2.7.2)

Investigating on that issue i saw this evolution in jenkins.war's web.xml file :

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Hudson</web-resource-name>
      <url-pattern>/loginEntry</url-pattern>
      <!--http-method>GET</http-method-->
    </web-resource-collection>
    <auth-constraint>
      <role-name>**</role-name>
    </auth-constraint>
  </security-constraint>

=> <role-name>**</role-name> wildcard with 2* instead of 1* in our previous version (1.651.1 where authentication is OK)

Assignee:: Unassigned

Reporter:: Jean-Marie BERCEGEAY

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2016-08-29 15:32

Updated:: 2016-08-30 15:56

Resolved:: 2016-08-30 15:56

Details

Description

Attachments

Activity

People

Dates