Jenkins 2.5 container authentication returns HTTP 403 (web.xml issue) ?

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      We Delegate security to servlet container (tomcat 7 / over jdk 7)
      Works fine in jenkins < 2

      But authentication through container now returns an error HTTP 403 when accessing page "/loginEntry?from=%2Fjenkins%2F" since we've upgraded in last jenkins version (2.7.2)

      Investigating on that issue i saw this evolution in jenkins.war's web.xml file :

        <security-constraint>
    <web-resource-collection>
      <web-resource-name>Hudson</web-resource-name>
      <url-pattern>/loginEntry</url-pattern>
      <!--http-method>GET</http-method-->
    </web-resource-collection>
    <auth-constraint>
      <role-name>**</role-name>
    </auth-constraint>
  </security-constraint>

      => <role-name>**</role-name> wildcard with 2* instead of 1* in our previous version (1.651.1 where authentication is OK)

            Assignee:
            Unassigned
            Reporter:
            Jean-Marie BERCEGEAY
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: