Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41684

Plugin.postInitialize can be run as anonymous during dynamic load

XMLWordPrintable

      While running 2.32.2 (I think), I logged in as the initial admin user, then dynamically loaded support-core, and got

      ... hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1 error
WARNING: Failed to instantiate Key[type=com.cloudbees.jenkins.support.impl.JenkinsLogs, annotation=[none]]; skipping this component
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) Error injecting constructor, hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission
  at com.cloudbees.jenkins.support.impl.JenkinsLogs.<init>(JenkinsLogs.java:45)

1 error
	at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
	at ...
	at hudson.ExtensionList.iterator(ExtensionList.java:157)
	at com.cloudbees.jenkins.support.SupportPlugin.postInitialize(SupportPlugin.java:476)
	at hudson.PluginManager.dynamicLoad(PluginManager.java:868)
	at hudson.PluginManager.dynamicLoad(PluginManager.java:813)
	at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1891)
	at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1652)
	at ...
Caused by: hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission
	at hudson.security.ACL.checkPermission(ACL.java:65)
	at hudson.model.Node.checkPermission(Node.java:464)
	at jenkins.model.Jenkins.getLog(Jenkins.java:2449)
	at com.cloudbees.jenkins.support.impl.JenkinsLogs.<init>(JenkinsLogs.java:49)
	at com.cloudbees.jenkins.support.impl.JenkinsLogs$$FastClassByGuice$$adeef6a3.newInstance(<generated>)
	at ...

      The Master Log Recorders component was not available until after I restarted Jenkins.

      It seems that InstallationJob runs in a fresh thread as Jenkins.ANONYMOUS and this "authentication" is carried over to plugin code, which rightly expects its initializers to be run as SYSTEM.

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: