Details
-
Bug
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
Description
While running 2.32.2 (I think), I logged in as the initial admin user, then dynamically loaded support-core, and got
... hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1 error WARNING: Failed to instantiate Key[type=com.cloudbees.jenkins.support.impl.JenkinsLogs, annotation=[none]]; skipping this component com.google.inject.ProvisionException: Unable to provision, see the following errors: 1) Error injecting constructor, hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission at com.cloudbees.jenkins.support.impl.JenkinsLogs.<init>(JenkinsLogs.java:45) 1 error at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52) at ... at hudson.ExtensionList.iterator(ExtensionList.java:157) at com.cloudbees.jenkins.support.SupportPlugin.postInitialize(SupportPlugin.java:476) at hudson.PluginManager.dynamicLoad(PluginManager.java:868) at hudson.PluginManager.dynamicLoad(PluginManager.java:813) at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1891) at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1652) at ... Caused by: hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission at hudson.security.ACL.checkPermission(ACL.java:65) at hudson.model.Node.checkPermission(Node.java:464) at jenkins.model.Jenkins.getLog(Jenkins.java:2449) at com.cloudbees.jenkins.support.impl.JenkinsLogs.<init>(JenkinsLogs.java:49) at com.cloudbees.jenkins.support.impl.JenkinsLogs$$FastClassByGuice$$adeef6a3.newInstance(<generated>) at ...
The Master Log Recorders component was not available until after I restarted Jenkins.
It seems that InstallationJob runs in a fresh thread as Jenkins.ANONYMOUS and this "authentication" is carried over to plugin code, which rightly expects its initializers to be run as SYSTEM.
Attachments
Issue Links
- relates to
-
-
- Closed
-
- links to
Code changed in jenkins
User: Jesse Glick
Path:
core/src/main/java/hudson/PluginManager.java
test/src/test/java/hudson/PluginManagerTest.java
test/src/test/resources/plugins/require-system-during-load.hpi
http://jenkins-ci.org/commit/jenkins/6fb9e91b63521eb8cdcd072cec6610d856aabf34
Log:
JENKINS-41684Ensure that PluginManager.dynamicLoad runs as SYSTEM (#2732)Test plugin source:
package test;
import hudson.Plugin;
import jenkins.model.Jenkins;
public class ThePlugin extends Plugin {
@Override
public void postInitialize() throws Exception { Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); }
}