• Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • Platform: All, OS: All

      I already have apache and other security measure in place to secure hudson, but
      need the TCP port for JNLP slave agent to be fixed for firewall issues.
      I found the setting under security for this and if set manually in the
      config.xml file it work with security not enabled, but if you make changes on
      the configuration page it removes it if security is not enabled.

      My suggestions would be
      A. to move this setting to its own section to include any other JNLP settings.
      B. Persist this setting regardless of the security setting if its already set.

      Thanks

          [JENKINS-4478] Move TCP port out from under security

          Jan Klass added a comment -

          First of all, the port being under security was a bit unexpected on our end.

          Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!?

          On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour.

          This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?

          Jan Klass added a comment - First of all, the port being under security was a bit unexpected on our end. Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!? On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour. This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?

          Jan Klass added a comment - - edited

          It would also be helpful, if the node configuration setting for JNLP port (tunneling) would be a bit more elaborative about the server JNLP port, and where it is configured.

          In our case, even when changing the JNLP port, it was not necessary to configure anything there (as jenkins sends it to the slave on initial connection by the slave).

          Jan Klass added a comment - - edited It would also be helpful, if the node configuration setting for JNLP port (tunneling) would be a bit more elaborative about the server JNLP port, and where it is configured. In our case, even when changing the JNLP port, it was not necessary to configure anything there (as jenkins sends it to the slave on initial connection by the slave).

          Kseniia Nenasheva added a comment - Pull request:  https://github.com/jenkinsci/jenkins/pull/2900

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
          core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
          core/src/main/resources/hudson/security/csrf/GlobalCrumbIssuerConfiguration/config.groovy
          http://jenkins-ci.org/commit/jenkins/2228b3936e3fdf6130d65324ac7278cad84edb95
          Log:
          Merge pull request #2900 from ksenia-nenasheva/JENKINS-4478

          JENKINS-4478 - Move TCP port out from under security

          Compare: https://github.com/jenkinsci/jenkins/compare/a76a267f2f01...2228b3936e3f

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/security/GlobalSecurityConfiguration.java core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy core/src/main/resources/hudson/security/csrf/GlobalCrumbIssuerConfiguration/config.groovy http://jenkins-ci.org/commit/jenkins/2228b3936e3fdf6130d65324ac7278cad84edb95 Log: Merge pull request #2900 from ksenia-nenasheva/ JENKINS-4478 JENKINS-4478 - Move TCP port out from under security Compare: https://github.com/jenkinsci/jenkins/compare/a76a267f2f01...2228b3936e3f

          Daniel Beck added a comment -

          Fixed towards 2.64.

          Daniel Beck added a comment - Fixed towards 2.64.

            ks_nenasheva Kseniia Nenasheva
            rcalosso rcalosso
            Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: