-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Powered by SuggestiMate
Hello,
This is with regard to Job Config History Plug-in.
Of late I'm seeing job config history plug-in updating configuration change records of Jenkins jobs as anonymous user although I'm making config changes using my account/user name through GUI.
Environment Information:
- Job Configuration History Plugin (jobConfigHistory): 2.17
- Jenkins core version - 2.46.2
- JavaVersion-1.8.0_121
- OS-Windows
- I've noticed the type of Job having issues is Freestyle. I did not check other job type though, I assume it may be the same with other type.
- For ACL management, I'm using role base based strategy. Under global permissions / roles I see anonymous having only read access, but not sure how could anonymous being able to edit job configuration.
I suspect if this can be considered as a bug or something. Can you please let me know if this a known issue already ?
Please suggest if there is any fix / workaround for this issue. It would be grateful.
Many thanks in advance.
Thanks,
Ashok Kumar Srinivas
[JENKINS-46873] Job Config History Plug-in updates the username as anonymous
I see it is already activated on my windows Jenkins instance. This message seem like repeated in the log, I see the rest of it all like bind message, ID search etc.
Please let me know if I need to take any sort of actions on the below message.
Sep 14, 2017 2:17:48 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
Failed to start TLS. Authentication will be done via plain-text LDAP java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:189) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399) at com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1203) at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3256) Caused: javax.naming.CommunicationException: Software caused connection abort: recv failed [Root exception is java.net.SocketException: Software caused connection abort: recv failed] at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3308) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:645) at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:578) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:282) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:265) at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) at com.google.common.cache.LocalCache.get(LocalCache.java:3965) at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:265) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:230) at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:172) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47) at jenkins.security.BasicHeaderRealPasswordAuthenticator.authenticate(BasicHeaderRealPasswordAuthenticator.java:56) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:79) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
Sep 14, 2017 2:17:48 PM FINE hudson.plugins.active_directory.ActiveDirectorySecurityRealm
Do you find any exception from the ActiveDirectoryUserDetail.java class?
No, I did not find any exception by the file name ActiveDirectoryUserDetail.java class in the log.
Thanks,
Ashok Kumar Srinivas
Could you install this Snapshot version of JobConfigHistory and activate logging for hudson.plugins.jobConfigHistory.PluginUtils (Level INFO), please?
The new logger prints the user every time a configuration get saved (Current user is: user). If the jenkins core can't determine the user (e.g. anonymous), the logger prints Current user is: null.
Please check on that logger. Thank you.
Ok. Let me check and give a try and let you know.
Thank you.
Thanks,
Ashok Kumar Srinivas
As per your suggestion, I installed the plug-in given to me jobConfigHistory-2.18-20170915.063315-1.hpi on my test instance and enabled the logger hudson.plugins.jobConfigHistory.PluginUtils with INFO. It is outputs as your statement.
Sep 20, 2017 1:34:26 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:27 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: null
Sep 20, 2017 1:34:27 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: null
Sep 20, 2017 1:34:28 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:28 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:28 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:28 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:29 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:32 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: ASHOKKUMAR SRINIVAS
Sep 20, 2017 1:34:47 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: null
Sep 20, 2017 1:34:54 PM INFO hudson.plugins.jobConfigHistory.PluginUtils getHistoryDao
Current user is: null
Thanks,
Ashok Kumar Srinivas
Thank you for providing this log snippet.
As you can see, there are several lines printing that the current user is null. We get the info about the current user directly from the Jenkins core. When the Jenkins core cannot determine the current user, we get a null object (and hence set the user who changed the config to anonymous). So it must be an issue in the Jenkins core or the Active Directory Plugin. As I can say, there's unfortunately no way how we could fix this on JobConfigHistory hand.
stefanbrausch: Do you see any solution?
Jochen Fürbacher
Hello jochenafuerbacher & stefanbrausch
I'm sorry to bother you guys. Do you guys have any suggestion or a solution to over come this problem with Jenkins core ? Your suggestion would be appreciated. Thanks in advance.
Thanks,
Ashok Kumar Srinivas
Please could you activate logging for the package hudson.plugins.active_directory in jenkins and could you put the output here after you have the problem with the wrong user?
The log level should be warning or higher.
More about logging in jenkins can you find here: https://wiki.jenkins.io/display/JENKINS/Logging