Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48896

anonymous read of cc.xml file works only for root (ldap)

XMLWordPrintable

      This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.

      It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

      This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

      Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

          [JENKINS-48896] anonymous read of cc.xml file works only for root (ldap)

          Sorin Sbarnea created issue -
          Sorin Sbarnea made changes -
          Link New: This issue is related to JENKINS-2885 [ JENKINS-2885 ]
          Sorin Sbarnea made changes -
          Remote Link New: This issue links to "pull-52 (Web Link)" [ 19762 ]
          Sorin Sbarnea made changes -
          Component/s New: ldap-plugin [ 17122 ]
          Component/s Original: github-oauth-plugin [ 15900 ]
          Sorin Sbarnea made changes -
          Description Original: It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

          This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

          Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

          Ideally the github integration plugin should expose github login as basic auth, so we can use it from other applications too. Still, this would be subject to a different bug report.           		New: This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.

          It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

          This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

          Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.
          Sorin Sbarnea made changes -
          Assignee Original: Sam Gleske [ sag47 ] New: Kohsuke Kawaguchi [ kohsuke ]
          Oleg Nenashev made changes -
          Component/s New: cctray-xml-plugin [ 21967 ]
          Oleg Nenashev made changes -
          Component/s New: core [ 15593 ]
          Sorin Sbarnea made changes -
          Resolution New: Cannot Reproduce [ 5 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]

            kohsuke Kohsuke Kawaguchi
            ssbarnea Sorin Sbarnea
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: