Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48970

JEP-200 Problem with serialisation of a class used by Jenkins Reverse Proxy Authentication and Authorisation Plugin

      • Operating System: ubuntu 16.04
      • All relevant JRE/JDK vendors and versions (e.g. Oracle JRE, OpenJDK, ...) and the parameters set: OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12)
      • Jenkins and plugin versions: Jenkins ver. 2.102 and Reverse Proxy Auth plugin 1.5
      • Whether you're running Jenkins directly or in a container like Tomcat (which one, in which version?) - running as a docker container
      • Whether Jenkins is accessed through a reverse proxy (if so, how is it configured?) - apache reverse proxy configured as working with previous versions
      • How you installed Jenkins (Windows installer, deb/rpm, ...), and how you're launching any involved slave nodes (via SSH, web browser, command line, ...) - docker container based on ubuntu 16.04
      • Your web browser Chrome Version 63.0.3239.132 (Official Build) (64-bit)

       

      I encounter the following exception when trying to create a new view on a fresh installation of jenkins: 

      ```

      Stack trace

      java.lang.UnsupportedOperationException: Refusing to marshal org.acegisecurity.GrantedAuthorityImpl for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) at com.thoughtworks.xstream.converters.collections.ArrayConverter.marshal(ArrayConverter.java:45) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) at com.thoughtworks.xstream.converters.collections.MapConverter.marshal(MapConverter.java:79) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm#authContext for class org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) Caused: java.lang.RuntimeException: Failed to serialize jenkins.model.Jenkins#securityRealm for class hudson.model.Hudson at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015) at com.thoughtworks.xstream.XStream.toXML(XStream.java:988) at hudson.XmlFile.write(XmlFile.java:194) Caused: java.io.IOException at hudson.XmlFile.write(XmlFile.java:201) at jenkins.model.Jenkins.save(Jenkins.java:3157) at hudson.model.View.save(View.java:334) at hudson.util.PersistedList.onModified(PersistedList.java:173) at hudson.util.PersistedList.replaceBy(PersistedList.java:85) at hudson.util.DescribableList.rebuildHetero(DescribableList.java:208) at hudson.model.ListView.submit(ListView.java:464) at hudson.model.View.doConfigSubmit(View.java:988) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm$1.doFilter(ReverseProxySecurityRealm.java:514) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

      ```

          [JENKINS-48970] JEP-200 Problem with serialisation of a class used by Jenkins Reverse Proxy Authentication and Authorisation Plugin

          Andreas Lang added a comment -

          Yes, I will give it a shot later today and get back to you.

          Andreas Lang added a comment - Yes, I will give it a shot later today and get back to you.

          Andreas Lang added a comment -

          OK that did not work. Now I am getting:

          java.lang.NullPointerException at org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthenticationProvider.createUserDetails(ReverseProxyAuthenticationProvider.java:112) at org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthenticationProvider.retrieveUser(ReverseProxyAuthenticationProvider.java:147) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122)

          Seems it is getting a null user in DefaultReverseProxyAuthenticator.authenticate. I did do an upgrade installation though, maybe that caused troubles. Will see what happens if I uninstall the plugin, re-install the new version (using no authentication) and configure it then.

          Andreas Lang added a comment - OK that did not work. Now I am getting: java.lang.NullPointerException at org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthenticationProvider.createUserDetails(ReverseProxyAuthenticationProvider.java:112) at org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthenticationProvider.retrieveUser(ReverseProxyAuthenticationProvider.java:147) at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:122) Seems it is getting a null user in DefaultReverseProxyAuthenticator.authenticate. I did do an upgrade installation though, maybe that caused troubles. Will see what happens if I uninstall the plugin, re-install the new version (using no authentication) and configure it then.

          Oleg Nenashev added a comment -

          Yes, nulls should be handled in the plugin for sure. I cannot say whether it is a regression after fixes in master so far, needs code dive

          Oleg Nenashev added a comment - Yes, nulls should be handled in the plugin for sure. I cannot say whether it is a regression after fixes in master so far, needs code dive

          Andreas Lang added a comment - - edited

          Yes, also a fresh install produces the same result. In both cases it still asks me to log in which it should not do as all the login information is forwarded.

          Reverting back to jenkins own login for now.

          Andreas Lang added a comment - - edited Yes, also a fresh install produces the same result. In both cases it still asks me to log in which it should not do as all the login information is forwarded. Reverting back to jenkins own login for now.

          Andreas Lang added a comment -

          Also asked one of my colleagues to have a closer look at the issue and see if we can contribute a fix (or if the problem is on our side). I am a bit swamped at the moment otherwise I'd look into it myself.

          Andreas Lang added a comment - Also asked one of my colleagues to have a closer look at the issue and see if we can contribute a fix (or if the problem is on our side). I am a bit swamped at the moment otherwise I'd look into it myself.

          Oleg Nenashev added a comment -

          Thanks! I am also swamped with other stuff, so any help will be appreciated

          Oleg Nenashev added a comment - Thanks! I am also swamped with other stuff, so any help will be appreciated

          Oleg Nenashev added a comment -

          I have created an ownership handover request, no response from wilder_rodrigues so far. Without his response I will be able to release the plugin only on February 8th.

          Oleg Nenashev added a comment - I have created an ownership handover request, no response from wilder_rodrigues so far. Without his response I will be able to release the plugin only on February 8th.

          Oleg Nenashev added a comment -

          Got approval, hope to ship it soon

          Oleg Nenashev added a comment - Got approval, hope to ship it soon

          Oleg Nenashev added a comment -

          We had to facelift the plugin a bit to release it

          Oleg Nenashev added a comment - We had to facelift the plugin a bit to release it

          Oleg Nenashev added a comment -

          The fix has been released in 1.6.0

          Oleg Nenashev added a comment - The fix has been released in 1.6.0

            oleg_nenashev Oleg Nenashev
            andreaslang Andreas Lang
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: