Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-59107

User logged out after successful configuration of "Run as Specific User" (as of Jenkins 2.150.2)

XMLWordPrintable

    • Jenkins 2.210

      Actual behaviour

      As user "A" when configuring authorization
      using the "Run as Specific User" strategy to run a job as user "B"
      after successful authentication with the password of user "B"
      user "A" is logged out.

      Expected behaviour

      User "A" is still logged in.

      Root Cause Analysis

      This issue is present starting with Jenkins 2.150.2 which implemented new security measures for user sessions (see changelog https://jenkins.io/changelog-stable/#v2.150.2). It seems that the below call from here invalidates the current user session:

      Jenkins.getActiveInstance().getSecurityRealm().getSecurityComponents().manager.authenticate(
    new UsernamePasswordAuthenticationToken(userId, password)
);

            jvz Matt Sicker
            renescheibe René Scheibe
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: