I'm trying to use CLI in 1.355 in authenticated mode.
Login command seems to work - returns nothing. But when i try to run any other (f.e. groovysh) command after login it says that anonymous is missing Administer permission. Also i was trying to run groovysh like this:

java -jar hudson-cli.jar -s ServerURL groovysh --username adminuser --password correctpass and it says the same.

The only thing i was able to perform so far is to quiet-down

This same issue is also preventing our server from automagically restarting itself unless the Anonymous user has full admin rights over hudson

(we are using Project-based Matrix Authorization Strategy )

When running :
java -jar hudson-cli.jar -s ServerURL login --username <an admin user> --password <the good one>
It tells me :
"--username" is not a valid option

We are running Hudson 1.359 with Matrix Based Security connected to a LDAP server, on a TOMCAT server.

This question becomes critical for us, because we really need to use security and want to extract some data to build our own metrics.
So, I tried the same on both Unix or Windows client and the same occurs.

Nevertheless, when using wget, I can give the credentials via :
http://username:pass@HudsonURL
For ex :
http://username:pass@HudsonURL/quietDown

And it works correctly.
The same command using java -jar does not work, saying that --username is not a valid option

Considering that the credentials are correctly passed using wget and not with the Hudson-cli jar,
I suppose there is something wrong with the CLI jar.

abarbieri, what is the current status of this issue? What security realm type do you use? I'm looking into JENKINS-6628 now (fixing LDAP security realm so it accepts --username/password parameters.. jlpinardon, this is what you mention in your comment above).. any other problems you see in CLI authentication in the latest Hudson release?

will provide feedback later today for these two types of security realms

• LDAP
• Hudson

using hudson version 1.371

when I use the help command I read:
...
login
Saves the current credential to allow future commands to run without explicit credential information
logout
Deletes the credential stored with the login command

so if one performs:
java -jar hudson-cli.jar -s http://localhost:8080/hudson login --username admin
Password:
and logs is successfully... why do I get this?
java -jar hudson-cli.jar -s http://localhost:8080/hudson groovysh

Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
at $Proxy2.main(Unknown Source)
at hudson.cli.CLI.execute(CLI.java:131)
at hudson.cli.CLI.main(CLI.java:180)
Caused by: hudson.remoting.ProxyException: hudson.security.AccessDeniedException
2: anonymous is missing the Administer permission
at hudson.security.ACL.checkPermission(ACL.java:53)
at hudson.model.Node.checkPermission(Node.java:310)
at hudson.cli.GroovyshCommand.main(GroovyshCommand.java:61)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:68)
at sun.reflect.GeneratedMethodAccessor110.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215)
at hudson.remoting.UserRequest.perform(UserRequest.java:114)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:270)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

the Anonymous user has all permissions disabled.

yes, groovysh does NOT work.. please file a separate issue for that one. When making the recent CLI security fixes I ran across that problem and added this comment in the code.

Any other problems with 1.371 + HudsonPrivateSecurityRealm to track in this issue?
If you want to test against LDAP, please use the latest dev build which has a start at fixing CLI authentication with LDAP.. it will at least accept --username, etc. See JENKINS-6628.

thanks!

will log a new issue (groovysh) and test LDAP with latest dev build.

so far with Hudson Security realm, Hudson 1.371 is ok with dist-fork and groovy (and with Anonymous with all permissions disabled).

testing more commands.

I finally tracked down and fixed the remaining CLI login issue I knew of (fixed under JENKINS-6628).. I'm going to mark this issue as resolved, as I think the various problems mentioned here have been fixed here and there (except groovysh). If you see any problems with the latest dev build or once 1.375 comes out (this last fix didn't make 1.374), reopen this or file a new issue, thanks.