Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63957

org.apache.commons.jelly.JellyTagException

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • None
    • Jenkins 2.249.1 installed via rpm
      OS Linux amd64
      Java OpenJDK 1.8.0_265
      plugins:
      ldap 1.11
      role-strategy 3.1

    Description

      We are having a strange intermittent issue. I am not entirely sure how to reproduce it but I believe it is being caused because some info is attempting to be displayed which the user does not have access to. We are using the LDAP plugin to manage user logins and the role-strategy plugin to partition users to only access specific folders for their jobs. I believe this is important as the error message indicates that the user was attempting to access data from a role that they do not have access to. In the example log excerpt below the message indicates that a user was attempting to access LMAPP, but they do not have that role. 

      We have had multiple reports of users experiencing this issue but it only seems to affect users with a limited set of permissions. Users who have full read-only or admin access don't seem to get this error as far as I can tell. It is also interesting to note that while this shows as a WARNING message in the logs, it displays as an error in the browser.

       

      This issue started when we upgraded to 2.249.1 last week but it may have been introduced earlier as we were several releases behind. I am not entirely sure if my interpretation of the error is correct, but that seems to be what is happening. Any help would be appreciated.

       

      Excerpt from the logs:

      2020-10-14 14:29:20.120+0000 [id=300866] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID c26b9f45-1990-47a4-ba5b-2e99860dc036
      org.apache.commons.jelly.JellyTagException: jar:file:/var/cache/jenkins/war/WEB-INF/lib/jenkins-core-2.249.1.jar!/hudson/model/View/sidepanel.jelly:75:50: <st:include> org.apache.commons.jelly.JellyTagException: jar:file:/var/cache/jenkins/war/WEB-INF/lib/jenkins-core-2.249.1.jar!/lib/hudson/executors.jelly:75:28: <j:otherwise> Please login to access job LMAPP
      at org.apache.commons.jelly.impl.TagScript.handleException(TagScript.java:726)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:281)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)
      at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
      at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.tags.core.CoreTagLibrary$1.run(CoreTagLibrary.java:98)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:95)
      at org.kohsuke.stapler.jelly.IncludeTag.doTag(IncludeTag.java:147)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
      at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:100)

      Attachments

        Activity

          nfplatzke Fritz Platzke added a comment -

          I believe this is another instance of 

          JENKINS-63868

          nfplatzke Fritz Platzke added a comment - I believe this is another instance of  JENKINS-63868

          I've also started seeing this since updating to 2.249.2

          chrisnicoll Christopher Nicoll added a comment - I've also started seeing this since updating to 2.249.2
          nfplatzke Fritz Platzke added a comment -

          For anyone who is having this issue, you may be able to do what I was able to do. 

          Our setup uses folder-level permissions to allow users only the ability to see/interact with specific jobs. I removed the global job/Discover permissions from our "authenticated" permission set and users no longer see the error. However, they also can't see details about jobs that they don't have permissions to see. For our use case, this was perfectly fine since we don't care if they can see the jobs they don't have access to. But it may not be a solution for everyone.

          nfplatzke Fritz Platzke added a comment - For anyone who is having this issue, you may be able to do what I was able to do.  Our setup uses folder-level permissions to allow users only the ability to see/interact with specific jobs. I removed the global job/Discover permissions from our "authenticated" permission set and users no longer see the error. However, they also can't see details about jobs that they don't have permissions to see. For our use case, this was perfectly fine since we don't care if they can see the jobs they don't have access to. But it may not be a solution for everyone.
          sgdave David Drum added a comment - - edited

          We also experience this frequently (according to stack traces in the logs) but had not granted the Discover permission to the generic Authenticated User in the Matrix Authorization settings as suggested above.

          sgdave David Drum added a comment - - edited We also experience this frequently (according to stack traces in the logs) but had not granted the Discover permission to the generic Authenticated User in the Matrix Authorization settings as suggested above.

          I am seeing a similar issue ,was there any workaround or solution for this

          logs:

          com.thoughtworks.xstream.mapper.CannotResolveClassException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          	at com.thoughtworks.xstream.mapper.DefaultMapper.realClass(DefaultMapper.java:79)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.DynamicProxyMapper.realClass(DynamicProxyMapper.java:55)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.PackageAliasingMapper.realClass(PackageAliasingMapper.java:88)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.ClassAliasingMapper.realClass(ClassAliasingMapper.java:79)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.ArrayMapper.realClass(ArrayMapper.java:74)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:71)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at hudson.util.XStream2$CompatibilityMapper.realClass(XStream2.java:379)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at hudson.util.xstream.MapperDelegate.realClass(MapperDelegate.java:43)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:48)
          	at hudson.util.RobustReflectionConverter.determineType(RobustReflectionConverter.java:476)
          	at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:326)
          Caused: jenkins.util.xstream.CriticalXStreamException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          ---- Debugging information ----
          message             : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          cause-exception     : com.thoughtworks.xstream.mapper.CannotResolveClassException
          cause-message       : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          class               : hudson.model.Hudson
          required-type       : hudson.model.Hudson
          converter-type      : hudson.util.RobustReflectionConverter
          path                : /hudson/authorizationStrategy
          line number         : 11
          version             : not available
          -------------------------------
          	at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:355)
          	at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:269)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
          	at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
          	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
          shari siddharth hari added a comment - I am seeing a similar issue ,was there any workaround or solution for this logs: com.thoughtworks.xstream.mapper.CannotResolveClassException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy at com.thoughtworks.xstream.mapper.DefaultMapper.realClass(DefaultMapper.java:79) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.DynamicProxyMapper.realClass(DynamicProxyMapper.java:55) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.PackageAliasingMapper.realClass(PackageAliasingMapper.java:88) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.ClassAliasingMapper.realClass(ClassAliasingMapper.java:79) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.ArrayMapper.realClass(ArrayMapper.java:74) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:71) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at hudson.util.XStream2$CompatibilityMapper.realClass(XStream2.java:379) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at hudson.util.xstream.MapperDelegate.realClass(MapperDelegate.java:43) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:48) at hudson.util.RobustReflectionConverter.determineType(RobustReflectionConverter.java:476) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:326) Caused: jenkins.util.xstream.CriticalXStreamException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy ---- Debugging information ---- message : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy cause-exception : com.thoughtworks.xstream.mapper.CannotResolveClassException cause-message : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy class : hudson.model.Hudson required-type : hudson.model.Hudson converter-type : hudson.util.RobustReflectionConverter path : /hudson/authorizationStrategy line number : 11 version : not available ------------------------------- at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:355) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:269) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)

          People

            oleg_nenashev Oleg Nenashev
            nfplatzke Fritz Platzke
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: