• Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • Jenkins 2.249.1 installed via rpm
      OS Linux amd64
      Java OpenJDK 1.8.0_265
      plugins:
      ldap 1.11
      role-strategy 3.1

      We are having a strange intermittent issue. I am not entirely sure how to reproduce it but I believe it is being caused because some info is attempting to be displayed which the user does not have access to. We are using the LDAP plugin to manage user logins and the role-strategy plugin to partition users to only access specific folders for their jobs. I believe this is important as the error message indicates that the user was attempting to access data from a role that they do not have access to. In the example log excerpt below the message indicates that a user was attempting to access LMAPP, but they do not have that role. 

      We have had multiple reports of users experiencing this issue but it only seems to affect users with a limited set of permissions. Users who have full read-only or admin access don't seem to get this error as far as I can tell. It is also interesting to note that while this shows as a WARNING message in the logs, it displays as an error in the browser.

       

      This issue started when we upgraded to 2.249.1 last week but it may have been introduced earlier as we were several releases behind. I am not entirely sure if my interpretation of the error is correct, but that seems to be what is happening. Any help would be appreciated.

       

      Excerpt from the logs:

      2020-10-14 14:29:20.120+0000 [id=300866] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID c26b9f45-1990-47a4-ba5b-2e99860dc036
      org.apache.commons.jelly.JellyTagException: jar:file:/var/cache/jenkins/war/WEB-INF/lib/jenkins-core-2.249.1.jar!/hudson/model/View/sidepanel.jelly:75:50: <st:include> org.apache.commons.jelly.JellyTagException: jar:file:/var/cache/jenkins/war/WEB-INF/lib/jenkins-core-2.249.1.jar!/lib/hudson/executors.jelly:75:28: <j:otherwise> Please login to access job LMAPP
      at org.apache.commons.jelly.impl.TagScript.handleException(TagScript.java:726)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:281)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)
      at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
      at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.tags.core.CoreTagLibrary$1.run(CoreTagLibrary.java:98)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:95)
      at org.kohsuke.stapler.jelly.IncludeTag.doTag(IncludeTag.java:147)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
      at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
      at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:100)

          [JENKINS-63957] org.apache.commons.jelly.JellyTagException

          Fritz Platzke added a comment -

          I believe this is another instance of 

          JENKINS-63868

          Fritz Platzke added a comment - I believe this is another instance of  JENKINS-63868

          I've also started seeing this since updating to 2.249.2

          Christopher Nicoll added a comment - I've also started seeing this since updating to 2.249.2

          Fritz Platzke added a comment -

          For anyone who is having this issue, you may be able to do what I was able to do. 

          Our setup uses folder-level permissions to allow users only the ability to see/interact with specific jobs. I removed the global job/Discover permissions from our "authenticated" permission set and users no longer see the error. However, they also can't see details about jobs that they don't have permissions to see. For our use case, this was perfectly fine since we don't care if they can see the jobs they don't have access to. But it may not be a solution for everyone.

          Fritz Platzke added a comment - For anyone who is having this issue, you may be able to do what I was able to do.  Our setup uses folder-level permissions to allow users only the ability to see/interact with specific jobs. I removed the global job/Discover permissions from our "authenticated" permission set and users no longer see the error. However, they also can't see details about jobs that they don't have permissions to see. For our use case, this was perfectly fine since we don't care if they can see the jobs they don't have access to. But it may not be a solution for everyone.

          David Drum added a comment - - edited

          We also experience this frequently (according to stack traces in the logs) but had not granted the Discover permission to the generic Authenticated User in the Matrix Authorization settings as suggested above.

          David Drum added a comment - - edited We also experience this frequently (according to stack traces in the logs) but had not granted the Discover permission to the generic Authenticated User in the Matrix Authorization settings as suggested above.

          I am seeing a similar issue ,was there any workaround or solution for this

          logs:

          com.thoughtworks.xstream.mapper.CannotResolveClassException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          	at com.thoughtworks.xstream.mapper.DefaultMapper.realClass(DefaultMapper.java:79)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.DynamicProxyMapper.realClass(DynamicProxyMapper.java:55)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.PackageAliasingMapper.realClass(PackageAliasingMapper.java:88)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.ClassAliasingMapper.realClass(ClassAliasingMapper.java:79)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.ArrayMapper.realClass(ArrayMapper.java:74)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:71)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at hudson.util.XStream2$CompatibilityMapper.realClass(XStream2.java:379)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at hudson.util.xstream.MapperDelegate.realClass(MapperDelegate.java:43)
          	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
          	at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:48)
          	at hudson.util.RobustReflectionConverter.determineType(RobustReflectionConverter.java:476)
          	at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:326)
          Caused: jenkins.util.xstream.CriticalXStreamException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          ---- Debugging information ----
          message             : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          cause-exception     : com.thoughtworks.xstream.mapper.CannotResolveClassException
          cause-message       : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
          class               : hudson.model.Hudson
          required-type       : hudson.model.Hudson
          converter-type      : hudson.util.RobustReflectionConverter
          path                : /hudson/authorizationStrategy
          line number         : 11
          version             : not available
          -------------------------------
          	at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:355)
          	at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:269)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
          	at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
          	at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
          	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)

          siddharth hari added a comment - I am seeing a similar issue ,was there any workaround or solution for this logs: com.thoughtworks.xstream.mapper.CannotResolveClassException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy at com.thoughtworks.xstream.mapper.DefaultMapper.realClass(DefaultMapper.java:79) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.DynamicProxyMapper.realClass(DynamicProxyMapper.java:55) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.PackageAliasingMapper.realClass(PackageAliasingMapper.java:88) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.ClassAliasingMapper.realClass(ClassAliasingMapper.java:79) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.ArrayMapper.realClass(ArrayMapper.java:74) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:71) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at hudson.util.XStream2$CompatibilityMapper.realClass(XStream2.java:379) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at hudson.util.xstream.MapperDelegate.realClass(MapperDelegate.java:43) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30) at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:48) at hudson.util.RobustReflectionConverter.determineType(RobustReflectionConverter.java:476) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:326) Caused: jenkins.util.xstream.CriticalXStreamException: com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy ---- Debugging information ---- message : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy cause-exception : com.thoughtworks.xstream.mapper.CannotResolveClassException cause-message : com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy class : hudson.model.Hudson required-type : hudson.model.Hudson converter-type : hudson.util.RobustReflectionConverter path : /hudson/authorizationStrategy line number : 11 version : not available ------------------------------- at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:355) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:269) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)

            mawinter69 Markus Winter
            nfplatzke Fritz Platzke
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: