Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64277

Unable to access Jenkins board since version 2.266

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Critical
    • Resolution: Fixed
    • cas-plugin
    • jennkins 2.267 and plugins rundeck, slack, gitlab, rocketchat all are latest version
      System : Apache Tomcat/9.0.29 Java jdk : 1.8.0_251-b08
      Browser : Firefox developer edition

    Description

      Hi,

      Since Jenkins 2.266, unable to access jenkins board, I always get jenkins Oops!, A problem occurrend while processing request.

      I update to Jenkins 267 but same thing and I see some exceptions in jenkins log :

      1st Alert:

      20-Nov-2020 12:43:00.867 AVERTISSEMENT [Finalizing set up] jenkins.model.Jenkins$5.runTask Finalizing set up failed perhaps due to plugin dependency issues
       java.lang.NoClassDefFoundError: hudson/util/spring/BeanBuilder
       at org.jenkinsci.plugins.cas.CasSecurityRealm.getApplicationContext(CasSecurityRealm.java:151)
       at org.jenkinsci.plugins.cas.CasSecurityRealm.createFilter(CasSecurityRealm.java:233)
       at hudson.security.HudsonFilter.reset(HudsonFilter.java:141)
       at jenkins.model.Jenkins.setSecurityRealm(Jenkins.java:2627)
       at jenkins.model.Jenkins$16.run(Jenkins.java:3342)
       at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
       at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
       at jenkins.model.Jenkins$5.runTask(Jenkins.java:1129)
       at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
       at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
       at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
       at java.lang.Thread.run(Thread.java:748)
       Caused by: java.lang.ClassNotFoundException: hudson.util.spring.BeanBuilder
       at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1387)
       at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1342)
       at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1089)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
       ... 14 more

      and when I try to access Jenkins I have always same exception : hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission in plugin extended-choice-parameter

       

      20-Nov-2020 12:43:48.701 WARNING [Handling GET /jenkins/ from 127.0.0.1 : https-jsse-nio-8443-exec-10] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 3bd3d6b1-d5ad-4514-95e9-afd14cabec1f
       hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission
       at hudson.security.ACL.checkPermission(ACL.java:79)
       at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
       at jenkins.model.Jenkins.getTarget(Jenkins.java:4835)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721)
       
      20-Nov-2020 12:43:50.370 WARNING [Handling GET /jenkins/static/4d53b25c/plugin/extended-choice-parameter/js/selectize.min.js from 127.0.0.1 : https-jsse-nio-8443-exec-3] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 0a2d1816-07d7-412d-b76c-dba6c138f350
       hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission
       at hudson.security.ACL.checkPermission(ACL.java:79)
       at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
       at jenkins.model.Jenkins.getTarget(Jenkins.java:4835)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
       
      20-Nov-2020 12:43:50.376 WARNING [Handling GET /jenkins/static/4d53b25c/plugin/extended-choice-parameter/js/jsoneditor.min.js from 127.0.0.1 : https-jsse-nio-8443-exec-10] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 90097c39-20b2-469a-a771-027dc2623a02
       hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission
       at hudson.security.ACL.checkPermission(ACL.java:79)
       at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
       at jenkins.model.Jenkins.getTarget(Jenkins.java:4835)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
       
      20-Nov-2020 12:43:50.419 WARNING [Handling GET /jenkins/static/4d53b25c/plugin/extended-choice-parameter/css/jquery.jsonview.css from 127.0.0.1 : https-jsse-nio-8443-exec-5] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 61d91127-ddbe-4865-ba79-0df3069ac736
       hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission
       at hudson.security.ACL.checkPermission(ACL.java:79)
       at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
       at jenkins.model.Jenkins.getTarget(Jenkins.java:4835)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
       
      20-Nov-2020 12:43:50.422 WARNING [Handling GET /jenkins/static/4d53b25c/plugin/extended-choice-parameter/css/selectize.css from 127.0.0.1 : https-jsse-nio-8443-exec-1] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID dbedb679-27d2-43ee-906d-a0f0b0675cf8
       hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission
       at hudson.security.ACL.checkPermission(ACL.java:79)
       at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
       at jenkins.model.Jenkins.getTarget(Jenkins.java:4835)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
      

       

       

      Thanks for your help

       

       

      Attachments

        Activity

          jaegger Ray Muggy added a comment -

          Hi,

          I uninstall the plugin extended-choice-parameter but still get hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission.

           

          Here is full stacktrace :

          20-Nov-2020 14:25:24.069 WARNING [Handling GET /jenkins/ from 127.0.0.1 : https-jsse-nio-8443-exec-16] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 4718f997-eeba-424e-8fd8-7a0c1d2305a5
           hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission
           at hudson.security.ACL.checkPermission(ACL.java:79)
           at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
           at jenkins.model.Jenkins.getTarget(Jenkins.java:4835)
           at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721)
           at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
           at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
           at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
           at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
           at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
           at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
           at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
           at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
           at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)

          Why keep asking for anonymous permission  in this version on jenkins?

           

          Thanks

          jaegger Ray Muggy added a comment - Hi, I uninstall the plugin extended-choice-parameter but still get hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission .   Here is full stacktrace : 20-Nov-2020 14:25:24.069 WARNING [Handling GET /jenkins/ from 127.0.0.1 : https-jsse-nio-8443-exec-16] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 4718f997-eeba-424e-8fd8-7a0c1d2305a5 hudson.security.AccessDeniedException3: anonymous is missing the Global/Read permission at hudson.security.ACL.checkPermission(ACL.java:79) at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47) at jenkins.model.Jenkins.getTarget(Jenkins.java:4835) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:721) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694) at org.kohsuke.stapler.Stapler.service(Stapler.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) Why keep asking for anonymous permission  in this version on jenkins?   Thanks
          markewaite Mark Waite added a comment -

          I suspect that you're using an authentication plugin that my need changes for the Spring Security upgrade that was included in Jenkins 2.266. Refer to the blog post, JEP-227, and the JEP-227 compatibility list for more details.

          I removed the git plugin from the list of affected plugins because I doubt it is involved in this issue.

          The cas plugin is mentioned in the JEP-227 compatibility document that it is incompatible and that fixes have been prepared. Refer to PR-4 for links to the CAS plugin changes needed for Spring Security. It suggests that CAS plugin 1.5.0 works with Jenkins 2.266 and later.

          See the CAS plugin documentation for its upgrade guide.

          markewaite Mark Waite added a comment - I suspect that you're using an authentication plugin that my need changes for the Spring Security upgrade that was included in Jenkins 2.266. Refer to the blog post , JEP-227 , and the JEP-227 compatibility list for more details. I removed the git plugin from the list of affected plugins because I doubt it is involved in this issue. The cas plugin is mentioned in the JEP-227 compatibility document that it is incompatible and that fixes have been prepared. Refer to PR-4 for links to the CAS plugin changes needed for Spring Security. It suggests that CAS plugin 1.5.0 works with Jenkins 2.266 and later. See the CAS plugin documentation for its upgrade guide.
          jaegger Ray Muggy added a comment -

          Yes, I use CAS plugin + LDAP for authentication.

          But the thing is, I can not update my CAS + LDAP plugins and then update Jenkins.

          The new versions of CAS + LDAP plugins are not supported with Jenkins 2.265 so I am stuck ?

          See attached

          jaegger Ray Muggy added a comment - Yes, I use CAS plugin + LDAP for authentication. But the thing is, I can not update my CAS + LDAP plugins and then update Jenkins. The new versions of CAS + LDAP plugins are not supported with Jenkins 2.265 so I am stuck ? See attached
          jaegger Ray Muggy added a comment -

          I got to try install the new CAS plugin manually.

          jaegger Ray Muggy added a comment - I got to try install the new CAS plugin manually.
          jaegger Ray Muggy added a comment -

          So After installed the new version of Jenkins 2.268 and installed in command line manually cas-plugin and ldap-plugin.

          It works fine.

          This issue can be closed.

          Thanks

          jaegger Ray Muggy added a comment - So After installed the new version of Jenkins 2.268 and installed in command line manually cas-plugin and ldap-plugin. It works fine. This issue can be closed. Thanks
          jglick Jesse Glick added a comment -

          You do not need both cas-plugin and ldap; cas-plugin includes self-sufficient LDAP functionality.

          Unfortunately this plugin, alone among all those affected by JEP-227, for logistical reasons could not be made forward-compatible, so you need to update it and core together.

          jglick Jesse Glick added a comment - You do not need both cas-plugin and ldap ; cas-plugin includes self-sufficient LDAP functionality. Unfortunately this plugin, alone among all those affected by JEP-227, for logistical reasons could not be made forward-compatible, so you need to update it and core together.

          People

            Unassigned Unassigned
            jaegger Ray Muggy
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: