[JENKINS-69675] Random 404s caused by being logged out - Jenkins Jira

Type: Bug
Resolution: Won't Do
Priority: Minor
Component/s: active-directory-plugin
Labels:
None
Environment:
Jenkins 2.361.1
OpenLiberty 22.0.0.10
OpenJDK 17.0.4.1
RHEL8.6

Similar Issues:
Powered by SuggestiMate

Show

Since upgrading to 2.361.1 I'm seeing what are effectively random logouts, no jobs appearing or 404 pages until I logout and log back in again

When it happens I see the following message repeated in the logs:

[22/09/2022, 23:13:25:724 BST] 000015f1 com.ibm.ws.webcontainer.util.ApplicationErrorUtils E SRVE0777E: Exception thrown by application class 'hudson.security.ACL.checkPermission:80'

hudson.security.AccessDeniedException3: anonymous is missing the Overall/Read permission

at hudson.security.ACL.checkPermission(ACL.java:80)

at hudson.security.AccessControlled.checkPermission(AccessControlled.java:52)

at jenkins.model.Jenkins.getTarget(Jenkins.java:5058)

at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:717)

at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)

at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)

at org.kohsuke.stapler.Stapler.service(Stapler.java:240)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1258)

at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:746)

at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:443)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:193)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:98)

at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)

at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)

at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)

at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)

at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)

at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:160)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)

at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)

at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)

at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)

at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)

at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)

at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)

at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)

at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)

at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1002)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1140)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1011)

at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:75)

at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:938)

at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:281)

at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1199)

at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:468)

at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:427)

at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:566)

at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:500)

at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:360)

at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback.complete(HttpICLReadCallback.java:70)

at com.ibm.ws.channel.ssl.internal.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1824)

at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:514)

at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:584)

at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:968)

at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1057)

at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:245)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)

at java.base/java.lang.Thread.run(Thread.java:833)

Sometimes I don't see the issue for a few days, other times it can happen multiple times a day

Mike Lothian added a comment - 2022-09-27 12:06

I added debugging

<logging traceSpecification="=audit:hudson.plugins.active_directory.=finest:hudson.security.*=finest"/>

And noticed the default domain was bringing back controllers for both the main domain and a subdomain (ext.) when that one was being picked the user could not be found causing the issues being seen

I've switched to specifying the domain controllers (comma separated) manually excluding the ext ones

Mike Lothian added a comment - 2022-09-27 12:06 I added debugging <logging traceSpecification=" =audit:hudson.plugins.active_directory. =finest:hudson.security.*=finest"/> And noticed the default domain was bringing back controllers for both the main domain and a subdomain (ext.) when that one was being picked the user could not be found causing the issues being seen I've switched to specifying the domain controllers (comma separated) manually excluding the ext ones

Assignee:: Félix Belzunce Arcos

Reporter:: Mike Lothian

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2022-09-22 22:51

Updated:: 2024-11-22 12:49

Resolved:: 2024-11-22 12:49