-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins 2.440.2
GitHub Authentication plugin 597.ve0c3480fcb_d0
Matrix Authorization Strategy Plugin 3.2.2
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins.
Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions:
'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'
We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail.
I've tried to find more info by enabling more fine grained logging and this is what I could get.
When the builds fails, the user is missing any GrantedAuthorities:
'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'
on successful builds he has the expected authorities:
'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true'
I've tried to find an existing bug report, but couldn't find anything matching.
Maybe this is related, but I'm not sure JENKINS-72209
- is related to
-
-
- Open
-
-
-
- Reopened
-
-
-
- Reopened
-
[JENKINS-73060] Github Oauth authentication 'randomly' missing authorities
kutzi
created issue -
kutzi
made changes -
| Description |
Original:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=teamwebsiteauto, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true }} {{'}} {{I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209}} |
New:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=teamwebsiteauto, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} {{I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209}} |
kutzi
made changes -
| Link | New: This issue is related to JENKINS-72209 [ JENKINS-72209 ] |
kutzi
made changes -
| Description |
Original:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=teamwebsiteauto, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} {{I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209}} |
New:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} {{I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209}} |
kutzi
made changes -
| Description |
Original:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} {{I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209}} |
New:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209 |
kutzi
made changes -
| Description |
Original:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabled more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209 |
New:
We're using the Github auth and Matrix Auth plugin for configuring build permissions.
We're using curl with basic auth to trigger builds remotely on this Jenkins. Most of the time that works well, but seemingly randomly the builds are rejected because of missing permissions: {{'javax.servlet.ServletException: hudson.security.AccessDeniedException3: userxxx is missing the Job/Build permission: 200'}} We're running some dozen builds per day and in average 2-3 builds fail. One some days more, on other days no builds fail. I've tried to find more info by enabling more fine grained logging and this is what I could get. When the builds fails, the user is missing any GrantedAuthorities: {{'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]],Permission[class hudson.model.Hudson,Read])=>true'}} on successful builds he has the expected authorities: {{{}'FINE hudson.security.SidACL hasPermission2: hasPermission(UsernamePasswordAuthenticationToken [Principal=userxxx, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[authenticated, website, ...]],Permission[interface hudson.model.Item,Build])=>true{}}}{{{}'{}}} I've tried to find an existing bug report, but couldn't find anything matching. Maybe this is related, but I'm not sure JENKINS-72209 |
kutzi
made changes -
| Link | New: This issue is related to JENKINS-72268 [ JENKINS-72268 ] |
Fabian Holler
made changes -
| Link | New: This issue relates to JENKINS-63296 [ JENKINS-63296 ] |
Fabian Holler
made changes -
| Link | Original: This issue relates to JENKINS-63296 [ JENKINS-63296 ] |
Fabian Holler
made changes -
| Link | New: This issue relates to JENKINS-63296 [ JENKINS-63296 ] |
Fabian Holler
made changes -
| Link | New: This issue is related to JENKINS-63296 [ JENKINS-63296 ] |