Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74800

Reverse Proxy Auth Plugin 1.7.7 fails with 2.479.1

    • 1.8.0

      Hi,

      After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace. Nothings is accessible as we have enforced security with LDAP groups to jobs.

      After having rollbacked, I have seen the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it could be related, but not quite sure as this plugin does not seem to use Spring Security.

       

      Thanks!

      [Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues
          java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)'
              at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107)
              at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144)
              at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124)
              at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623)
              at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604)
              at hudson.security.HudsonFilter.reset(HudsonFilter.java:139)
              at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820)
              at jenkins.model.Jenkins.load(Jenkins.java:3432)
              at jenkins.model.Jenkins$12.run(Jenkins.java:3528)
              at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
              at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
              at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195)
              at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
              at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
              at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
              at java.base/java.lang.Thread.run(Thread.java:1583)

          [JENKINS-74800] Reverse Proxy Auth Plugin 1.7.7 fails with 2.479.1

          Robert Smith added a comment - - edited

          thanks again, I have tested an a fresh 2.479.1 with build 1.8.0-rc228.c28cb_7c13148 of the plugin from your PR but no luck unfortunately. The stacktrace is still the same.

          Robert Smith added a comment - - edited thanks again, I have tested an a fresh 2.479.1 with build 1.8.0-rc228.c28cb_7c13148 of the plugin from your PR but no luck unfortunately. The stacktrace is still the same.

          Ignacio added a comment -

          Hi, We can only log-in using LDAP and we updated today to 2.479.1 and the same problem arises. I reported this JENKINS-74802 a few minutes ago.

          Ignacio added a comment - Hi, We can only log-in using LDAP and we updated today to 2.479.1 and the same problem arises. I reported this JENKINS-74802 a few minutes ago.

          Robert Smith added a comment -

          ihr That's not the same problem. I guess you should follow the release notes regarding the LDAP plugin that needs to be manually updated

           

          https://www.jenkins.io/doc/upgrade-guide/2.479/

          Robert Smith added a comment - ihr That's not the same problem. I guess you should follow the release notes regarding the LDAP plugin that needs to be manually updated   https://www.jenkins.io/doc/upgrade-guide/2.479/

          Mark Waite added a comment -

          mamamia the reverse proxy auth plugin needs a new maintainer. The comment from 2020 notes that it needs to be adopted. Recent releases have been from someone that is helping as time allows but is not an active user / maintainer. Are you interested in adopting the plugin?

          Mark Waite added a comment - mamamia the reverse proxy auth plugin needs a new maintainer. The comment from 2020 notes that it needs to be adopted. Recent releases have been from someone that is helping as time allows but is not an active user / maintainer. Are you interested in adopting the plugin?

          Robert Smith added a comment -

          markewaite I can give a shot to this Spring 6 migration next days.

          Any useful resource on this migration or an example of a plugin that has performed the migration recently ?

          Robert Smith added a comment - markewaite I can give a shot to this Spring 6 migration next days. Any useful resource on this migration or an example of a plugin that has performed the migration recently ?

          Mark Waite added a comment -

          Some resources that might help include:

          Mark Waite added a comment - Some resources that might help include: Brief Google groups thread discussing reverse proxy auth plugin migration from acegi to Spring Security JEP 227 - Replace Acegi Security with Spring Security & upgrade Spring Framework

          Basil Crow added a comment -

          I took a stab at this in https://github.com/jenkinsci/reverse-proxy-auth-plugin/pull/147 but with only light testing. I haven't tested the header groups feature, so I would appreciate if someone could test that.

          Basil Crow added a comment - I took a stab at this in https://github.com/jenkinsci/reverse-proxy-auth-plugin/pull/147 but with only light testing. I haven't tested the header groups feature, so I would appreciate if someone could test that.

          Basil Crow added a comment -

          Basil Crow added a comment - Fixed in jenkinsci/reverse-proxy-auth-plugin#147 .

          Basil Crow added a comment - - edited

          Basil Crow added a comment - - edited Fixed in jenkinsci/reverse-proxy-auth-plugin#147 . Released in 1.8.0 .

          Robert Smith added a comment - - edited

          thanks!

          Do you think I should force the plugin upgrade before upgrading, in order to not being stuck once Jenkins restart ?

          Or is there a way to upgrade the plugin in a sort of "headless" mode before the restart of the new version ? 

           

          EDIT : I see that the documentation has been upgraded, awesome !

           
          To upgrade the Reverse Proxy Auth plugin, follow these steps:

          1. Stop the Jenkins service with systemctl stop jenkins on Linux or similar commands on other operating systems.
          1. Download the Reverse Proxy Auth plugin from the Jenkins update center.
          1. Move reverse-proxy-auth-plugin.hpi into $JENKINS_HOME/plugins/reverse-proxy-auth-plugin.jpi and set the correct ownership and permissions.
          1. Start the Jenkins service with systemctl start jenkins or similar commands on other operating systems.

           

          Robert Smith added a comment - - edited thanks! Do you think I should force the plugin upgrade before upgrading, in order to not being stuck once Jenkins restart ? Or is there a way to upgrade the plugin in a sort of "headless" mode before the restart of the new version ?    EDIT : I see that the documentation has been upgraded, awesome !   To upgrade the Reverse Proxy Auth plugin, follow these steps: Stop the Jenkins service with  systemctl stop jenkins  on Linux or similar commands on other operating systems. Download the Reverse Proxy Auth plugin from the  Jenkins update center . Move reverse-proxy-auth-plugin.hpi into $JENKINS_HOME/plugins/reverse-proxy-auth-plugin.jpi and set the correct ownership and permissions. Start the Jenkins service with  systemctl start jenkins  or similar commands on other operating systems.  

            basil Basil Crow
            mamamia Robert Smith
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: