-
Bug
-
Resolution: Fixed
-
Minor
-
None
Hi,
After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace. Nothings is accessible as we have enforced security with LDAP groups to jobs.
After having rollbacked, I have seen the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it could be related, but not quite sure as this plugin does not seem to use Spring Security.
Thanks!
[Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)' at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107) at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144) at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124) at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623) at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604) at hudson.security.HudsonFilter.reset(HudsonFilter.java:139) at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820) at jenkins.model.Jenkins.load(Jenkins.java:3432) at jenkins.model.Jenkins$12.run(Jenkins.java:3528) at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177) at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305) at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195) at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120) at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1583)
I think that the stack trace indicates that the plugin has not migrated from acegi security to Spring Security. Jenkins core changed from acegi security to Spring Security in November 2020 as announced in a blog post, in JEP-227, and in the Jenkins 2.277.1 changelog and upgrade guide.
The acegi security version that is included in the reverse proxy auth plugin includes a reference to a Spring Framework method that is not available in Spring Framework 6. I think that one path forward is to complete the migration from acegi security to Spring Security in the plugin source code.
I have submitted a pull request that modernizes the plugin to require Jenkins 2.452.4 or newer in hopes that will help others as they migrate from acegi security to Spring Security.