Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74800

Reverse Proxy Auth Plugin 1.7.7 fails with 2.479.1

    • 1.8.0

      Hi,

      After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace. Nothings is accessible as we have enforced security with LDAP groups to jobs.

      After having rollbacked, I have seen the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it could be related, but not quite sure as this plugin does not seem to use Spring Security.

       

      Thanks!

      [Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues
          java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)'
              at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107)
              at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144)
              at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124)
              at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623)
              at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604)
              at hudson.security.HudsonFilter.reset(HudsonFilter.java:139)
              at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820)
              at jenkins.model.Jenkins.load(Jenkins.java:3432)
              at jenkins.model.Jenkins$12.run(Jenkins.java:3528)
              at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
              at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
              at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195)
              at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
              at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
              at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
              at java.base/java.lang.Thread.run(Thread.java:1583)

          [JENKINS-74800] Reverse Proxy Auth Plugin 1.7.7 fails with 2.479.1

          Robert Smith created issue -
          Robert Smith made changes -
          Description Original: Hi,

          After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace.

          After having rollbacked, I have read the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it *could* be related, but not quite sure as this plugin does not seem to use Spring Security.

           

          Thanks!

          [Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues
              java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)'
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623)
                  at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604)
                  at hudson.security.HudsonFilter.reset(HudsonFilter.java:139)
                  at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820)
                  at jenkins.model.Jenkins.load(Jenkins.java:3432)
                  at jenkins.model.Jenkins$12.run(Jenkins.java:3528)
                  at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
                  at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
                  at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195)
                  at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
                  at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
                  at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
                  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
                  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
                  at java.base/java.lang.Thread.run(Thread.java:1583)
          New: Hi,

          After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace.

          After having rollbacked, I have read the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it *could* be related, but not quite sure as this plugin does not seem to use Spring Security.

           

          Thanks!
          {code:java}
          [Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues
              java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)'
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623)
                  at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604)
                  at hudson.security.HudsonFilter.reset(HudsonFilter.java:139)
                  at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820)
                  at jenkins.model.Jenkins.load(Jenkins.java:3432)
                  at jenkins.model.Jenkins$12.run(Jenkins.java:3528)
                  at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
                  at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
                  at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195)
                  at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
                  at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
                  at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
                  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
                  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
                  at java.base/java.lang.Thread.run(Thread.java:1583){code}
          Robert Smith made changes -
          Summary Original: Reverse Proxy Auth Plugin fails with 2.479.1 New: Reverse Proxy Auth Plugin 1.7.7 fails with 2.479.1
          Robert Smith made changes -
          Description Original: Hi,

          After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace.

          After having rollbacked, I have read the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it *could* be related, but not quite sure as this plugin does not seem to use Spring Security.

           

          Thanks!
          {code:java}
          [Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues
              java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)'
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623)
                  at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604)
                  at hudson.security.HudsonFilter.reset(HudsonFilter.java:139)
                  at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820)
                  at jenkins.model.Jenkins.load(Jenkins.java:3432)
                  at jenkins.model.Jenkins$12.run(Jenkins.java:3528)
                  at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
                  at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
                  at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195)
                  at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
                  at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
                  at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
                  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
                  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
                  at java.base/java.lang.Thread.run(Thread.java:1583){code}
          New: Hi,

          After upgrading from 2.462.3 to 2.479.1, jenkins starts but fails with the following stacktrace. Nothings is accessible as we have enforced security with LDAP groups to jobs.

          After having rollbacked, I have seen the release notes regarding Spring 6 and the need to manually update the LDAP plugin, it *could* be related, but not quite sure as this plugin does not seem to use Spring Security.

           

          Thanks!
          {code:java}
          [Loading global config] jenkins.model.Jenkins$5.runTask Loading global config failed perhaps due to plugin dependency issues
              java.lang.NoSuchMethodError: 'void org.springframework.util.Assert.hasLength(java.lang.String)'
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.LdapUtils.parseRootDnFromUrl(LdapUtils.java:107)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.setProviderUrl(DefaultInitialDirContextFactory.java:144)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.acegisecurity.ldap.DefaultInitialDirContextFactory.<init>(DefaultInitialDirContextFactory.java:124)
                  at PluginClassLoader for reverse-proxy-auth-plugin//org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.createSecurityComponents(ReverseProxySecurityRealm.java:623)
                  at hudson.security.SecurityRealm.getSecurityComponents(SecurityRealm.java:604)
                  at hudson.security.HudsonFilter.reset(HudsonFilter.java:139)
                  at jenkins.model.Jenkins.resetFilter(Jenkins.java:2820)
                  at jenkins.model.Jenkins.load(Jenkins.java:3432)
                  at jenkins.model.Jenkins$12.run(Jenkins.java:3528)
                  at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
                  at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
                  at jenkins.model.Jenkins$5.runTask(Jenkins.java:1195)
                  at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
                  at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
                  at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
                  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
                  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
                  at java.base/java.lang.Thread.run(Thread.java:1583){code}

          Mark Waite added a comment - - edited

          I think that the stack trace indicates that the plugin has not migrated from acegi security to Spring Security.  Jenkins core changed from acegi security to Spring Security in November 2020 as announced in a blog post, in JEP-227, and in the Jenkins 2.277.1 changelog and upgrade guide.

          The acegi security version that is included in the reverse proxy auth plugin includes a reference to a Spring Framework method that is not available in Spring Framework 6. I think that one path forward is to complete the migration from acegi security to Spring Security in the plugin source code.

          I have submitted a pull request that modernizes the plugin to require Jenkins 2.452.4 or newer in hopes that will help others as they migrate from acegi security to Spring Security.

          Mark Waite added a comment - - edited I think that the stack trace indicates that the plugin has not migrated from acegi security to Spring Security.  Jenkins core changed from acegi security to Spring Security in November 2020 as announced in a blog post , in JEP-227 , and in the Jenkins 2.277.1 changelog and upgrade guide . The acegi security version that is included in the reverse proxy auth plugin includes a reference to a Spring Framework method that is not available in Spring Framework 6. I think that one path forward is to complete the migration from acegi security to Spring Security in the plugin source code. I have submitted a pull request that modernizes the plugin to require Jenkins 2.452.4 or newer in hopes that will help others as they migrate from acegi security to Spring Security.

          Robert Smith added a comment - - edited

          Thanks, that was my assumption too.

          BTW, your PR does not remove acegi security from dependencies, is this expected ? Once this is merged, is there any more work to do to make the plugin work with the newer jenkins version ?

          Thanks!

          Robert Smith added a comment - - edited Thanks, that was my assumption too. BTW, your PR does not remove acegi security from dependencies, is this expected ? Once this is merged, is there any more work to do to make the plugin work with the newer jenkins version ? Thanks!

          Mark Waite added a comment -

          BTW, your PR does not remove acegi security from dependencies, is this expected ?

          It is expected but not desired. My pull request is the first (easy) step that I hoped would help someone else make the more difficult step of migrating the plugin from acecgi security to Spring Security. I don't have any experience with reverse proxy authorization or with the acegi to Spring Security migration, so I did the thing that is most familiar to me first.

          Once this is merged, is there any more work to do to make the plugin work with the newer jenkins version ?

          Yes, I believe there is much more work required before the plugin will work with Jenkins 2.479.1 and newer.

          Mark Waite added a comment - BTW, your PR does not remove acegi security from dependencies, is this expected ? It is expected but not desired. My pull request is the first (easy) step that I hoped would help someone else make the more difficult step of migrating the plugin from acecgi security to Spring Security. I don't have any experience with reverse proxy authorization or with the acegi to Spring Security migration, so I did the thing that is most familiar to me first. Once this is merged, is there any more work to do to make the plugin work with the newer jenkins version ? Yes, I believe there is much more work required before the plugin will work with Jenkins 2.479.1 and newer.

          Mark Waite added a comment - - edited

          If you have a disposable Jenkins controller where you can test something interactively, you could try the incremental build result from a draft pull request that does a very poor, partial update to require Jenkins 2.479.1. That pull request is probably useless because the plugin really does need to migrate from acegi security to Spring Security, but if you have the capacity to try it, that might help the maintainers when they have capacity to work on the issue.

          https://github.com/jenkinsci/reverse-proxy-auth-plugin/pull/140/checks?check_run_id=32386950716 is the GitHub checks page for the most recent build of that very poor, partial update.

          Mark Waite added a comment - - edited If you have a disposable Jenkins controller where you can test something interactively, you could try the incremental build result from a draft pull request that does a very poor, partial update to require Jenkins 2.479.1. That pull request is probably useless because the plugin really does need to migrate from acegi security to Spring Security, but if you have the capacity to try it, that might help the maintainers when they have capacity to work on the issue. https://github.com/jenkinsci/reverse-proxy-auth-plugin/pull/140/checks?check_run_id=32386950716 is the GitHub checks page for the most recent build of that very poor, partial update.

          Robert Smith added a comment - - edited

          thanks again, I have tested an a fresh 2.479.1 with build 1.8.0-rc228.c28cb_7c13148 of the plugin from your PR but no luck unfortunately. The stacktrace is still the same.

          Robert Smith added a comment - - edited thanks again, I have tested an a fresh 2.479.1 with build 1.8.0-rc228.c28cb_7c13148 of the plugin from your PR but no luck unfortunately. The stacktrace is still the same.

          Ignacio added a comment -

          Hi, We can only log-in using LDAP and we updated today to 2.479.1 and the same problem arises. I reported this JENKINS-74802 a few minutes ago.

          Ignacio added a comment - Hi, We can only log-in using LDAP and we updated today to 2.479.1 and the same problem arises. I reported this JENKINS-74802 a few minutes ago.

            basil Basil Crow
            mamamia Robert Smith
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: