Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8815

you cannot use the cli without giving Overall read to Anonymous

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • cli

      I don't know that this is a bug or a feature, but I've noticed, that one cannot authenticate with a valid account through cli without giving Overall read permission for the Anonymous account.
      I'm using LDAP security, and if I remove that right from Anonymous, I get the

      build:~# java -jar jenkins-cli.jar -s http://localhost:8080/ help --username tyrael --password-file pwd
      Exception in thread "main" java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8080/cli
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
      at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:61)
      at hudson.cli.CLI.<init>(CLI.java:91)
      at hudson.cli.CLI.<init>(CLI.java:63)
      at hudson.cli.CLI.main(CLI.java:176)

      the same command works if I set the above mentioned right to the Anonymous account.

          [JENKINS-8815] you cannot use the cli without giving Overall read to Anonymous

          Good point. This is a bug.

          Kohsuke Kawaguchi added a comment - Good point. This is a bug.

          Ferenc Kovacs added a comment -

          changing the issue type to bug then.

          Ferenc Kovacs added a comment - changing the issue type to bug then.

          vjuranek added a comment -

          seems to be fixed, tested with 1.448 and works fine

          vjuranek added a comment - seems to be fixed, tested with 1.448 and works fine

          Upon the code inspection as of fd6a2288f97240c54386657d7ae7d5fbbae2b4c2, I think this issue was never fixed. CLIAction neesd to be UnprotectedRootAction.

          Kohsuke Kawaguchi added a comment - Upon the code inspection as of fd6a2288f97240c54386657d7ae7d5fbbae2b4c2, I think this issue was never fixed. CLIAction neesd to be UnprotectedRootAction .

          I talked with schrisou and he'll attempt a fix and a test case.

          Kohsuke Kawaguchi added a comment - I talked with schrisou and he'll attempt a fix and a test case.

          I created pull request https://github.com/jenkinsci/jenkins/pull/1005 which should resolve this issue.

          Steven Christou added a comment - I created pull request https://github.com/jenkinsci/jenkins/pull/1005 which should resolve this issue.

          Code changed in jenkins
          User: christ66
          Path:
          core/src/main/java/hudson/cli/CLIAction.java
          test/src/test/java/hudson/cli/CLIActionTest.java
          http://jenkins-ci.org/commit/jenkins/a2ff61010e1ee2c1521c94ad26cfe5252bf7aaef
          Log:
          [FIXED JENKINS-8815] Fixed issue where CLI required giving Overall read permission to anonymous.
          Added test unit.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: christ66 Path: core/src/main/java/hudson/cli/CLIAction.java test/src/test/java/hudson/cli/CLIActionTest.java http://jenkins-ci.org/commit/jenkins/a2ff61010e1ee2c1521c94ad26cfe5252bf7aaef Log: [FIXED JENKINS-8815] Fixed issue where CLI required giving Overall read permission to anonymous. Added test unit.

          Code changed in jenkins
          User: Oliver Gondža
          Path:
          core/src/main/java/hudson/cli/CLIAction.java
          test/src/test/java/hudson/cli/CLIActionTest.java
          http://jenkins-ci.org/commit/jenkins/a494868c47d103b7bb1457aaaeadf87a55bb48ba
          Log:
          Merge pull request #1005 from christ66/master

          [FIXED JENKINS-8815] Fixed issue where CLI required giving Overall read ...

          Conflicts:
          core/src/main/java/hudson/cli/CLIAction.java

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: core/src/main/java/hudson/cli/CLIAction.java test/src/test/java/hudson/cli/CLIActionTest.java http://jenkins-ci.org/commit/jenkins/a494868c47d103b7bb1457aaaeadf87a55bb48ba Log: Merge pull request #1005 from christ66/master [FIXED JENKINS-8815] Fixed issue where CLI required giving Overall read ... Conflicts: core/src/main/java/hudson/cli/CLIAction.java

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3036

          Result = SUCCESS

          dogfood added a comment - Integrated in jenkins_main_trunk #3036 Result = SUCCESS

            schristou Steven Christou
            tyrael Ferenc Kovacs
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: