![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Unassigned |
|
Components:
|
cli |
|
Created:
|
19/Dec/13 8:05 AM
|
|
Description:
|
Previously (Jenkins 1.534) we were using jenkins-cli to automate safe shutdown. But after upgrade to ver. 1.544 it stopped working.
Our configuration is uses Project-based Matrix Authorization Strategy.
Here are 3 main users who involved into the shutdown procedure:
- Anonymous - all permissions unset.
- authenticated - Overall/Read, Job/Read, Job/Build
- special jenkins-cli user - with Overall/Administer
And here is the command to perform a safe shutdown
java -jar jenkins-cli.jar -s http:
So it has been working perfectly with the above configuration until I upgraded Jenkins to 1.544
Now the command throws the error
hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
at hudson.security.ACL.checkPermission(ACL.java:54)
at hudson.model.Node.checkPermission(Node.java:418)
at hudson.cli.declarative.CLIRegisterer$1.main(CLIRegisterer.java:180)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:299)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:280)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:239)
at hudson.remoting.UserRequest.perform(UserRequest.java:118)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:328)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Of course, if I grant the permission to Anonymous, it will work. But I assume this is unsafe.
|
|
Environment:
|
amd64, Ubuntu 12.04.3 LTS, Openjdk 6b27-1.12.6-1ubuntu0.12.04.4
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Roman Shiryaev
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/groups/opt_out.
