What's defined in the autorization section ? I guess "anyone can do anything" ?
You have to set the autorization properly for your users. If you only have a single users, you can set it to "logged in users ca do anything" but I doubt you'll end up with a single user. Look at those option, matrix based security is usually what I use. On 2013-03-22, at 06:18, Bukama <[email protected]> wrote: > Hi, > thank you now the "broken" loginpage has gone. > > I enabled secutiry and selected the "delegate to servlet container" unter > "confgure global security" and saved and applied the settings. When I reload > the page the options are correctly set so I assume they are stored. > > But I can still access the Jenkins navigation bar including "manage jenkins" > (and change all the settings) even if I have not logged in - what am I do > wrong? > > Greetings > > Am 22.03.2013 10:55, schrieb Richard Lavoie: >> Change back the web-ressource-collection-url setting, restart tomcat, go to >> jenkins, manage jenkins, configure system, enable security and change >> security realm to "delegate to servlet container". >> >> By default security is disabled in jenkins. >> >> On 2013-03-22, at 03:41, Bukama <[email protected] >> <mailto:[email protected]>> wrote: >> >>> Hi everybody, >>> this is my first time I'm trying to configure an ubunto/jenkins server. I >>> got a nacked ubuntosystem where I installed >>> >>> * JAVA7 >>> * Tomcat7 >>> * Jenkins >>> >>> As described on https://wiki.jenkins-ci.org/display/JENKINS/Tomcat I >>> deleted the predefined ROOT-directoy unter /var/lib/tomcat7/webapps and >>> copied jenkins.war as ROOT.war there. >>> After restaring tomcat the jenkins was deployed and could be accees. So far >>> so good. >>> >>> Now I want to secure the jenkins so it's not accessible directly. >>> >>> I added the following lines to the tomcat/conf/tomcat-users.xml >>> <role rolename="admin"/> >>> <user username="jenkins-admin" password="secret" roles="admin"/> >>> >>> >>> In the web.xml of the webapps/ROOT/WEB-INF direcoty (where jenkins is >>> deployed) I changed the folloing line to use the "admin"-role >>> <role-name>admin</role-name> >>> >>> After restarting tomcat Jenkins was still accessable without any >>> user-validation. So I changed the web-ressource-collection-url to >>> "<url-pattern>/*</url-pattern>" restarted Tomcat. >>> >>> Now i got a "destroyed" login-form (see screenshot) where I can enter >>> anything I wand - nothing happens >>> >>> Anyone have an idea what I'm doing wrong? >>> >>> Greetings from Germany >>> Matthias >>> >>> P.S. I also tried to change the Catalina-Realm to "<Realm >>> className="org.apache.catalina.realm.MemoryRealm" />" as described on >>> http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html but this doesn't >>> help either >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] >>> <mailto:[email protected]>. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> <jenkinslogin.png> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
