[
https://issues.jenkins-ci.org/browse/JENKINS-11149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=160009#comment-160009
]
Frederik Fromm commented on JENKINS-11149:
------------------------------------------
moved to master-slave component
> JNLP slave fails to connect if Anonymous has not permission READ
> ----------------------------------------------------------------
>
> Key: JENKINS-11149
> URL: https://issues.jenkins-ci.org/browse/JENKINS-11149
> Project: Jenkins
> Issue Type: Bug
> Components: master-slave
> Affects Versions: current
> Reporter: Matthias Vach
> Assignee: Kohsuke Kawaguchi
>
> Hi all,
> I do face a problem with JNLP based windows slaves in combination with
> restricted permissions of Anonymous.
> If user Anonymous doesn't has READ permission granted, the JNLP slave
> (converted to a windows service) fails to connect to the master.
> The jenkins-slave.xml contains
> ------------------------------------------------------------------------------------
> <arguments>-Xrs -jar "%BASE%\slave.jar" -jnlpUrl
> https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp -jnlpCredentials
> abcd:efgh -auth abcd:efgh</arguments>
> ------------------------------------------------------------------------------------
> The tomcat-users.xml contains
> ------------------------------------------------------------------------------------
> <tomcat-users>
> <role rolename="admin"/>
> <role rolename="manager"/>
> <user username="abcd" password="efgh" roles="admin,manager"/>
> </tomcat-users>
> ------------------------------------------------------------------------------------
> The jenkins-slave.err.log contains
> ------------------------------------------------------------------------------------
> Failing to obtain https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp
> java.io.IOException: Failed to load
> https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp: 500 Internal Server
> Error
> at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:228)
> at hudson.remoting.Launcher.run(Launcher.java:190)
> at hudson.remoting.Launcher.main(Launcher.java:166)
> Waiting 10 seconds before retry
> ------------------------------------------------------------------------------------
> The tomcat's localhost.2011-xx-xx.log contains
> ------------------------------------------------------------------------------------
> SEVERE: Servlet.service() for servlet Stapler threw exception
> hudson.security.AccessDeniedException2: anonymous is missing the Read
> permission
> at hudson.security.ACL.checkPermission(ACL.java:53)
> at hudson.model.Node.checkPermission(Node.java:363)
> at hudson.model.Hudson.getTarget(Hudson.java:3538)
> ...
> ------------------------------------------------------------------------------------
> The setup is as follows:
> ------------------------------------------------------------------------------------
> OS: Windows 7
> Tomcat: 6.0.33
> Jenkins: 1.4.10 (also not working with 1.4.31)
> JDK: 1.6.27
> Security Realm: Matrix based Security is enabled
> Authorization: Delegate to servlet container
> permissions of user abcd: Overall Read, Overall Administer
> permissions of user Anonymous: none
> ------------------------------------------------------------------------------------
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
