![]() |
|
|
Issue Type:
|
Bug
|
Assignee:
|
Unassigned |
Components:
|
cli |
Created:
|
19/Dec/13 8:05 AM
|
Description:
|
Previously (Jenkins 1.534) we were using jenkins-cli to automate safe shutdown. But after upgrade to ver. 1.544 it stopped working.
Our configuration is uses Project-based Matrix Authorization Strategy.
Here are 3 main users who involved into the shutdown procedure:
- Anonymous - all permissions unset.
- authenticated - Overall/Read, Job/Read, Job/Build
- special jenkins-cli user - with Overall/Administer
And here is the command to perform a safe shutdown
java -jar jenkins-cli.jar -s http:
So it has been working perfectly with the above configuration until I upgraded Jenkins to 1.544
Now the command throws the error
hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
at hudson.security.ACL.checkPermission(ACL.java:54)
at hudson.model.Node.checkPermission(Node.java:418)
at hudson.cli.declarative.CLIRegisterer$1.main(CLIRegisterer.java:180)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:299)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:280)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:239)
at hudson.remoting.UserRequest.perform(UserRequest.java:118)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:328)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Of course, if I grant the permission to Anonymous, it will work. But I assume this is unsafe.
|
Environment:
|
amd64, Ubuntu 12.04.3 LTS, Openjdk 6b27-1.12.6-1ubuntu0.12.04.4
|
Project:
|
Jenkins
|
Priority:
|
Major
|
Reporter:
|
Roman Shiryaev
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/groups/opt_out.