Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15861

SCMTrigger runs with anonymous authentication

    Details

    • Similar Issues:

      Description

      I have a matrix based security setup where "authenticated" can do everything and anonymous can do nothing.

      In addition, I am using the template-project-plugin.

      In such a configuration polling the SCM will fail due to Hudson.getItem() returning null. The reason for that is that the authentication of the SCMTrigger.run method is null and therefore, jenkins assumes that this user is unauthenticated (anonymous) and therefore, does not have any permissions whatsoever.

      ERROR: Failed to record SCM polling for java.lang.NullPointerException: project is null, 
      	at hudson.plugins.templateproject.ProxySCM.requiresWorkspaceForPolling(ProxySCM.java:179)
      	at hudson.model.AbstractProject._poll(AbstractProject.java:1417)
      	at hudson.model.AbstractProject.poll(AbstractProject.java:1387)
      	at hudson.triggers.SCMTrigger$Runner.runPolling(SCMTrigger.java:420)
      	at hudson.triggers.SCMTrigger$Runner.run(SCMTrigger.java:449)
      	at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:118)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
      	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
      	at java.util.concurrent.FutureTask.run(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at java.lang.Thread.run(Unknown Source)
      

      Whether this is a bug in ProxySCM (and therefore the template plugin) or whether this is a general problem is hard for me to tell.

      I was able to work around the problem by giving "Job/read" permission to "anonymous" but IMHO the SCMTrigger should run as SYSTEM.

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          Looks like a bug in Template Project. Internal processes don't necessarily have an associated authentication (as they can easily elevate privileges whenever that's needed, something Template Project probably should do here).

          Show
          danielbeck Daniel Beck added a comment - Looks like a bug in Template Project. Internal processes don't necessarily have an associated authentication (as they can easily elevate privileges whenever that's needed, something Template Project probably should do here).
          Hide
          brantone Brantone added a comment -
          Show
          brantone Brantone added a comment - I wonder if this is fixed by https://github.com/jenkinsci/template-project-plugin/pull/12 ??

            People

            • Assignee:
              Unassigned
              Reporter:
              rburgst2 Rainer Burgstaller
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: