-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
Version 1.544, Ubuntu 12.04.3 LTS, amd64, Openjdk 6b27-1.12.6-1ubuntu0.12.04.4
Previously (Jenkins 1.534) we were using jenkins-cli to automate safe shutdown. But after upgrade to ver. 1.544 it stopped working.
Our configuration uses Project-based Matrix Authorization Strategy.
Here are 3 main users who involved into the shutdown procedure:
- Anonymous - all permissions unset.
- authenticated - Overall/Read, Job/Read, Job/Build
- special jenkins-cli user - with Overall/Administer permission
And here is the command to perform a safe shutdown
java -jar jenkins-cli.jar -s http://localhost:8080 safe-shutdown --username "$JCLIUSER" --password "$JCLIPASSWD"
So it has been working perfectly with the above configuration until I upgraded Jenkins to 1.544
Now the command throws the error
hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
at hudson.security.ACL.checkPermission(ACL.java:54)
at hudson.model.Node.checkPermission(Node.java:418)
at hudson.cli.declarative.CLIRegisterer$1.main(CLIRegisterer.java:180)
at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:299)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:280)
at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:239)
at hudson.remoting.UserRequest.perform(UserRequest.java:118)
at hudson.remoting.UserRequest.perform(UserRequest.java:48)
at hudson.remoting.Request$2.run(Request.java:328)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Of course, if I grant the permission to Anonymous, it will work. But I assume this is unsafe.