Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33944

User-scoped credentials cannot be looked up

    Details

    • Similar Issues:

      Description

      Plugin: credentials v1.26

      This is a regression introduced by JENKINS-31610 (see lines 148/149)

      Right after looking up for user-scoped credentials, the SecurityContext is set to null which should not happen and causes this error:

      Mar 31, 2016 4:31:49 PM org.eclipse.jetty.util.log.JavaUtilLog warn
      WARNING: Error while serving http://localhost:8081/job/MyProject/1/descriptorByName/hudson.scm.SubversionTagAction/fillCredentialsIdItems
      java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:497)
      	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.MetaClass$13.dispatch(MetaClass.java:411)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
      	at com.cloudbees.jenkins.ha.HAHealthCheckFilter.doFilter(HAHealthCheckFilter.java:35)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
      	at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at com.cloudbees.opscenter.client.plugin.OfflineSecurityRealmFilter._doFilter(OfflineSecurityRealmFilter.java:90)
      	at com.cloudbees.opscenter.client.plugin.OfflineSecurityRealmFilter.doFilter(OfflineSecurityRealmFilter.java:67)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at com.cloudbees.opscenter.security.ClusterSessionFilter._doFilter(ClusterSessionFilter.java:69)
      	at com.cloudbees.opscenter.security.ClusterSessionFilter.doFilter(ClusterSessionFilter.java:44)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at org.jenkinsci.plugins.suppress_stack_trace.SuppressionFilter.doFilter(SuppressionFilter.java:34)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:201)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:178)
      	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:85)
      	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:102)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: Only non-null SecurityContext instances are permitted
      	at org.springframework.util.Assert.notNull(Assert.java:112)
      	at org.acegisecurity.context.ThreadLocalSecurityContextHolderStrategy.setContext(ThreadLocalSecurityContextHolderStrategy.java:51)
      	at org.acegisecurity.context.SecurityContextHolder.setContext(SecurityContextHolder.java:120)
      	at com.cloudbees.plugins.credentials.UserCredentialsProvider.getCredentials(UserCredentialsProvider.java:156)
      	at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:276)
      	at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:531)
      	at hudson.scm.SubversionTagAction$DescriptorImpl.doFillCredentialsIdItems(SubversionTagAction.java:355)
      	... 101 more
      

      And the credentials cannot be retrieved.

      Not many plugins use user-scoped credentials, so a way to reproduce it is to use the Tag functionality of the Subversion plugin.

        Attachments

          Issue Links

            Activity

            Show
            pianoroy Roy Tinker added a comment - I'm seeing a similar issue. Please see my comment on JENKINS-28637 : https://issues.jenkins-ci.org/browse/JENKINS-28637?focusedCommentId=252682&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-252682
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Armando Fernandez
            Path:
            src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java
            src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java
            http://jenkins-ci.org/commit/credentials-plugin/b0f83a77d238775f709f5bda7a526ecd56e7d9af
            Log:
            JENKINS-33944 Prevent setting SecurityContext to null

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Armando Fernandez Path: src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java http://jenkins-ci.org/commit/credentials-plugin/b0f83a77d238775f709f5bda7a526ecd56e7d9af Log: JENKINS-33944 Prevent setting SecurityContext to null
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Armando Fernandez
            Path:
            src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java
            src/test/java/com/cloudbees/plugins/credentials/domains/DomainTest.java
            http://jenkins-ci.org/commit/credentials-plugin/ca43c6ab1b310684256078527553de404ec8f653
            Log:
            JENKINS-33944JENKINS-33902 Completely migrate to JTH 2.x and add extra test cases.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Armando Fernandez Path: src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java src/test/java/com/cloudbees/plugins/credentials/domains/DomainTest.java http://jenkins-ci.org/commit/credentials-plugin/ca43c6ab1b310684256078527553de404ec8f653 Log: JENKINS-33944 JENKINS-33902 Completely migrate to JTH 2.x and add extra test cases.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java
            src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java
            src/test/java/com/cloudbees/plugins/credentials/domains/DomainTest.java
            http://jenkins-ci.org/commit/credentials-plugin/590caa7a9da0b61e8b3214125652135b1c79d02a
            Log:
            Merge pull request #45 from armfergom/JENKINS-33944

            JENKINS-33944 User-scoped credentials cannot be looked up

            Compare: https://github.com/jenkinsci/credentials-plugin/compare/4d648bf60c5e...590caa7a9da0

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java src/test/java/com/cloudbees/plugins/credentials/domains/DomainTest.java http://jenkins-ci.org/commit/credentials-plugin/590caa7a9da0b61e8b3214125652135b1c79d02a Log: Merge pull request #45 from armfergom/ JENKINS-33944 JENKINS-33944 User-scoped credentials cannot be looked up Compare: https://github.com/jenkinsci/credentials-plugin/compare/4d648bf60c5e...590caa7a9da0
            Hide
            armfergom Armando Fernandez added a comment -

            Fixed in 1.27

            Show
            armfergom Armando Fernandez added a comment - Fixed in 1.27
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Armando Fernandez
            Path:
            src/main/java/org/jenkinsci/test/acceptance/plugins/credentials/BaseStandardCredentials.java
            src/main/java/org/jenkinsci/test/acceptance/plugins/credentials/Domain.java
            src/main/java/org/jenkinsci/test/acceptance/plugins/credentials/ManagedCredentials.java
            src/test/java/core/CredentialsTest.java
            http://jenkins-ci.org/commit/acceptance-test-harness/5655353c15e3c0521e37e56293e943e52a04aef4
            Log:
            JENKINS-33944 Use PageAreas for verifications. Adding one more test case.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Armando Fernandez Path: src/main/java/org/jenkinsci/test/acceptance/plugins/credentials/BaseStandardCredentials.java src/main/java/org/jenkinsci/test/acceptance/plugins/credentials/Domain.java src/main/java/org/jenkinsci/test/acceptance/plugins/credentials/ManagedCredentials.java src/test/java/core/CredentialsTest.java http://jenkins-ci.org/commit/acceptance-test-harness/5655353c15e3c0521e37e56293e943e52a04aef4 Log: JENKINS-33944 Use PageAreas for verifications. Adding one more test case.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Armando Fernandez
            Path:
            src/test/java/core/CredentialsTest.java
            http://jenkins-ci.org/commit/acceptance-test-harness/b0512a2dfdf7574678be1987c23961f100116fee
            Log:
            JENKINS-33944 Don't set credential ids in test

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Armando Fernandez Path: src/test/java/core/CredentialsTest.java http://jenkins-ci.org/commit/acceptance-test-harness/b0512a2dfdf7574678be1987c23961f100116fee Log: JENKINS-33944 Don't set credential ids in test

              People

              • Assignee:
                armfergom Armando Fernandez
                Reporter:
                armfergom Armando Fernandez
              • Votes:
                2 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: