-
Bug
-
Resolution: Not A Defect
-
Major
-
Linux Centos 6.8
We Delegate security to servlet container (tomcat 7 / over jdk 7)
Works fine in jenkins < 2
But authentication through container now returns an error HTTP 403 when accessing page "/loginEntry?from=%2Fjenkins%2F" since we've upgraded in last jenkins version (2.7.2)
Investigating on that issue i saw this evolution in jenkins.war's web.xml file :
<security-constraint> <web-resource-collection> <web-resource-name>Hudson</web-resource-name> <url-pattern>/loginEntry</url-pattern> <!--http-method>GET</http-method--> </web-resource-collection> <auth-constraint> <role-name>**</role-name> </auth-constraint> </security-constraint>
=> <role-name>**</role-name> wildcard with 2* instead of 1* in our previous version (1.651.1 where authentication is OK)