Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42707

ReverseBuildTrigger can throw AccessDeniedException

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Component/s: core
    • Labels:
    • Environment:
      Jenkins 2.32.3
    • Similar Issues:

      Description

      Noticed in a console logs of an upstream job:

      Notifying upstream projects of job completion 
      FATAL: Please login to access job upstream 
      org.acegisecurity.AccessDeniedException: Please login to access job upstream 
      at jenkins.model.Jenkins.getItem(Jenkins.java:2724) 
      at jenkins.model.Jenkins.getItem(Jenkins.java:324) 
      at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2830) 
      at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2849) 
      at jenkins.triggers.ReverseBuildTrigger.shouldTrigger(ReverseBuildTrigger.java:116) 
      at jenkins.triggers.ReverseBuildTrigger.access$000(ReverseBuildTrigger.java:89) 
      at jenkins.triggers.ReverseBuildTrigger$1.shouldTriggerBuild(ReverseBuildTrigger.java:146) 
      at hudson.tasks.BuildTrigger.execute(BuildTrigger.java:247) 
      at hudson.model.AbstractBuild$AbstractBuildExecution.cleanUp(AbstractBuild.java:681) 
      at hudson.model.Build$BuildExecution.cleanUp(Build.java:200) 
      at hudson.model.Run.execute(Run.java:1775) 
      at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 
      at hudson.model.ResourceController.execute(ResourceController.java:98) 
      at hudson.model.Executor.run(Executor.java:404) 
      Notifying upstream projects of job completion 
      FATAL: Please login to access job <foldername> 
      org.acegisecurity.AccessDeniedException: Please login to access job upstream 
      at jenkins.model.Jenkins.getItem(Jenkins.java:2724) 
      at jenkins.model.Jenkins.getItem(Jenkins.java:324) 
      at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2830) 
      at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2849) 
      at jenkins.triggers.ReverseBuildTrigger.shouldTrigger(ReverseBuildTrigger.java:116) 
      at jenkins.triggers.ReverseBuildTrigger.access$000(ReverseBuildTrigger.java:89) 
      at jenkins.triggers.ReverseBuildTrigger$1.shouldTriggerBuild(ReverseBuildTrigger.java:146) 
      at hudson.tasks.BuildTrigger.execute(BuildTrigger.java:247) 
      at hudson.model.AbstractBuild$AbstractBuildExecution.cleanUp(AbstractBuild.java:681) 
      at hudson.model.Build$BuildExecution.cleanUp(Build.java:200) 
      at hudson.model.Run.execute(Run.java:1775) 
      at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 
      at hudson.model.ResourceController.execute(ResourceController.java:98) 
      at hudson.model.Executor.run(Executor.java:404)
      

      ReverseBuildTrigger.shouldTrigger should be impersonating SYSTEM.

      This seems to happen because the anonymous user has Overall/Read and Item/Discover permission. The workaround is to remove the Item/Discover permission for the anonymous user.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                allan_burdajewicz Allan BURDAJEWICZ
                Reporter:
                allan_burdajewicz Allan BURDAJEWICZ
              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: