Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-4478

Move TCP port out from under security

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: core
    • Labels:
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      I already have apache and other security measure in place to secure hudson, but
      need the TCP port for JNLP slave agent to be fixed for firewall issues.
      I found the setting under security for this and if set manually in the
      config.xml file it work with security not enabled, but if you make changes on
      the configuration page it removes it if security is not enabled.

      My suggestions would be
      A. to move this setting to its own section to include any other JNLP settings.
      B. Persist this setting regardless of the security setting if its already set.

      Thanks

        Attachments

          Issue Links

            Activity

            Hide
            jk Jan Klass added a comment -

            First of all, the port being under security was a bit unexpected on our end.

            Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!?

            On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour.

            This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?

            Show
            jk Jan Klass added a comment - First of all, the port being under security was a bit unexpected on our end. Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!? On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour. This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?
            Hide
            jk Jan Klass added a comment - - edited

            It would also be helpful, if the node configuration setting for JNLP port (tunneling) would be a bit more elaborative about the server JNLP port, and where it is configured.

            In our case, even when changing the JNLP port, it was not necessary to configure anything there (as jenkins sends it to the slave on initial connection by the slave).

            Show
            jk Jan Klass added a comment - - edited It would also be helpful, if the node configuration setting for JNLP port (tunneling) would be a bit more elaborative about the server JNLP port, and where it is configured. In our case, even when changing the JNLP port, it was not necessary to configure anything there (as jenkins sends it to the slave on initial connection by the slave).
            Hide
            ks_nenasheva Kseniia Nenasheva added a comment -
            Show
            ks_nenasheva Kseniia Nenasheva added a comment - Pull request:  https://github.com/jenkinsci/jenkins/pull/2900
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
            core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
            core/src/main/resources/hudson/security/csrf/GlobalCrumbIssuerConfiguration/config.groovy
            http://jenkins-ci.org/commit/jenkins/2228b3936e3fdf6130d65324ac7278cad84edb95
            Log:
            Merge pull request #2900 from ksenia-nenasheva/JENKINS-4478

            JENKINS-4478 - Move TCP port out from under security

            Compare: https://github.com/jenkinsci/jenkins/compare/a76a267f2f01...2228b3936e3f

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/security/GlobalSecurityConfiguration.java core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy core/src/main/resources/hudson/security/csrf/GlobalCrumbIssuerConfiguration/config.groovy http://jenkins-ci.org/commit/jenkins/2228b3936e3fdf6130d65324ac7278cad84edb95 Log: Merge pull request #2900 from ksenia-nenasheva/ JENKINS-4478 JENKINS-4478 - Move TCP port out from under security Compare: https://github.com/jenkinsci/jenkins/compare/a76a267f2f01...2228b3936e3f
            Hide
            danielbeck Daniel Beck added a comment -

            Fixed towards 2.64.

            Show
            danielbeck Daniel Beck added a comment - Fixed towards 2.64.

              People

              • Assignee:
                ks_nenasheva Kseniia Nenasheva
                Reporter:
                rcalosso rcalosso
              • Votes:
                4 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: