Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48896

anonymous read of cc.xml file works only for root (ldap)

    Details

    • Similar Issues:

      Description

      This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.

      It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

      This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

      Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

        Attachments

          Issue Links

            Activity

            Hide
            ssbarnea Sorin Sbarnea added a comment -

            Sorry for raising this. It seems that the issue is 100% unrelated to cc.xml. It seems to be something related to Anonymous configuration on one of the servers which caused this. I wasn't able to spot exactly which config item caused it but I do have a saved config.xml with the issue inside.

            I will analyse it and reopen the bug only if looks like a product bug and not a configuration mistake. Visual inspection of the two involved config screens did not bring any issues.

            Update: Strange, even after copying the entire authentication settings from the working master to the broken one, I am able to replicate the bug. 

            I am starting to believe that this issue is caused by some kind of regression on 2.89.3 because same config on 2.60.3 works well.

             

             

            Show
            ssbarnea Sorin Sbarnea added a comment - Sorry for raising this. It seems that the issue is 100% unrelated to cc.xml. It seems to be something related to Anonymous configuration on one of the servers which caused this. I wasn't able to spot exactly which config item caused it but I do have a saved config.xml with the issue inside. I will analyse it and reopen the bug only if looks like a product bug and not a configuration mistake. Visual inspection of the two involved config screens did not bring any issues. Update: Strange, even after copying the entire authentication settings from the working master to the broken one, I am able to replicate the bug.  I am starting to believe that this issue is caused by some kind of regression on  2.89.3  because same config on 2.60.3 works well.    
            Hide
            danielbeck Daniel Beck added a comment -

            It is not clear to me what this is even referring to. The option mentioned, AFAICT, is specific to github-oauth plugin. So it'd be a bug if any cc.xml were accessible without Overall/Read permission.

            Show
            danielbeck Daniel Beck added a comment - It is not clear to me what this is even referring to. The option mentioned, AFAICT, is specific to github-oauth plugin. So it'd be a bug if any cc.xml were accessible without Overall/Read permission.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            CC Daniel Beck and Devin Nusbaum who were working on this area recently

            Show
            oleg_nenashev Oleg Nenashev added a comment - CC Daniel Beck and Devin Nusbaum who were working on this area recently

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                ssbarnea Sorin Sbarnea
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: