Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48896

anonymous read of cc.xml file works only for root (ldap)

    Details

    • Similar Issues:

      Description

      This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.

      It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

      This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

      Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

        Attachments

          Issue Links

            Activity

            ssbarnea Sorin Sbarnea created issue -
            ssbarnea Sorin Sbarnea made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-2885 [ JENKINS-2885 ]
            ssbarnea Sorin Sbarnea made changes -
            Remote Link This issue links to "pull-52 (Web Link)" [ 19762 ]
            ssbarnea Sorin Sbarnea made changes -
            Component/s ldap-plugin [ 17122 ]
            Component/s github-oauth-plugin [ 15900 ]
            ssbarnea Sorin Sbarnea made changes -
            Description It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

            This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

            Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

            Ideally the github integration plugin should expose github login as basic auth, so we can use it from other applications too. Still, this would be subject to a different bug report.
            This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.

            It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

            This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

            Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.
            ssbarnea Sorin Sbarnea made changes -
            Assignee Sam Gleske [ sag47 ] Kohsuke Kawaguchi [ kohsuke ]
            oleg_nenashev Oleg Nenashev made changes -
            Component/s cctray-xml-plugin [ 21967 ]
            oleg_nenashev Oleg Nenashev made changes -
            Component/s core [ 15593 ]
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            CC Daniel Beck and Devin Nusbaum who were working on this area recently

            Show
            oleg_nenashev Oleg Nenashev added a comment - CC Daniel Beck and Devin Nusbaum who were working on this area recently
            Hide
            danielbeck Daniel Beck added a comment -

            It is not clear to me what this is even referring to. The option mentioned, AFAICT, is specific to github-oauth plugin. So it'd be a bug if any cc.xml were accessible without Overall/Read permission.

            Show
            danielbeck Daniel Beck added a comment - It is not clear to me what this is even referring to. The option mentioned, AFAICT, is specific to github-oauth plugin. So it'd be a bug if any cc.xml were accessible without Overall/Read permission.
            Hide
            ssbarnea Sorin Sbarnea added a comment -

            Sorry for raising this. It seems that the issue is 100% unrelated to cc.xml. It seems to be something related to Anonymous configuration on one of the servers which caused this. I wasn't able to spot exactly which config item caused it but I do have a saved config.xml with the issue inside.

            I will analyse it and reopen the bug only if looks like a product bug and not a configuration mistake. Visual inspection of the two involved config screens did not bring any issues.

            Update: Strange, even after copying the entire authentication settings from the working master to the broken one, I am able to replicate the bug. 

            I am starting to believe that this issue is caused by some kind of regression on 2.89.3 because same config on 2.60.3 works well.

             

             

            Show
            ssbarnea Sorin Sbarnea added a comment - Sorry for raising this. It seems that the issue is 100% unrelated to cc.xml. It seems to be something related to Anonymous configuration on one of the servers which caused this. I wasn't able to spot exactly which config item caused it but I do have a saved config.xml with the issue inside. I will analyse it and reopen the bug only if looks like a product bug and not a configuration mistake. Visual inspection of the two involved config screens did not bring any issues. Update: Strange, even after copying the entire authentication settings from the working master to the broken one, I am able to replicate the bug.  I am starting to believe that this issue is caused by some kind of regression on  2.89.3  because same config on 2.60.3 works well.    
            ssbarnea Sorin Sbarnea made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Cannot Reproduce [ 5 ]

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                ssbarnea Sorin Sbarnea
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: