Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48991

Artifactory plugin affected by JEP in 2.102

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Component/s: artifactory-plugin
    • Labels:
    • Environment:
      Jenkins Artifactory Plugin version: 2.14.0
      Suse Enterprise Linux 12
      Jenkins 2.102 (Windows Master - Linux Slave)
    • Similar Issues:

      Description

      Pipeline build is failing after deploying artifact to Artifactory.

      I have added JVM arg to both slave and masterĀ 
      -Dhudson.remoting.ClassFilter=org.jfrog.build.client.DeployDetails
      Error from log:

      java.lang.SecurityException: Rejected: org.jfrog.build.client.DeployDetails
      	at hudson.remoting.ClassFilter.check(ClassFilter.java:75)
      	at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
      	at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
      	at java.io.ObjectInputStream.readClassDesc(Unknown Source)
      	at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
      	at java.io.ObjectInputStream.readObject0(Unknown Source)
      	at java.io.ObjectInputStream.readObject(Unknown Source)
      	at java.util.ArrayList.readObject(Unknown Source)
      	at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      	at java.lang.reflect.Method.invoke(Unknown Source)
      	at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
      	at java.io.ObjectInputStream.readSerialData(Unknown Source)
      	at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
      	at java.io.ObjectInputStream.readObject0(Unknown Source)
      	at java.io.ObjectInputStream.readObject(Unknown Source)
      	at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
      	at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
      	at hudson.remoting.Channel.call(Channel.java:909)
      	at hudson.FilePath.act(FilePath.java:998)
      	at hudson.FilePath.act(FilePath.java:987)
      	at org.jfrog.hudson.pipeline.types.buildInfo.BuildInfo.appendDeployableArtifacts(BuildInfo.java:159)
      	at org.jfrog.hudson.pipeline.steps.ArtifactoryMavenBuild$Execution.run(ArtifactoryMavenBuild.java:112)
      	at org.jfrog.hudson.pipeline.steps.ArtifactoryMavenBuild$Execution.run(ArtifactoryMavenBuild.java:61)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      	at hudson.security.ACL.impersonate(ACL.java:274)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
      	at java.util.concurrent.FutureTask.run(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at java.lang.Thread.run(Unknown Source)
      

        Attachments

          Issue Links

            Activity

            Hide
            kgiloo kgiloo added a comment -

            for me, the options below do the workaround

            (as suggested in https://github.com/jenkinsci/artifactory-plugin/pull/30)

            JENKINS_JAVA_OPTIONS="-Dhudson.remoting.ClassFilter=org.jfrog.build.api.Artifact,org.jfrog.build.api.BaseBuildFileBean,org.jfrog.build.api.BaseBuildBean"
            Show
            kgiloo kgiloo added a comment - for me, the options below do the workaround (as suggested in https://github.com/jenkinsci/artifactory-plugin/pull/30 ) JENKINS_JAVA_OPTIONS="-Dhudson.remoting.ClassFilter=org.jfrog.build.api.Artifact,org.jfrog.build.api.BaseBuildFileBean,org.jfrog.build.api.BaseBuildBean"
            Hide
            ajitsurana Ajit Surana added a comment - - edited

            I ran the following command to start the slave node as I've only access to slave node (a Windows node):

            C:\Users\jenkins\Desktop\Artifactory>java -Dhudson.remoting.ClassFilter=org.jfrog.build.api.Artifact -jar agent.jar -jnlpUrl https://localjenkins.com/sds/computer/jenkinsw104/slave-agent.jnlp -secret f9404edf68730facd646cb20b86a310db4296a89b4a8b62ff74e0d3ea5a4ef0b
            

            It still gives the error:

            ERROR: Rejected: org.jfrog.build.api.Artifact
            java.lang.SecurityException: Rejected: org.jfrog.build.api.Artifact
            	at hudson.remoting.ClassFilter.check(ClassFilter.java:75)
            

            Did you add the JENKINS_JAVA_OPTIONS in /etc/sysconfig/jenkins in the Master node? Or in the slave node if having Jenkins master-slave configuration?

            Show
            ajitsurana Ajit Surana added a comment - - edited I ran the following command to start the slave node as I've only access to slave node (a Windows node): C:\Users\jenkins\Desktop\Artifactory>java -Dhudson.remoting.ClassFilter=org.jfrog.build.api.Artifact -jar agent.jar -jnlpUrl https://localjenkins.com/sds/computer/jenkinsw104/slave-agent.jnlp -secret f9404edf68730facd646cb20b86a310db4296a89b4a8b62ff74e0d3ea5a4ef0b It still gives the error: ERROR: Rejected: org.jfrog.build.api.Artifact java.lang.SecurityException: Rejected: org.jfrog.build.api.Artifact at hudson.remoting.ClassFilter.check(ClassFilter.java:75) Did you add the JENKINS_JAVA_OPTIONS in /etc/sysconfig/jenkins in the Master node? Or in the slave node if having Jenkins master-slave configuration?
            Hide
            kgiloo kgiloo added a comment -

            Ajit Surana startup on master

            Show
            kgiloo kgiloo added a comment - Ajit Surana startup on master
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Yes, options need to be added to the master-side only. Agents still use a blacklist instead of whitelist, no plans to change it soon.

            Show
            oleg_nenashev Oleg Nenashev added a comment - Yes, options need to be added to the master-side only. Agents still use a blacklist instead of whitelist, no plans to change it soon.
            Hide
            ajitsurana Ajit Surana added a comment -

            kgiloo, Oleg Nenashev: Thanks for your prompt response. I will modify the master as per the suggestion.

            Show
            ajitsurana Ajit Surana added a comment - kgiloo , Oleg Nenashev : Thanks for your prompt response. I will modify the master as per the suggestion.

              People

              • Assignee:
                oleg_nenashev Oleg Nenashev
                Reporter:
                ntones Nicholas Tones
              • Votes:
                3 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: