-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
Debian 5.0.6 / 1.132 / tomcat 5.5.26-5
Hi,
I'm using servlet container authentication with matrix based security. Three roles are defined: hudson-admin, hudson-dev and anonymous. hudson-admins have full access but hudson-devs can only trigger builds.
Everything is fine with hudson-admins. My issue is that I get a 403 when I try to authenticate with an hudson-dev (on https://hudson/loginEntry?from=/ ). But if I go to https://hudson/ then I'm successfully connected. It seems that something is wrong with access rights to /loginEntry.
Tomcat configuration:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="admin"/>
<role rolename="hudson-dev"/>
<role rolename="hudson-admin"/>
<user username="dev1" password="pass" roles="hudson-dev"/>
<user username="hudson-admin" password="pass" roles="hudson-admin"/>
</tomcat-users>
Hudson security configuration:
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy">
<permission>hudson.model.Computer.Configure:hudson-admin</permission>
<permission>hudson.model.Computer.Delete:hudson-admin</permission>
<permission>hudson.model.Hudson.Administer:hudson-admin</permission>
<permission>hudson.model.Hudson.Read:anonymous</permission>
<permission>hudson.model.Hudson.Read:hudson-admin</permission>
<permission>hudson.model.Hudson.Read:hudson-dev</permission>
<permission>hudson.model.Item.Build:hudson-admin</permission>
<permission>hudson.model.Item.Build:hudson-dev</permission>
<permission>hudson.model.Item.Configure:hudson-admin</permission>
<permission>hudson.model.Item.Create:hudson-admin</permission>
<permission>hudson.model.Item.Delete:hudson-admin</permission>
<permission>hudson.model.Item.Read:anonymous</permission>
<permission>hudson.model.Item.Read:hudson-admin</permission>
<permission>hudson.model.Item.Read:hudson-dev</permission>
<permission>hudson.model.Item.Workspace:hudson-admin</permission>
<permission>hudson.model.Item.Workspace:hudson-dev</permission>
<permission>hudson.model.Run.Delete:hudson-admin</permission>
<permission>hudson.model.Run.Update:hudson-admin</permission>
<permission>hudson.model.View.Configure:hudson-admin</permission>
<permission>hudson.model.View.Configure:hudson-dev</permission>
<permission>hudson.model.View.Create:hudson-admin</permission>
<permission>hudson.model.View.Create:hudson-dev</permission>
<permission>hudson.model.View.Delete:hudson-admin</permission>
</authorizationStrategy>
- duplicates
-
JENKINS-4728 403 on login using container security
- Open