Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-9774

Enabling "Project Matrix Authorization Strategy" without checking any permissions causes config.xml parsing to fail

    Details

    • Similar Issues:

      Description

      The config.xml:
      <?xml version='1.0' encoding='UTF-8'?>
      <hudson>
      <version>1.413</version>
      <numExecutors>2</numExecutors>
      <mode>NORMAL</mode>
      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy" /> <!-- This is the offending line. -->
      <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
      <disableSignup>false</disableSignup>
      </securityRealm>
      <markupFormatter class="hudson.markup.RawHtmlMarkupFormatter"/>
      [...snip...]

      The backtrace on startup:
      org.jvnet.hudson.reactor.ReactorException: hudson.util.IOException2: Unable to read /var/lib/jenkins/config.xml
      at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:246)
      at hudson.model.Hudson.executeReactor(Hudson.java:753)
      at hudson.model.Hudson.<init>(Hudson.java:667)
      at hudson.model.Hudson.<init>(Hudson.java:607)
      at hudson.WebAppMain$2.run(WebAppMain.java:215)
      Caused by: hudson.util.IOException2: Unable to read /var/lib/jenkins/config.xml
      at hudson.XmlFile.unmarshal(XmlFile.java:152)
      at hudson.model.Hudson$12.run(Hudson.java:2340)
      at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:146)
      at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:259)
      at hudson.model.Hudson$4.runTask(Hudson.java:735)
      at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:187)
      at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:94)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      at java.lang.Thread.run(Thread.java:636)
      Caused by: com.thoughtworks.xstream.converters.ConversionException: only START_TAG can have attributes END_TAG seen ...tegy class="hudson.security.ProjectMatrixAuthorizationStrategy" />... @7:87 : only START_TAG can have attributes END_TAG seen ...tegy class="hudson.security.ProjectMatrixAuthorizationStrategy" />... @7:87
      ---- Debugging information ----
      message : only START_TAG can have attributes END_TAG seen ...tegy class="hudson.security.ProjectMatrixAuthorizationStrategy" />... @7:87
      cause-exception : java.lang.IndexOutOfBoundsException
      cause-message : only START_TAG can have attributes END_TAG seen ...tegy class="hudson.security.ProjectMatrixAuthorizationStrategy" />... @7:87
      class : hudson.model.Hudson
      required-type : hudson.security.ProjectMatrixAuthorizationStrategy
      path : /hudson/authorizationStrategy
      line number : 7
      -------------------------------
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:89)
      at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:63)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:76)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:60)
      at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:290)
      at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:233)
      at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:180)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:82)
      at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:63)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:76)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:60)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:137)
      at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:33)
      at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:926)
      at hudson.util.XStream2.unmarshal(XStream2.java:80)
      at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:912)
      at hudson.XmlFile.unmarshal(XmlFile.java:148)
      ... 9 more
      Caused by: java.lang.IndexOutOfBoundsException: only START_TAG can have attributes END_TAG seen ...tegy class="hudson.security.ProjectMatrixAuthorizationStrategy" />... @7:87
      at org.xmlpull.mxp1.MXParser.getAttributeValue(MXParser.java:927)
      at com.thoughtworks.xstream.io.xml.XppReader.getAttribute(XppReader.java:93)
      at com.thoughtworks.xstream.io.ReaderWrapper.getAttribute(ReaderWrapper.java:56)
      at hudson.util.RobustReflectionConverter.instantiateNewInstance(RobustReflectionConverter.java:324)
      at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:179)
      at hudson.security.ProjectMatrixAuthorizationStrategy$ConverterImpl.unmarshal(ProjectMatrixAuthorizationStrategy.java:119)
      at hudson.util.XStream2$AssociatedConverterImpl.unmarshal(XStream2.java:224)
      at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:82)
      ... 25 more

        Attachments

          Issue Links

            Activity

            Hide
            raghavt Raghavendra Tallam added a comment -

            I faced the same issue. I tried to Update the Plugin along with Some other Plugins uninstalls.

            So, I Deleted the DISABLED files in Plugins Folder and Restarted my Jenkins Instance.

            Jenkins Loaded like a Charm..

            Show
            raghavt Raghavendra Tallam added a comment - I faced the same issue. I tried to Update the Plugin along with Some other Plugins uninstalls. So, I Deleted the DISABLED files in Plugins Folder and Restarted my Jenkins Instance. Jenkins Loaded like a Charm..
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Raul Arabaolaza
            Path:
            src/test/java/com/cloudbees/hudson/plugins/folder/FolderTest.java
            http://jenkins-ci.org/commit/cloudbees-folder-plugin/c17a394bf4afeea0bf05bc033c305d93db6c5ead
            Log:
            JENKINS-45501 Fixes for JENKINS-9774 and JENKINS-41370

            • Now `hudson.security.ProjectMatrixAuthorizationStrategy` can be deserialized
            • Bypassing the GUI on `copyJob` and issuing the proper Http request directly
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Raul Arabaolaza Path: src/test/java/com/cloudbees/hudson/plugins/folder/FolderTest.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/c17a394bf4afeea0bf05bc033c305d93db6c5ead Log: JENKINS-45501 Fixes for JENKINS-9774 and JENKINS-41370 Now `hudson.security.ProjectMatrixAuthorizationStrategy` can be deserialized Bypassing the GUI on `copyJob` and issuing the proper Http request directly
            Hide
            danielbeck Daniel Beck added a comment -

            https://github.com/jenkinsci/matrix-auth-plugin/pull/25 ensures empty project-based configurations can be loaded in case this is actually desired.

            https://github.com/jenkinsci/matrix-auth-plugin/pull/24 ensures no accidental 'empty' configuration can be submitted, which seems to be the major issue to me.

            Show
            danielbeck Daniel Beck added a comment - https://github.com/jenkinsci/matrix-auth-plugin/pull/25 ensures empty project-based configurations can be loaded in case this is actually desired. https://github.com/jenkinsci/matrix-auth-plugin/pull/24 ensures no accidental 'empty' configuration can be submitted, which seems to be the major issue to me.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java
            src/test/java/hudson/security/ProjectMatrixAuthorizationStrategyTest.java
            src/test/resources/hudson/security/ProjectMatrixAuthorizationStrategyTest/loadEmptyAuthorizationStrategy/config.xml
            src/test/resources/hudson/security/ProjectMatrixAuthorizationStrategyTest/loadFilledAuthorizationStrategy/config.xml
            http://jenkins-ci.org/commit/matrix-auth-plugin/9463c2142a1f3c558a19a51017480d16ba205bf4
            Log:
            Merge pull request #25 from daniel-beck/unmarshal-robustness

            JENKINS-9774 Drop support for pre-2009 serialized format that resulted in errors

            Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/b53384b02589...9463c2142a1f

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: src/main/java/hudson/security/ProjectMatrixAuthorizationStrategy.java src/test/java/hudson/security/ProjectMatrixAuthorizationStrategyTest.java src/test/resources/hudson/security/ProjectMatrixAuthorizationStrategyTest/loadEmptyAuthorizationStrategy/config.xml src/test/resources/hudson/security/ProjectMatrixAuthorizationStrategyTest/loadFilledAuthorizationStrategy/config.xml http://jenkins-ci.org/commit/matrix-auth-plugin/9463c2142a1f3c558a19a51017480d16ba205bf4 Log: Merge pull request #25 from daniel-beck/unmarshal-robustness JENKINS-9774 Drop support for pre-2009 serialized format that resulted in errors Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/b53384b02589...9463c2142a1f
            Hide
            danielbeck Daniel Beck added a comment -

            Resolved towards matrix-auth 1.8.

            Show
            danielbeck Daniel Beck added a comment - Resolved towards matrix-auth 1.8.

              People

              • Assignee:
                danielbeck Daniel Beck
                Reporter:
                davidstrauss davidstrauss
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: