JNLP slave fails to connect if Anonymous has not permission READ
136 views
Skip to first unread message
Vach, Matthias
Sep 22, 2011, 7:41:03 AM9/22/11
to jenkins...@googlegroups.com
Hi all,
I do face a problem with JNLP based windows slaves in combination with restricted permissions of Anonymous.
If user Anonymous doesn't has READ permission granted, the JNLP slave (converted to a windows service) fails to connect to the master.
The jenkins-slave.xml contains
------------------------------------------------------------------------------------
<arguments>-Xrs -jar "%BASE%\slave.jar" -jnlpUrl
https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp -jnlpCredentials abcd:efgh -auth abcd:efgh</arguments>
------------------------------------------------------------------------------------
The tomcat-users.xml contains
------------------------------------------------------------------------------------
<tomcat-users>
<role rolename="admin"/>
<role rolename="manager"/>
<user username="abcd" password="efgh" roles="admin,manager"/>
</tomcat-users>
------------------------------------------------------------------------------------
The jenkins-slave.err.log contains
------------------------------------------------------------------------------------
Failing to obtain
https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp
java.io.IOException: Failed to load
https://xxx:8443/hudson/computer/xxx/slave-agent.jnlp: 500 Internal Server Error
at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:228)
at hudson.remoting.Launcher.run(Launcher.java:190)
at hudson.remoting.Launcher.main(Launcher.java:166)
Waiting 10 seconds before retry
------------------------------------------------------------------------------------
The tomcat's localhost.2011-xx-xx.log contains
------------------------------------------------------------------------------------
SEVERE: Servlet.service() for servlet Stapler threw exception
hudson.security.AccessDeniedException2: anonymous is missing the Read permission
at hudson.security.ACL.checkPermission(ACL.java:53)
at hudson.model.Node.checkPermission(Node.java:363)
at hudson.model.Hudson.getTarget(Hudson.java:3538)
...
------------------------------------------------------------------------------------
The setup is as follows:
------------------------------------------------------------------------------------
OS: Windows 7
Tomcat: 6.0.33
Jenkins: 1.4.10 (also not working with 1.4.31)
JDK: 1.6.27
Security Realm: Matrix based Security is enabled
Authorization: Delegate to servlet container
permissions of user abcd: Overall Read, Overall Administer
permissions of user Anonymous: none
------------------------------------------------------------------------------------
Regards Matthias
Reply all
Reply to author
Forward
0 new messages