Is UnprotectedRootAction broken?
108 views
Skip to first unread message
Arvid Huss
Jun 6, 2017, 1:13:50 PM6/6/17
to Jenkins Developers
Hi,
I have a Jenkins master/3 slaves (2.64) and Sonarqube (6.2) setup behind a Nginx proxy.
My build projects are pipeline based and I am using Sonar Scanner plugin.
Since upgrading to Jenkins 2.62, 2.63 and 2.64 the use of the SonarQube webhook requires authorization despite the fact
that the plugin implements UnprotectedRootAction and should be allowed anonymous read access.
My setup worked fine with Jenkins 2.61!
Brg
Arvid
Jesse Glick
Jun 6, 2017, 1:19:31 PM6/6/17
to Jenkins Dev
On Tue, Jun 6, 2017 at 1:13 PM, Arvid Huss <arvid...@jayway.com> wrote:
> Since upgrading to Jenkins 2.62, 2.63 and 2.64 the use of the SonarQube
> webhook requires authorization despite the fact
> that the plugin implements UnprotectedRootAction and should be allowed
> anonymous read access.
I would suggest filing a bug report for the SonarQube plugin.
> Since upgrading to Jenkins 2.62, 2.63 and 2.64 the use of the SonarQube
> webhook requires authorization despite the fact
> that the plugin implements UnprotectedRootAction and should be allowed
> anonymous read access.
Arvid Huss
Jun 6, 2017, 1:27:35 PM6/6/17
to Jenkins Dev
Hi,
I have already been in contact with the plugin developer and he refered me to jenkins-dev mailing list.
Brg
Arvid
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/Vsa8f9r6mak/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr07Cr9i1uOjJsOuFEvj8RW6pkV3EETQO729xaaiM6Rx%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Jesse Glick
Jun 6, 2017, 3:56:33 PM6/6/17
to Jenkins Dev
On Tue, Jun 6, 2017 at 1:27 PM, Arvid Huss <arvid...@jayway.com> wrote:
> I have already been in contact with the plugin developer and he refered me
> to jenkins-dev mailing list.
Well they will need to do some more evaluation on their end.
> I have already been in contact with the plugin developer and he refered me
> to jenkins-dev mailing list.
Julien HENRY
Jun 7, 2017, 9:51:19 AM6/7/17
to Jenkins Developers
Hi guys,
I'm sorry if I missed something obvious, this is not my intention to pass the buck, but the documentation says:
There's a variant of this called UnprotectedRootAction that is made accessible even to anonymous users without the read access to Jenkins.
Also we are doing a very similar implementation than what the Jenkins GitHub plugin does. Finally I made a simple test (run Jenkins 2.64, enable security, disable anonymous read) and everything looks fine.
So if on Jenkins side you confirm there is no regression, my last guess for this 403 error would be that there is an issue on your side Arvid. Maybe you could try to temporarily enable anonymous read to see if that bring back access to the <jenkins>/sonarqube-webhook/ URL. Also you can try to access your Jenkins server without using the proxy (just to eliminate it from the equation).
++
Julien
Arvid Huss
Jun 7, 2017, 12:49:19 PM6/7/17
to Jenkins Developers
Hi,
Sorry for the disturbance. It was entirely my fault, the webhook stoped working due to me misspelling the webhook URL.
Sorry for any inconvenience.
Arvid
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/Vsa8f9r6mak/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/f4aec9f4-4f08-41b5-8bfe-9d124b6d944a%40googlegroups.com.
Oleg Nenashev
Jun 8, 2017, 4:42:10 AM6/8/17
to Jenkins Developers
No problem, it happens.
You may want to create a Jenkins ATH test to be sure that Jenkins changes do not break your plugin logic.
BR, Oleg
среда, 7 июня 2017 г., 18:49:19 UTC+2 пользователь Arvid Huss написал:
You may want to create a Jenkins ATH test to be sure that Jenkins changes do not break your plugin logic.
BR, Oleg
среда, 7 июня 2017 г., 18:49:19 UTC+2 пользователь Arvid Huss написал:
Arvid Huss
Jun 8, 2017, 5:22:09 AM6/8/17
to Jenkins Developers
Hi Oleg,
The plugin developer/s are not to blame :) They surely do have the appropriate tests.
Its just me, the thick user, jumping to conclusions.
Brg
Arvid
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/d61d56cf-7f20-4fca-9a46-34ac53e67742%40googlegroups.com.
Julien HENRY
Jun 8, 2017, 5:57:38 AM6/8/17
to jenkin...@googlegroups.com
Hi Oleg,
We do have non regression tests, using Webdriver. They were developed few years ago, so we are not using Jenkins ATH, but that sound interesting to consider moving to it, just to share the effort.
We even have a ticket for that in our backlog ;)
++
Julien
To unsubscribe from this group and all its topics, send an email to jenkinsci-dev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/d61d56cf-7f20-4fca-9a46-34ac53e67742%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages