Resource Root Problem Post Upgrade

143 views
Skip to first unread message

Matt Wilson

unread,
Nov 1, 2021, 3:11:50 PM11/1/21
to Jenkins Users
I just upgraded to LTS 2.303.2 from 2.289.3.
Post upgrade I'm having problems with my system.  I can no longer download artifacts from my server.  When I try, I get a 404 error "Message Jenkins serves only static files on this domain.".  Interestingly enough, using the download zip feature works fine.

I've been using a Resource Root URL for some time now with no issues.
I noticed on my main configuration screen I'm seeing an error under my URL entry
A problem occurred while processing the request.

Logging ID=5d0d5334-dddd-4ac8-a484-7deef5d062fa

I tried removing my Resource root url, and my download issues went away.  this of course causes a lot of issues with other features that rely on the resource root url to be displayed properly.

Anyone run into anything like this recently?



Daniel Beck

unread,
Nov 1, 2021, 8:44:23 PM11/1/21
to jenkins...@googlegroups.com


On Mon, Nov 1, 2021 at 8:11 PM Matt Wilson <mwil...@gmail.com> wrote:

Logging ID=5d0d5334-dddd-4ac8-a484-7deef5d062fa


Check the Jenkins system log for the corresponding error message. 

Matt Wilson

unread,
Nov 1, 2021, 9:27:52 PM11/1/21
to Jenkins Users
yeah, its a doozy of a stack trace

01-Nov-2021 14:08:40.829 WARNING [Handling POST /descriptorByName/jenkins.security.ResourceDomainConfiguration/checkUrl from xx.x.xx.xxx : https-jsse-nio-9443-exec-22] hudson.init.impl.InstallUncaughtExceptionHandler.handleException Caught unhandled exception with ID 5d0d5334-dddd-4ac8-a484-7deef5d062fa
 javax.servlet.ServletException: java.lang.NullPointerException
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:816)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
        at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
        at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:156)
        at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153)
        at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:80)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153)
        at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153)
        at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153)
        at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153)
        at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:64)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153)
        at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:159)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:92)
        at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:53)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121)
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
        at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:92)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
        at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
        at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109)
        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:35)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:611)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:412)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1385)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
        at jenkins.security.ResourceDomainConfiguration.checkUrl(ResourceDomainConfiguration.java:174)
        at jenkins.security.ResourceDomainConfiguration.doCheckUrl(ResourceDomainConfiguration.java:88)
        at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
        at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:393)
        at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:405)
        at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:208)
        at org.kohsuke.stapler.SelectionInterceptedFunction$Adapter.invoke(SelectionInterceptedFunction.java:36)
        at org.kohsuke.stapler.verb.HttpVerbInterceptor.invoke(HttpVerbInterceptor.java:48)
        at org.kohsuke.stapler.SelectionInterceptedFunction.bindAndInvoke(SelectionInterceptedFunction.java:26)
        at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:141)
        at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
        ... 87 more

nothing really jumps out at me...

Daniel Beck

unread,
Nov 2, 2021, 3:43:53 AM11/2/21
to jenkins...@googlegroups.com
On Tue, Nov 2, 2021 at 2:27 AM Matt Wilson <mwil...@gmail.com> wrote:

Caused by: java.lang.NullPointerException
        at jenkins.security.ResourceDomainConfiguration.checkUrl(ResourceDomainConfiguration.java:174)
        at jenkins.security.ResourceDomainConfiguration.doCheckUrl(ResourceDomainConfiguration.java:88)

The URL responds with a 404 error message and has no response message (of course error handling should be better). Would look at reverse proxy or a nondefault web container as the likely culprit (I just checked ci.jenkins.io to be sure it's not a general problem, and its resource root URL works as expected).

Another option might be problems with the instance-identity module I use to determine URL correctness, but then the actual URLs should work, and only form validation be broken.

Matt Wilson

unread,
Nov 2, 2021, 11:03:32 AM11/2/21
to Jenkins Users
thanks.  Whats odd is that based on job log output this seemed to have been working for a few days, then "broke".  Right now I'm playing on scheduling a service restart.  Maybe I'll get lucky and its just a one off... I guy can dream.

Matt Wilson

unread,
Nov 3, 2021, 11:03:35 AM11/3/21
to Jenkins Users
I managed to get a service restart last night.  I just reapplied my resource root url setting.
mystery continues at this point.  After reapplying my settings, I can download artifacts with no problem.  The logs are clean with respect to these downloads, nothing out of the ordinary.

when I reload my config page though I see an error below my resource url just as before (see attached).  The stack trace is the same as before.
I'm going to wait it out right now, but I'm expecting this will stop working at somepoint over the next day or so.  I have no idea if this "error" message was present before the upgrade to this version.

resource_root.png

Matt Wilson

unread,
Nov 5, 2021, 10:39:14 AM11/5/21
to Jenkins Users
And here I am pretty much in the exact same time frame as the original case (2-3 days in) and I'm seeing the same issue again.  I can't download artifacts unless I remove my resource root url setting.

this the type of error I see in my logs.  the first is my actual first rejection...

Nov 05, 2021 8:49:15 AM FINE jenkins.security.ResourceDomainFilter doFilter Rejecting request to https://<root_resource_url>/login from xxx.xxx.xxxx.xxx on resource domain
Nov 05, 2021 9:03:58 AM FINE jenkins.security.ResourceDomainFilter doFilter Rejecting request to https:// <root_resource_url>  /login from xxx.xxx.xxxx.xxx   on resource domain  
Nov 05, 2021 09:04:17 AM FINE jenkins.security.ResourceDomainFilter doFilter Rejecting request to https://<root_resource_url>/instance-identity/ from xxx.xxx.xxxx.xxx on resource domain

I've combed through my logs around 8:49am time to see if there is any record of another event at that time.  Nothing really jumps out as being a problem.
I'm at a total loss right now.  No clue what is causing this issue.

Reply all
Reply to author
Forward
0 new messages