Jenkins: Accessed denied after turning on global security. How to revert?

jenkins

Need help figuring this one out. How can I fix this issue? I think I enabled global security and saw this error immediately.

(while accessing localhost:8080 I get the following...)

A problem occurred while processing the request. Please check our bug tracker to see if a similar problem has already been reported. If it is already reported, please vote and put a comment on it to let us gauge the impact of the problem. If you think this is a new issue, please file a new issue. When you file an issue, make sure to add the entire stack trace, along with the version of Jenkins and relevant plugins. The users list might be also useful in understanding what has happened.

Stack trace
hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
    at hudson.security.ACL.checkPermission(ACL.java:54)
    at hudson.model.Node.checkPermission(Node.java:418)
    at jenkins.model.Jenkins.getTarget(Jenkins.java:3658)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:656)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
    at java.lang.Thread.run(Thread.java:695)

Solution 1:

edit the config.xml and replace the following two xml tags with the below version. Then restart your server.

  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  <securityRealm class="hudson.security.SecurityRealm$None"/>

Beware, your existing tags are probably spanning over several lines each.

Solution 2:

You are getting this error because you enabled the security but don't have any user with permissions. To solve this problem, first edit config.xml and set useSecurity to false

I assume that you want to use local authentication (a local db of users) rather than an external db (i.e., LDAP). Follow the steps below taken from Jenkins Documentation.

  1. Go to the Configure Global Security screen (http://server/jenkins/configureSecurity/) and choose "enable security". An alternate URL to try is http://server:8080/configureSecurity.
  2. Select "Jenkins's own user database" as the security realm
  3. Place a check mark next to "Allow users to sign up"
  4. Select "Matrix-based security" as the authorization
  5. Give anonymous user the read access
  6. In the text box below the table, type in your user name (you'd be creating this later) and click "add"
  7. Give yourself a full access by checking the entire row for your user name
  8. Scroll all the way to the bottom, click "save"

Tested with version 1.566.

I suggest to revert the changes suggested in the accepted answer as it is likely to affect the steps above.

Related

Networking Units: Not getting expected performance from 100Mb Ethernet
Downtimeless MySQL backups on a budget
How do I temporarily suspend mail delivery to a specific domain (non-local) with Postfix?
Is there a way to use the Autodiscover feature without Exchange?
How to set a static IP (client side) in OpenVPN?
Nginx rewrite on docker machine when host port != container port
"No space left on device", df shows discrepancy
What is the relation between NetworkManager and network service in Fedora/RHEL/Centos?
How to crack the 1 Gbit iSCSI limit between ESXi and VNXe
Setting up bridged LXC containers with static IPs
Can't backup the mysql table with mysqldump. SELECT,LOCK TABL command denied for 'cond_instances' [closed]
How to Monitor Bandwidth usage in real terms