hudson.security.AccessDeniedException2: anonymous is missing the Administer permission

Jenkins JIRA | Jason Mechler | 5 years ago
  1. 0

    I am using Unix user/group database for Security Realm and the SSH public key security for CLI added in version 1.419. This works great in 1.419 and 1.420, but is broken in 1.421 and 1.425 (and presumably versions in between... I discovered it didn't work in 1.425, which is currently the latest, and then went up from 1.419 until it broke). I am guessing it has to do with one of these changes in 1.421 - PAM authentication wasn't working with Ubuntu 11.04 (issue 9486) - PAM authentication now works with CLI login mechanism. (issue 9681) - Generalized the mechanism to control scopes of security permissions I can insert a typo in my public key config to force an error with the authentication, in which case I will get an error saying the public key didn't work. However, when everything is setup correctly, and I receive no errors regarding the ssh keys, I always get the following stack trace about the anonymous user when trying to use the CLI. This occurs for any CLI command that requires Administer permission. Read-only commands like version do work. myhost:$ java -jar /opt/auto/jenkins/bin/jenkins-cli.jar -s http://myhost:9080 groovy /opt/auto/jenkins/bin/failedjobs.gsh hudson.security.AccessDeniedException2: anonymous is missing the Administer permission at hudson.security.ACL.checkPermission(ACL.java:53) at hudson.model.Node.checkPermission(Node.java:381) at hudson.cli.GroovyCommand.run(GroovyCommand.java:73) at hudson.cli.CLICommand.main(CLICommand.java:184) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:287) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) at java.util.concurrent.FutureTask.run(FutureTask.java:123) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) at java.lang.Thread.run(Thread.java:595)

    Jenkins JIRA | 5 years ago | Jason Mechler
    hudson.security.AccessDeniedException2: anonymous is missing the Administer permission
  2. 0

    I am using Unix user/group database for Security Realm and the SSH public key security for CLI added in version 1.419. This works great in 1.419 and 1.420, but is broken in 1.421 and 1.425 (and presumably versions in between... I discovered it didn't work in 1.425, which is currently the latest, and then went up from 1.419 until it broke). I am guessing it has to do with one of these changes in 1.421 - PAM authentication wasn't working with Ubuntu 11.04 (issue 9486) - PAM authentication now works with CLI login mechanism. (issue 9681) - Generalized the mechanism to control scopes of security permissions I can insert a typo in my public key config to force an error with the authentication, in which case I will get an error saying the public key didn't work. However, when everything is setup correctly, and I receive no errors regarding the ssh keys, I always get the following stack trace about the anonymous user when trying to use the CLI. This occurs for any CLI command that requires Administer permission. Read-only commands like version do work. myhost:$ java -jar /opt/auto/jenkins/bin/jenkins-cli.jar -s http://myhost:9080 groovy /opt/auto/jenkins/bin/failedjobs.gsh hudson.security.AccessDeniedException2: anonymous is missing the Administer permission at hudson.security.ACL.checkPermission(ACL.java:53) at hudson.model.Node.checkPermission(Node.java:381) at hudson.cli.GroovyCommand.run(GroovyCommand.java:73) at hudson.cli.CLICommand.main(CLICommand.java:184) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:287) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) at java.util.concurrent.FutureTask.run(FutureTask.java:123) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) at java.lang.Thread.run(Thread.java:595)

    Jenkins JIRA | 5 years ago | Jason Mechler
    hudson.security.AccessDeniedException2: anonymous is missing the Administer permission
  3. 0

    I am using Unix user/group database for Security Realm and the SSH public key security for CLI added in version 1.419. This works great in 1.419 and 1.420, but is broken in 1.421 and 1.425 (and presumably versions in between... I discovered it didn't work in 1.425, which is currently the latest, and then went up from 1.419 until it broke). I am guessing it has to do with one of these changes in 1.421 - PAM authentication wasn't working with Ubuntu 11.04 (issue 9486) - PAM authentication now works with CLI login mechanism. (issue 9681) - Generalized the mechanism to control scopes of security permissions I can insert a typo in my public key config to force an error with the authentication, in which case I will get an error saying the public key didn't work. However, when everything is setup correctly, and I receive no errors regarding the ssh keys, I always get the following stack trace about the anonymous user when trying to use the CLI. This occurs for any CLI command that requires Administer permission. Read-only commands like version do work. myhost:$ java -jar /opt/auto/jenkins/bin/jenkins-cli.jar -s http://myhost:9080 groovy /opt/auto/jenkins/bin/failedjobs.gsh hudson.security.AccessDeniedException2: anonymous is missing the Administer permission at hudson.security.ACL.checkPermission(ACL.java:53) at hudson.model.Node.checkPermission(Node.java:381) at hudson.cli.GroovyCommand.run(GroovyCommand.java:73) at hudson.cli.CLICommand.main(CLICommand.java:184) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:287) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) at java.util.concurrent.FutureTask.run(FutureTask.java:123) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) at java.lang.Thread.run(Thread.java:595)

    Jenkins JIRA | 5 years ago | Jason Mechler
    hudson.security.AccessDeniedException2: anonymous is missing the Administer permission
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    I am using Unix user/group database for Security Realm and the SSH public key security for CLI added in version 1.419. This works great in 1.419 and 1.420, but is broken in 1.421 and 1.425 (and presumably versions in between... I discovered it didn't work in 1.425, which is currently the latest, and then went up from 1.419 until it broke). I am guessing it has to do with one of these changes in 1.421 - PAM authentication wasn't working with Ubuntu 11.04 (issue 9486) - PAM authentication now works with CLI login mechanism. (issue 9681) - Generalized the mechanism to control scopes of security permissions I can insert a typo in my public key config to force an error with the authentication, in which case I will get an error saying the public key didn't work. However, when everything is setup correctly, and I receive no errors regarding the ssh keys, I always get the following stack trace about the anonymous user when trying to use the CLI. This occurs for any CLI command that requires Administer permission. Read-only commands like version do work. myhost:$ java -jar /opt/auto/jenkins/bin/jenkins-cli.jar -s http://myhost:9080 groovy /opt/auto/jenkins/bin/failedjobs.gsh hudson.security.AccessDeniedException2: anonymous is missing the Administer permission at hudson.security.ACL.checkPermission(ACL.java:53) at hudson.model.Node.checkPermission(Node.java:381) at hudson.cli.GroovyCommand.run(GroovyCommand.java:73) at hudson.cli.CLICommand.main(CLICommand.java:184) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:287) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) at java.util.concurrent.FutureTask.run(FutureTask.java:123) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) at java.lang.Thread.run(Thread.java:595)

    Jenkins JIRA | 5 years ago | Jason Mechler
    hudson.security.AccessDeniedException2: anonymous is missing the Administer permission
  6. 0

    I am using Unix user/group database for Security Realm and the SSH public key security for CLI added in version 1.419. This works great in 1.419 and 1.420, but is broken in 1.421 and 1.425 (and presumably versions in between... I discovered it didn't work in 1.425, which is currently the latest, and then went up from 1.419 until it broke). I am guessing it has to do with one of these changes in 1.421 - PAM authentication wasn't working with Ubuntu 11.04 (issue 9486) - PAM authentication now works with CLI login mechanism. (issue 9681) - Generalized the mechanism to control scopes of security permissions I can insert a typo in my public key config to force an error with the authentication, in which case I will get an error saying the public key didn't work. However, when everything is setup correctly, and I receive no errors regarding the ssh keys, I always get the following stack trace about the anonymous user when trying to use the CLI. This occurs for any CLI command that requires Administer permission. Read-only commands like version do work. myhost:$ java -jar /opt/auto/jenkins/bin/jenkins-cli.jar -s http://myhost:9080 groovy /opt/auto/jenkins/bin/failedjobs.gsh hudson.security.AccessDeniedException2: anonymous is missing the Administer permission at hudson.security.ACL.checkPermission(ACL.java:53) at hudson.model.Node.checkPermission(Node.java:381) at hudson.cli.GroovyCommand.run(GroovyCommand.java:73) at hudson.cli.CLICommand.main(CLICommand.java:184) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:287) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) at java.util.concurrent.FutureTask.run(FutureTask.java:123) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) at java.lang.Thread.run(Thread.java:595)

    Jenkins JIRA | 5 years ago | Jason Mechler
    hudson.security.AccessDeniedException2: anonymous is missing the Administer permission

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. hudson.security.AccessDeniedException2

      anonymous is missing the Administer permission

      at hudson.security.ACL.checkPermission()
    2. Hudson
      CliManagerImpl.main
      1. hudson.security.ACL.checkPermission(ACL.java:53)
      2. hudson.model.Node.checkPermission(Node.java:381)
      3. hudson.cli.GroovyCommand.run(GroovyCommand.java:73)
      4. hudson.cli.CLICommand.main(CLICommand.java:184)
      5. hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82)
      5 frames
    3. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      4. java.lang.reflect.Method.invoke(Method.java:592)
      4 frames
    4. Hudson :: Remoting Layer
      Request$2.run
      1. hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274)
      2. hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255)
      3. hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215)
      4. hudson.remoting.UserRequest.perform(UserRequest.java:118)
      5. hudson.remoting.UserRequest.perform(UserRequest.java:48)
      6. hudson.remoting.Request$2.run(Request.java:287)
      6 frames
    5. Java RT
      Thread.run
      1. java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
      2. java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)
      3. java.util.concurrent.FutureTask.run(FutureTask.java:123)
      4. java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651)
      5. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676)
      6. java.lang.Thread.run(Thread.java:595)
      6 frames