hudson.security.AccessDeniedException2: Cl\xC3\xA9ment is missing the Overall/Read permission

Jenkins JIRA | Clément | 12 months ago
  1. 0

    (Side note: I'm not an admin for the Jenkins install that I use; just a regular user) I login using a certificate, authenticating using HTTP headers by reverse proxy, and matrix-based security. My certificate has my name, Clément. That same user exists in the authorizations matrix as Clément, but Jenkins returns {{ hudson.security.AccessDeniedException2: Cl\xC3\xA9ment is missing the Overall/Read permission at hudson.security.ACL.checkPermission(ACL.java:63) at hudson.model.Node.checkPermission(Node.java:439) at jenkins.model.Jenkins.getTarget(Jenkins.java:3804) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:674) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm$1.doFilter(ReverseProxySecurityRealm.java:468) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:366) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) }} The issue is that Jenkins improperly decodes the contents of the name in the HTTP header that it gets. When my admin added 'Cl\xC3\xA9ment' to the authorizations matrix, everything resumed working properly. What extra info can I provide to help troubleshoot this issue?

    Jenkins JIRA | 12 months ago | Clément
    hudson.security.AccessDeniedException2: Cl\xC3\xA9ment is missing the Overall/Read permission
  2. 0

    (Side note: I'm not an admin for the Jenkins install that I use; just a regular user) I login using a certificate, authenticating using HTTP headers by reverse proxy, and matrix-based security. My certificate has my name, Clément. That same user exists in the authorizations matrix as Clément, but Jenkins returns {{ hudson.security.AccessDeniedException2: Cl\xC3\xA9ment is missing the Overall/Read permission at hudson.security.ACL.checkPermission(ACL.java:63) at hudson.model.Node.checkPermission(Node.java:439) at jenkins.model.Jenkins.getTarget(Jenkins.java:3804) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:674) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm$1.doFilter(ReverseProxySecurityRealm.java:468) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:366) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) }} The issue is that Jenkins improperly decodes the contents of the name in the HTTP header that it gets. When my admin added 'Cl\xC3\xA9ment' to the authorizations matrix, everything resumed working properly. What extra info can I provide to help troubleshoot this issue?

    Jenkins JIRA | 12 months ago | Clément
    hudson.security.AccessDeniedException2: Cl\xC3\xA9ment is missing the Overall/Read permission
  3. 0

    hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission

    Google Groups | 3 years ago | HYH
    hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Jenkins users - hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission

    nabble.com | 1 year ago
    hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
  6. 0

    Jenkins: Accessed denied after turning on global security. How to revert? - Server Fault

    serverfault.com | 1 year ago
    hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission

    1 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. hudson.security.AccessDeniedException2

      Cl\xC3\xA9ment is missing the Overall/Read permission

      at hudson.security.ACL.checkPermission()
    2. Hudson
      Node.checkPermission
      1. hudson.security.ACL.checkPermission(ACL.java:63)
      2. hudson.model.Node.checkPermission(Node.java:439)
      2 frames
    3. jenkins.model
      Jenkins.getTarget
      1. jenkins.model.Jenkins.getTarget(Jenkins.java:3804)
      1 frame
    4. Stapler
      Stapler.service
      1. org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:674)
      2. org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      3. org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
      4. org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      4 frames
    5. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      1 frame
    6. Jetty
      ServletHandler$CachedChain.doFilter
      1. org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
      2. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
      2 frames
    7. Hudson
      PluginServletFilter.doFilter
      1. hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123)
      2. hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114)
      2 frames
    8. Jetty
      ServletHandler$CachedChain.doFilter
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      1 frame
    9. Hudson
      CrumbFilter.doFilter
      1. hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      1 frame
    10. Jetty
      ServletHandler$CachedChain.doFilter
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      1 frame
    11. org.jenkinsci.plugins
      ReverseProxySecurityRealm$1.doFilter
      1. org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm$1.doFilter(ReverseProxySecurityRealm.java:468)
      1 frame
    12. Hudson
      HudsonFilter.doFilter
      1. hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168)
      1 frame
    13. Jetty
      ServletHandler$CachedChain.doFilter
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      1 frame
    14. Stapler
      CompressionFilter.doFilter
      1. org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      1 frame
    15. Jetty
      ServletHandler$CachedChain.doFilter
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      1 frame
    16. Hudson
      CharacterEncodingFilter.doFilter
      1. hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      1 frame
    17. Jetty
      ServletHandler$CachedChain.doFilter
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      1 frame
    18. Stapler
      DiagnosticThreadNameFilter.doFilter
      1. org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      1 frame
    19. Jetty
      AsyncHttpConnection.handle
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      2. org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      4. org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      5. org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      6. org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      7. org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      8. org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      9. org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      10. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      11. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      12. org.eclipse.jetty.server.Server.handle(Server.java:366)
      13. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      14. org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
      15. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
      16. org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
      17. org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      18. org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      18 frames
    20. GWT dev
      SelectChannelEndPoint$1.run
      1. org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      2. org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      2 frames
    21. winstone
      BoundedExecutorService$1.run
      1. winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      1 frame
    22. Java RT
      Thread.run
      1. java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      2. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      3. java.lang.Thread.run(Thread.java:745)
      3 frames