Migration to 3.0 - security problem [message #1014706] |
Tue, 26 February 2013 10:16 |
k z Messages: 71 Registered: October 2012 |
Member |
|
|
Hi,
I have tried migration to V3.0 on our test environment and got plenty of exceptions.I won't put other than security problems here in order not to pollute this thread. SetupInit page was displayed and installed all updates. After that when Hudson was loading, I got Tomcat exception page. hudson-security.xml was created. Hudson is started even though Tomcat displays only exception. New log entries are added (SCM Polling) to the log file
When I changed useSecurity from true to false in this file I was able see Hudson in Tomcat but obviously security was disabled.
Env:
Tomcat
Hudson 2.2.0
Hudson Active Directory plugin - 1.17
Role-based Authorization Strategy - 1.1.2
Part of the Hudson log which I think is related
INFO: Home directory: /home/tomcat6/.hudson
Feb 26, 2013 10:13:05 AM hudson.util.RobustReflectionConverter doUnmarshal
WARNING: Skipping a non-existent type com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
Feb 26, 2013 10:13:05 AM hudson.util.RobustReflectionConverter doUnmarshal
WARNING: Skipping a non-existent type hudson.plugins.active_directory.ActiveDirectorySecurityRealm
Feb 26, 2013 10:13:05 AM org.eclipse.hudson.security.HudsonSecurityManager load
SEVERE: Failed to load /home/tomcat6/.hudson/hudson-security.xml
hudson.util.IOException2: Unable to read /home/tomcat6/.hudson/hudson-security.xml
at hudson.XmlFile.unmarshal(XmlFile.java:140)
at org.eclipse.hudson.security.HudsonSecurityManager.load(HudsonSecurityManager.java:366)
at org.eclipse.hudson.security.HudsonSecurityManager.<init>(HudsonSecurityManager.java:143)
at org.eclipse.hudson.HudsonServletContextListener.contextInitialized(HudsonServletContextListener.java:206)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4206)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4705)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:778)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:504)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1315)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1061)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
at org.apache.catalina.core.StandardService.start(StandardService.java:525)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: com.thoughtworks.xstream.converters.ConversionException: null : null
---- Debugging information ----
cause-exception : java.lang.NullPointerException
cause-message : null
class : org.eclipse.hudson.security.HudsonSecurityManager
required-type : org.eclipse.hudson.security.HudsonSecurityManager
converter-type : hudson.util.RobustReflectionConverter
path : /hudsonSecurityManager
line number : 670
version : null
-------------------------------
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:79)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1034)
at hudson.util.XStream2.unmarshal(XStream2.java:76)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1018)
at hudson.XmlFile.unmarshal(XmlFile.java:136)
... 27 more
Caused by: java.lang.NullPointerException
at hudson.diagnosis.OldDataMonitor.report(OldDataMonitor.java:185)
at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:264)
at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:173)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
... 36 more
Feb 26, 2013 10:13:11 AM hudson.util.CharacterEncodingFilter init
INFO: CharacterEncodingFilter initialized. DISABLE_FILTER: false FORCE_ENCODING: false
Feb 26, 2013 10:13:11 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
However, later on, both security plugins seems to be loaded successfully
Inspecting:
...
Feb 26, 2013 10:13:17 AM hudson.model.Hudson$5 onAttained
INFO: Attained Inspecting plugin /home/tomcat6/.hudson/plugins/role-strategy.hpi
Feb 26, 2013 10:13:17 AM hudson.model.Hudson$5 onAttained
INFO: Attained Inspecting plugin /home/tomcat6/.hudson/plugins/active-directory.hpi
2013 10:13:22 AM hudson.PluginManager$2$1$1 run
...
Loading:
...
INFO: Loading plugin - role-strategy
Feb 26, 2013 10:13:22 AM hudson.model.Hudson$5 onAttained
INFO: Attained Loading plugin role-strategy
Feb 26, 2013 10:13:22 AM hudson.PluginManager$2$1$1 run
INFO: Loading plugin - active-directory
Feb 26, 2013 10:13:22 AM hudson.model.Hudson$5 onAttained
INFO: Attained Loading plugin active-directory
...
Initializing:
...
Feb 26, 2013 10:13:46 AM hudson.model.Hudson$5 onAttained
INFO: Attained Initializing plugin role-strategy
Feb 26, 2013 10:13:46 AM hudson.model.Hudson$5 onAttained
INFO: Attained Initializing plugin active-directory
...
Despite the exceptions, Hudson pooling mechanism is working adding new entries (with same security exceptons) to the log
Feb 26, 2013 10:48:43 AM hudson.triggers.SCMTrigger$Runner runPolling
SEVERE: Failed to record SCM polling
java.lang.AbstractMethodError: hudson.security.SidACL.hasPermission(Lorg/springframework/security/acls/sid/Sid;Lhudson/security/Permission;)Ljava/lang/Boolean;
at hudson.security.SidACL$1.hasPermission(SidACL.java:146)
at hudson.security.SidACL._hasPermission(SidACL.java:67)
at hudson.security.SidACL.hasPermission(SidACL.java:45)
at hudson.security.ACL.hasPermission(ACL.java:55)
at hudson.model.AbstractItem.hasPermission(AbstractItem.java:369)
at hudson.model.Hudson.getItems(Hudson.java:1191)
at hudson.model.Hudson.getItems(Hudson.java:220)
at hudson.model.Hudson.getAllItems(Hudson.java:1247)
at hudson.model.Job.getCascadingProject(Job.java:1690)
at hudson.model.Job.hasCascadingProject(Job.java:1702)
at org.eclipse.hudson.model.project.property.BaseProjectProperty.getCascadingValue(BaseProjectProperty.java:95)
at org.eclipse.hudson.model.project.property.BaseProjectProperty.getValue(BaseProjectProperty.java:120)
at hudson.util.DescribableListUtil.convertToDescribableList(DescribableListUtil.java:166)
at hudson.util.DescribableListUtil.convertToDescribableList(DescribableListUtil.java:147)
at hudson.model.BaseBuildableProject.getBuildWrappersList(BaseBuildableProject.java:219)
at hudson.model.AbstractBuild.getBuildVariables(AbstractBuild.java:832)
at hudson.model.AbstractBuild.getBuildVariableResolver(AbstractBuild.java:851)
at hudson.model.ParametersAction.createVariableResolver(ParametersAction.java:97)
at hudson.model.ParametersAction.substitute(ParametersAction.java:81)
at hudson.scm.SubversionSCM$ModuleLocation.getExpandedRemote(SubversionSCM.java:2476)
at hudson.scm.SubversionSCM$ModuleLocation.getExpandedLocation(SubversionSCM.java:2508)
at hudson.scm.SubversionSCM.getLocations(SubversionSCM.java:423)
at hudson.scm.SubversionSCM.repositoryLocationsNoLongerExist(SubversionSCM.java:2271)
at hudson.scm.SubversionSCM.compareRemoteRevisionWith(SubversionSCM.java:1105)
at hudson.scm.SCM._compareRemoteRevisionWith(SCM.java:353)
at hudson.scm.SCM.poll(SCM.java:371)
at hudson.model.AbstractProject.poll(AbstractProject.java:1649)
at hudson.triggers.SCMTrigger$Runner.runPolling(SCMTrigger.java:438)
at hudson.triggers.SCMTrigger$Runner.run(SCMTrigger.java:468)
at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:133)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
Tomcat exception:
exception
javax.servlet.ServletException: Servlet execution threw an exception
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:86)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:162)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:134)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:89)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:162)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:134)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:89)
hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:78)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:81)
hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:45)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:73)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:157)
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:70)
Tomcat root cause
root cause
java.lang.AbstractMethodError: hudson.security.SidACL.hasPermission(Lorg/springframework/security/acls/sid/Sid;Lhudson/security/Permission;)Ljava/lang/Boolean;
hudson.security.SidACL._hasPermission(SidACL.java:67)
hudson.security.SidACL.hasPermission(SidACL.java:45)
hudson.security.ACL.checkPermission(ACL.java:44)
hudson.model.Node.checkPermission(Node.java:351)
hudson.model.Hudson.getTarget(Hudson.java:3427)
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:500)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:650)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:481)
org.kohsuke.stapler.Stapler.service(Stapler.java:152)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:86)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:162)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:134)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:89)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:162)
org.hudsonci.servlets.internal.ServletRegistrationFilterAdapter.doFilter(ServletRegistrationFilterAdapter.java:134)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:89)
hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:78)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:81)
hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:45)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:73)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:157)
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:70)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.06369 seconds