14

Need help figuring this one out. How can I fix this issue? I think I enabled global security and saw this error immediately.

(while accessing localhost:8080 I get the following...)

A problem occurred while processing the request. Please check our bug tracker to see if a similar problem has already been reported. If it is already reported, please vote and put a comment on it to let us gauge the impact of the problem. If you think this is a new issue, please file a new issue. When you file an issue, make sure to add the entire stack trace, along with the version of Jenkins and relevant plugins. The users list might be also useful in understanding what has happened.

Stack trace
hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission
    at hudson.security.ACL.checkPermission(ACL.java:54)
    at hudson.model.Node.checkPermission(Node.java:418)
    at jenkins.model.Jenkins.getTarget(Jenkins.java:3658)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:656)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
    at java.lang.Thread.run(Thread.java:695)
serverFaulter
  • 385
  • 2
  • 4
  • 9

5 Answers5

14

edit the config.xml and replace the following two xml tags with the below version. Then restart your server.

  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  <securityRealm class="hudson.security.SecurityRealm$None"/>

Beware, your existing tags are probably spanning over several lines each.

Peter Schuetze
  • 1,231
  • 10
  • 17
  • And where should I look for `config.xml`? – sobi3ch Nov 10 '15 at 11:40
  • OK I found it.. normally is set on `$JENKINS_HOME` but in my case it was empty. On my Ubuntu I found it in `/var/lib/jenkins/`. – sobi3ch Nov 10 '15 at 11:46
  • Whilst a good answer for this question, this answer is also a bit more generic. If you've screwed up your security settings (or IT have changed the LDAP) and you need to get back into a locked out Jenkins, wiping out the security in config.xml and adding in the above xml tags will get you going again. – gnuchu Apr 27 '16 at 12:50
11

You are getting this error because you enabled the security but don't have any user with permissions. To solve this problem, first edit config.xml and set useSecurity to false

I assume that you want to use local authentication (a local db of users) rather than an external db (i.e., LDAP). Follow the steps below taken from Jenkins Documentation.

  1. Go to the Configure Global Security screen (http://server/jenkins/configureSecurity/) and choose "enable security". An alternate URL to try is http://server:8080/configureSecurity.
  2. Select "Jenkins's own user database" as the security realm
  3. Place a check mark next to "Allow users to sign up"
  4. Select "Matrix-based security" as the authorization
  5. Give anonymous user the read access
  6. In the text box below the table, type in your user name (you'd be creating this later) and click "add"
  7. Give yourself a full access by checking the entire row for your user name
  8. Scroll all the way to the bottom, click "save"

Tested with version 1.566.

I suggest to revert the changes suggested in the accepted answer as it is likely to affect the steps above.

fedorqui
  • 248
  • 4
  • 17
amertkara
  • 221
  • 2
  • 6
2

Two-liner fix (run on the server):

sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart

Note: The sudo permission is required, or run as root.

Then login to Jenkins as usual and reconfigure the security again.

kenorb
  • 5,943
  • 1
  • 44
  • 53
0

Similar issue I faced but with GitHub OAuth plugin, thanks to agreed answer here, my problem and solution explained here

Community
  • 1
sandejai
  • 131
  • 1
  • 6
0

In Windows: When I've enabled the LDAP under Global security, I lost my admin right too. with error as "Access Denied is missing the Overall/Read permission jenkins windows".

In such case, Please retain the existing instance, have a new jenkins install on someother machine or VM. Copy the config.xml from Jenkins_Home and replace it with config.xml from your Jenkin_Home directory. While performing this, ensure Jenkins service is stopped. once replaced, Start the instance and VOILA.

DheerajG
  • 1
  • 1