Community
Participate
Working Groups
URL : http://localhost:8080/hudson/j_spring_security_check Steps: 1. Start Hudson with new Home 2. Manage Hudson/Manage Security/ 3. Enable Security and change Authorization to Team Management 4. Create sysadmin as "root". Click Save. 5. Back in home screen, click the "log in" link. 6. Type in username "root", leave password empty, click Submit. Following page is returned: 404 Not Found Stapler processed this HTTP request as follows, but couldn't find the resource to consume the request -> evaluate(<hudson.model.Hudson@1495e50> :hudson.model.Hudson,"/j_spring_security_check") -> evaluate(((StaplerProxy)<hudson.model.Hudson@1495e50>).getTarget(),"/j_spring_security_check") -> evaluate(<hudson.model.Hudson@1495e50>.getDynamic("j_spring_security_check",...),"") hudson.model.Hudson@1495e50.getDynamic("j_spring_security_check",...)==null. Back tracking. -> evaluate(((StaplerFallback)<hudson.model.Hudson@1495e50>).getStaplerFallback(),"/j_spring_security_check") -> evaluate(<hudson.model.AllView@afe3b8> :hudson.model.AllView,"/j_spring_security_check") -> evaluate(<hudson.model.AllView@afe3b8>.getDynamic("j_spring_security_check",...),"") hudson.model.AllView@afe3b8.getDynamic("j_spring_security_check",...)==null. Back tracking. -> No matching rule was found on <hudson.model.AllView@afe3b8> for "/j_spring_security_check" <hudson.model.AllView@afe3b8> has the following URL mappings, in the order of preference: hudson.model.AllView.doCreateItem(...) for url=/createItem/... hudson.model.AllView.doSubmitDescription(...) for url=/submitDescription/... hudson.model.View.doRssAll(...) for url=/rssAll/... hudson.model.View.doRssFailed(...) for url=/rssFailed/... hudson.model.View.doDoDelete(...) for url=/doDelete/... hudson.model.View.doConfigSubmit(...) for url=/configSubmit/... hudson.model.View.doRssLatest(...) for url=/rssLatest/... VIEW.jelly for url=/VIEW hudson.model.View.LIST for url=/LIST/... hudson.model.View.SORTER for url=/SORTER/... hudson.model.View.PERMISSIONS for url=/PERMISSIONS/... hudson.model.View.CREATE for url=/CREATE/... hudson.model.View.DELETE for url=/DELETE/... hudson.model.View.CONFIGURE for url=/CONFIGURE/... hudson.model.AllView.getItems() for url=/items/... hudson.model.AllView.getPostConstructLandingPage() for url=/postConstructLandingPage/... hudson.model.AllView.getDescription() for url=/description/... hudson.model.View.getPeople() for url=/people/... hudson.model.View.getApi() for url=/api/... hudson.model.View.getAbsoluteUrl() for url=/absoluteUrl/... hudson.model.View.getTimeline() for url=/timeline/... hudson.model.View.getBuilds() for url=/builds/... hudson.model.View.getWidgets() for url=/widgets/... hudson.model.View.getViewName() for url=/viewName/... hudson.model.View.getComputers() for url=/computers/... hudson.model.View.getSearchUrl() for url=/searchUrl/... hudson.model.View.getACL() for url=/aCL/... hudson.model.View.getViewUrl() for url=/viewUrl/... hudson.model.View.getBuildHistoryList() for url=/buildHistoryList/... hudson.model.View.getItemCreatePermission() for url=/itemCreatePermission/... hudson.model.View.getQueueItems() for url=/queueItems/... hudson.model.View.getUrl() for url=/url/... hudson.model.View.getDisplayName() for url=/displayName/... hudson.model.View.getOwner() for url=/owner/... hudson.model.View.getDescriptor() for url=/descriptor/... hudson.model.View.getDescriptor() for url=/descriptor/... hudson.model.View.getActions() for url=/actions/... hudson.model.AbstractModelObject.getSearchIndex() for url=/searchIndex/... hudson.model.AbstractModelObject.getSearch() for url=/search/... hudson.model.AbstractModelObject.getSearchName() for url=/searchName/... java.lang.Object.getClass() for url=/class/... hudson.model.View.getJob(String) for url=/job/TOKEN/... hudson.model.View.getDynamic(String) for url=/dynamic/TOKEN/... hudson.model.View.getItem(String) for url=/item/TOKEN/... hudson.model.View.getDynamic(String,StaplerRequest,StaplerResponse) for url=/TOKEN/...
Does this bug happen in unmodified 3.1.0 hudson?
Reason I ask, I couldn't reproduce it here with current 3.1.0 build.
Let me clarify. In 3.1.0 without a custom security manager and with security disabled, there is no link to take you to the /login page. If you type it explicitly, you will be able to get that error, but as Winston said: "Calling localhost:8080/login when no security enabled is against the law :)" Anyway, it's an end case. OTOH, in the environment where you encountered that bug, there is a custom security realm and Hudson does invite you to log in, with a link that will take you to the /login page. There, it fails because the security realm has overridden getFilter and prevents the handler for j_spring_security_check being added. But this case should only be reachable during testing, as users are not supposed to be able to reach a Hudson for which they are not pre-authorized, and if they are preauthorized they won't be led to the /login dialog.
But I'm guessing. What was the SecurityRealm and Authorization scheme you using in the environment you originally found the bug. If it's the one I'm thinking of, my previous post was correct.
