I'm using these settings in install4j.vmoptions (install4j 7.0.4):
# Clear out cached proxy information
-Dinstall4j.clearProxyCache=true
# and hopefully prevent install4j from reloading it from the default browser
-Dinstall4j.noProxyAutoDetect=true
# Unconditionally shows proxy config dialog
-Dinstall4j.showProxyConfig=true
# Log issues to %TEMP%\install4j_error.log
-Dinstall4j.showConnectError=true
I do not get a proxy dialog; the output in the error log is this:
java.io.IOException: Proxy password required. Please set the parameter -DproxyAuthPassword=[password].
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.askForProxyPassword(HttpRequestHandler.java:335)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.getURLConnection(HttpRequestHandler.java:233)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.connect(HttpRequestHandler.java:124)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:151)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:24)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.connect(HttpRequestHandler.java:117)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:146)
at com.install4j.gui.c.h.c(ejt:72)
at com.install4j.gui.c.h.run(ejt:38)
This runs contrary to the following two assumptions:
1) install4j should record the proxy settings.
2) install4j should show a proxy dialog with these settings.
What did I miss?
UPDATE: -DproxyAuth=false would change the error message, it would now complain about certificate problems.
This concerns the JRE downloads in the install4j IDE and will be fixed in 7.0.7.
Please write to support#ej-technologies.com to get a build that contains the fix.
Alternatively, you can download JRE bundles manually from
https://download.ej-technologies.com/bundles/list
I've created Web Application running on Java Liberty Runtime on Bluemix. Login is done by using SSO service with SAML enterprise provider. After login user redirected to my app and on every JAX-RS request I get user's credentials by following code:
Subject s = WSSubject.getCallerSubject();
Object credential = s.getPrivateCredentials().iterator().next();
String loginToken = credential.toString();
Everything works fine, but if the user has been idle for more then 10 minutes and then perform any ajax request WSSubject.getCallerSubject() returns null, and I required to refresh application.
I've tried to increase timeout by adding following attribute to web.xml:
<session-config>
<session-timeout>60</session-timeout>
</session-config>
But it didn't help. So I'm looking how can I increase timeout or possible I can retrieve user credentials in a different way?
You need to add the optional element <authCache> to the server.xml file to change the default values for the authentication cache.
As you mentioned in your question, the default value is 10 minutes. To change it to 60 minutes you need to include the following in the server.xml file:
<authCache initialSize="50" maxSize="25000" timeout="60m"/>
The documentation here provides more details and also explains initialSize and maxSize options, I left the default value for these two above and just updated timeout.
If you are deploying your application using the default method of pushing the war file, you will need to use a different approach to deploy the application with a custom server.xml file. Please check the documentation here for options on pushing Liberty profile applications (more specific check sections Server Directory and Packaged Server).
In this case, you may also want to check the server.xml file that is currently deployed and modify that version to add the <authCache> element.
You can get a copy of the file by running the following command:
$ cf files <your_app_name> app/wlp/usr/servers/defaultServer/server.xml
I'm using the github oauth plugin for our logins but for all of our users in the Organisation I get an error:
Access Denied
<user> is missing the Overall/Read permission
I have tried everything I can possibly think of to try to make this work and I'm probably going to fallback to making everyone an admin user, which i would prefer not to do.
Any advise would be appreciated.
This is how I resolved the authentication problem:
Edit config.xml file, e.g.
sudo vi /var/lib/jenkins/config.xml
Change useSecurity element's value to false, e.g.
<useSecurity>false</useSecurity>
Remove authorizationStrategy block
Restart Jenkins: /etc/init.d/jenkins restart.
Access Jenkins through URL as usual and reconfigure security again.
I had the same problem with "... is missing the Overall/Read permission" on Jenkins (1.651.2) with activated Credentials Plugin.
But it was my own failure: I only configured the user on project side (by credential plugin) but missed to configure the global security.
So I fixed it by selecting:
Jenkins -> Manage Jenkins -> Configure Global Security
And did setup missing global settings (or project matrix based one)
Have you followed this step, from the plugin page?
Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy
Also, make sure you actually allow authenticated users to access Jenkins
Under Jenkins global configuration, under Authorization, add user/group called authenticated
Give that group Overall Read permission
The group should show up with a "group" icon (two users), as opposed to single user icon.
reset from <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> in config.xml and set the permission again.
Edit file /var/lib/jenkins/config.xml and add the following lines :
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Read:john.smith</permission>
</authorizationStrategy>
Restart Jenkins
What I did when I got this error is to edit config.xml as mentionned by other users and correctly re-add my username in LOWERCASE in "configureSecurity" Jenkins' page. I was using "KrustyHack" when adding permissions but it didn't work. I had to add "krustyhack" instead, and it worked.
I hope it helps.
I had the same problem here, but it affected only some users, not all of them. Anyway, you should check public organization membership : documentation of the plugin states that "You have to be a public member of the organization for the authorization to work correctly." (https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin).
Follow instructions from GitHub (https://help.github.com/articles/publicizing-or-hiding-organization-membership/) in order to make organization membership public, and this might fix your issue.
Also check the case user names in the authorizationStrategy element. I made my new user's name lower case and restarted the service and it the error went away.
Fix it by these 2 shell commands on the server (sudo permission is required):
sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart
This will remove useSecurity and authorizationStrategy lines from your config file.
See also: Disable security at Jenkins website
We hit this same error when a github organization administrator changed the organization's settings for "Third-party access" to "restrict third-party application access". Reverting to the previous settings within the github organization resolved the problem.
See github oauth-app-access-restrictions for details on how to configure that properly.
The assignment of roles to users is stored in config.xml file. Add the ID of the user directly to the role and then restart Jenkins.
In my case, I have a role named editor and a bunch of users assigned to the role.
<role name="editor" pattern=".*">
<permissions>
<...>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>...</permission>
</permissions>
<assignedSIDs>
<sid>bob</sid>
<sid>alice</sid>
<sid>**newuser**</sid>
</assignedSIDs>
</role>
The matrix security is not terribly clear. I am a member of a specific group in our org that has admin privileges however I am also an authenticated user. I would think that the one group super-cedes the other however I have to have both in order to actually log into the system and be admin. It's screwed up IMO.
go to your-jenkins-host:port/role-strategy/assign-roles and configure roles for the user
I had the same problem before,
your OAuth application need your organization owner's approve,
then the OAuth Plugin can access the private data in it
I am using Crowd 2 plugin and I have the same problem.
I fixed it by downgrading OWASP Markup Formatter Plugin from varsion 1.2 to version 1.1 and then changing Markup Formatter in Configure Global Security value to Raw HTML, before it was Plain text.
I had exactly the same problem and adding the plugin Role Strategy Plugin fixed the problem.
All I had to do was install the plugin, create two groups - admin / developer and then add users to the groups.
A much much better solution than recreating the whole permissions matrix :)
I had a similar problem I was not able access Jenkin account and the system was locked.
I had only an error message. "Access Denied "
When I tried to reinstall Jenkins then it prompted to Repair option.
By clicking Repair option it fixed the problem.
Go to $JENKINS_HOME (linux, jenkins in windows), and find config.xml file.
Open this file in the editor. (take backup of .jenkins home)
Look for the <useSecurity>true</useSecurity> element in this file.
Replace "true" with "false"
Remove the elements authorizationStrategy and securityRealm
Start Jenkins
I found it in
C:\ProgramData\Jenkins\.jenkins
Jenkins Version: 2.319.2
Instead of removing all security (the top answer), Add admin access as root, to the user you want to give admin to. We had the same issue where all admins were no longer with the company. This is how I resolved the authentication problem: I logged into:
jenkins#<jenkins server>:/var/lib/jenkins/
Edit config.xml file, and add a config for
<permission>hudson.model.Hudson.Administer:<username></permission>
Then restart Jenkins:
root#<jenkins server>:/$ /etc/init.d/jenkins restart
Just use Jenkins > Configure Global Security bottom page matrix to provide permissions to the user (start w/ read)
I edited the /var/lib/jenkins/config.xml file and replaced the
<authorizationStrategy>...</authorizationStrategy>
with
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
It is the default settings after installation. Then restart the jenkins service.
In Jboss 5.1 the Profile Service does what the Deployment Service was doing in Jboss 4.x.In Jboss 4.x I was using the Deployment Service to create a datasource "on-the-fly" and I was wondering if I could do the same thing using the Profile Service (since Deployment Service doesn't exist any more in Jboss 5.x).
Does anyone know a practical guid on using ProfileService?
Thank you ,
Regards.
I don't know of any guide but I can provide you with my experience using the Profile Service and a few links to JBoss wiki pages on this topic. I'd like to post more links but the spam protection doesn't allow me to post more than two, but you should easily find the other pages in the wiki on the ProfileService. Don't be suprised in case you don't find much, there isn't more.
ProfileService ManagementView
http://community.jboss.org/wiki/ProfileServiceManagementView
ProfileService DeploymentTemplates
http://community.jboss.org/wiki/ProfileServiceDeploymentTemplates
There you'll find usefull information about the ProfileService but no detailed information is available in the jboss wiki as far as I can tell.
In order to create Datasources on the fly you can use the DeploymentTemplates (also for creating message queues and topics) The last link provides you with information on how to use the templates but not with all the template names and their properties. You can list them programatically though.
// Get all Templates
for(String template : mgtView.getTemplateNames())
{
System.out.println("=========================================");
System.out.println("Listing properties for template: "+template);
DeploymentTemplateInfo info = mgtView.getTemplate(template);
for(String prop : info.getProperties().keySet())
System.out.println("- "+prop);
}
In order to get the ManagementView (mgtView) from an external java programm you can use something similiar to this:
// set security policy
System.setProperty("java.security.policy", "<path_to_policy_file>");
System.setSecurityManager( new RMISecurityManager() ) ;
// set initial context properties
Hashtable<String, String> env = new Hashtable<String, String>();
env.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
env.put("java.naming.provider.url","jnp://localhost:1099");
env.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
ctx = new InitialContext(env);
// login to JBoss
SecurityClient client = SecurityClientFactory.getSecurityClient();
client.setSimple("admin", "admin");
client.login();
// get ProfileService and ViewManager
ProfileService ps = (ProfileService) ctx.lookup("ProfileService");
mgtView = ps.getViewManager();
What you want to get is the Java Naming Conext (InitialContext). In order to do that you'll need a security policy (you can use the java.policy file which is located in JBOSS_HOME/server/SERVER_DIR/conf/),security manager and environment properties to get the context. The java.naming.provider.url specifies the location of the JBoss naming service (default port is 1099).
Usually you would have to authenticate at this point which is done with the SecurityClient.
Finally you can use the context to grap the ProfileService.
At this point most of the anoying stuff is done und you can start playing around.
getViewManager() returns the ViewManager with which you can create datasources on the fly and getDeploymentManager() will give you the DeploymentManager with which you can deploy, undeploy, start, stop applications and other deployments.
The libraries you'll need to do that are located in
JBOSS_HOME/client
JBOSS_HOME/lib
JBOSS_HOME/common/lib
I've read several times that including the jbossall-client.jar in the client directory should be enough but that's actually not true. You need libraries from all three directories as far as I can tell (couldn't do it without referencing all of them at least). I haven't figured out which exact jars you need though...
IMPORTANT: The ProfileService in Jboss 5 Community Edition has some bugs though which got fixed in JBoss 6. I'd either suggest using a newer JBoss version or the Enterprise Edition.
How can, we know the jboss username and password for login
Under your JBoss application server directory, look for a file named:
conf/login-config.xml
There will be a block called:
<application-policy name="jmx-console">
... which will tell where your file-based username=password combinations are stored. I believe the default path is:
conf/props/jmx-console-users.properties
By default credential in Jboss is Given below
login: admin
password: admin
But if you use EAP these credential are turn off by default and there is no active user (security reasons :)). If you want to turn on these user you have to edit file in your current profile: ./deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties. It should be enough to remove # sign form the line with the user.
If you want to create new user don't forget to set up correct groups in
web-console-roles.properties file.
You can easly find information where these information are store. Just open the ./conf/login-config.xml file and find the proper security domain definition. In case of Web Console application it will be web-console policy.
or
in JBoss application server directory you have to look for a file named which is given below:
conf/login-config.xml
Inside this file search for application and go to below tags
<application-policy name="jmx-console">
which will tell where your file-based username=password combinations are stored. I think that default path is:
conf/props/jmx-console-users.properties
User: jboss
Password: passw0rd
If you are referring to JBoss' console user/password.