Resolution of logon failure (Access Denied) After Jenkins permissions configuration error

For ease of management, Jenkins generally need to set up users, and these users need to configure the appropriate permissions, if accidentally configured when the problem, then you are spartan.

Here, with my personal experience, let's talk about how the login failures that Jenkins caused because of a permissions configuration error are resolved.

The problem occurs because:
The situation is this: I do not know when the configuration permissions if you click OK, the current user if the permissions will be kicked out directly, so the small partners are very happy to carry out such a amount of operation: Open the security matrix in the permissions configuration, not to any user configuration permissions or set the incorrect permissions on the click Save. As shown in the figure below

So, by the system kicked out, again log in, the system is very good prompt me: Access Denied test user does not have overall/runscripts permissions. As shown in the figure:

The little partner was Spartan, and after my Shang (Wang) Qiu (Zhu), I finally managed to log in again, and now we share these solutions.

Workaround 1 (This method is not recommended)

There is a simple way to do this:

• Delete user-related directories

• Modify the $jenkins_home/config.xml file: false

• Delete Authorizationstrategy, Securityrealm nodes

• Restart Jenkins

This method removes the rights management of Jenkins and restores it to its original state. But you might lose something.

Workaround 2 (I use this method)

Locate the CONFIG. s file that holds user permissions, which is typically in the home directory of Jenkins and is opened with this kind of paper:

is not feeling a bit messy, no matter, we just need to find one of your users, and then assign it all permissions, and then you can.

We're going to find two lines of code.

Then, select the code between them and replace them with the following code:

<useSecurity>true</useSecurity> <authorizationstrategy class= " Hudson.security.GlobalMatrixAuthorizationStrategy "> <permission>hudson.model.computer.configure:admin& Lt;/permission> <permission>hudson.model.Computer.Connect:admin</permission> <permission >hudson.model.Computer.Create:admin</permission> <permission>hudson.model.computer.delete:admin& Lt;/permission> <permission>hudson.model.Computer.Disconnect:admin</permission> <permiss Ion>hudson.model.hudson.administer:admin</permission> <permission>hudson.model.hudson.read:admin </permission> <permission>hudson.model.Hudson.Read:anonymous</permission> <permission >hudson.model.Hudson.RunScripts:admin</permission> <permission>hudson.model.Item.Build:admin< /permission> <permission>hudson.model.item.cancel:admin</permission> <permission>hudson.model.Item.Configure:admin</permission> <permission> Hudson.model.item.create:admin</permission> <permission>hudson.model.item.delete:admin</ Permission> <permission>hudson.model.Item.Discover:admin</permission> <permission>hud Son.model.item.read:admin</permission> <permission>hudson.model.item.workspace:admin</permission > <permission>hudson.model.Run.Delete:admin</permission> <permission>hudson.model.run . Update:admin</permission> <permission>hudson.model.View.Configure:admin</permission> &lt ;p ermission>hudson.model.view.create:admin</permission> <permission>hudson.model.view.delete: Admin</permission> <permission>hudson.model.View.Read:admin</permission> <permission>h Udson.scm.scm.tag:admin</permission>

    </authorizationStrategy> <securityrealm class= "Hudson.security.HudsonPrivateSecurityRealm" > <disableSignup>false</disableSignup> <enableCaptcha>false</enableCaptcha> </sec Urityrealm>

At this point, the Admin user is the owner of all permissions, will be Jenkins restart (if you do not know how to restart the computer can be saved directly after restarting, relatively simple.) Then use the Admin account to log in on it. If you do not have the admin user, you can replace admin with the account name in Jenkins, and the other does not need to be changed.

Other functions of the configuration file

The configuration file also has other functions, such as when we need to modify the port number of the Jenkins login, by modifying the code in the config file:

[Code]<arguments>-xrs-xmx256m-dhudson.lifecycle=hudson.lifecycle.windowsservicelifecycle-jar "%BASE%\ Jenkins.war "--httpport=8080</arguments>

Change the above 8080 to the port number you need, save it, restart it, and then you can.

Reference http://www.aichengxu.com/view/2417623