mocleiri / github-oauth-plugin Goto Github PK

View Code? Open in Web Editor NEW

38.0 4.0 16.0 169 KB

Jenkins Github OAuth Authentication and Authorization Pligin

Home Page: http://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin

License: MIT License

Java 100.00%

github-oauth-plugin's Introduction

This project is no longer maintained here

There is no way to turn off issues while still leaving the existing ones visible.

So please don't open new ones here but use the jenkins-ci.org jira here: https://issues.jenkins-ci.org/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+JENKINS+AND+status+in+%28Open%2C+%22In+Progress%22%2C+Reopened%29+AND+component+%3D+%27github-oauth%27

The repository receiving commits and where releases are made is here: https://github.com/jenkinsci/github-oauth-plugin

This repository is no longer maintained.

github-oauth-plugin's People

Contributors

Stargazers

Watchers

Forkers

vkravets ddopson lukegb apcj brettlangdon mbbx6spp tmandke harkiranjeet fancyremarker janetruluck hannonhill ericduran elijahlynn jlleitschuh bulksecuritygeneratorprojectv2

github-oauth-plugin's Issues

Allow users to map their github username to commit username

Jenkins will summarize commits by users like in the change summary:

Commit xyz by michael.ocleirigh

But my github username is mocleiri so this issue is about creating some type of equivalence so that things like build scoring plugins will work properly and track the correct users.

It seams that a custom UserProperty may work to hold the username part.

Splitting out OAuth from GitHub API?

Hi, would it be possible to split apart the OAuth part of this plugin from the GitHub API? I'd like to use it for OAuth against other services, ideally without having to write a completely separate plugin (and end up with one for every service that provides OAuth...)

Circular Redirects

How to reproduce:

Go to Jenkins server (in my case http://myci.com:8080) than you will be redirected to github, press Allow than you will be redirected to Jenkins and again to github and so on.

GitHub OAuth Changed

https://github.com/blog/1077-oauth-application-enhancements

This seems to have made all of my existing Jenkins instances' auth break.

auth exception for jnlp access?

Hi - thanks for this plugin!

Do you have any suggestions for how we should manage JNLP-based slave access to our public jenkins master node running the github oauth plugin? We're running our slaves on our local network, so this is an easy way for us to get the system set up.

Currently, I've just disabled oauth (and all) security during the initial setup of the slaves, but this will obviously not be too nice going forward.

It looks like the endpoint the slave tries to access is http://base_url.com/computer/slavename/slave-agent.jnlp.

Thanks for any suggestions!

404 errors immediately after implementing

I just switched over to the github-oauth plugin. I did include the format http://myserver.com:8080/securityRealm/finishLogin for the callback and simply http://myserver.com for the "url" in the github application settings.

within jenkins I provided my client id and secret, then switched to Github Commiter Authorization Strategy and clicked save.

This is not github enterprise, just the normal.

When I refreshed, it passed me to github for auth. I clicked allow, and then it routed me back to http://myserver.com, which promptly provided a 404. Have you seen this? Any thoughts?

Detach from fork?

I recommend opening a support ticket w/ Github, and they will detach the jenkinsci/github-oauth-plugin fork from this repo. You can then fully deprecate this repo, and use issues in that one again.

java.lang.NullPointerException GithubRequireOrganizationMembershipACL

Apologies if this is not the right plugin. If not could you point me in the right direction?

With this command

java -jar /home/vagrant/jenkins-cli.jar -s http://lucid64-base:8080 create-job staging < /tmp/job_staging.xml

This is the error:

 java.lang.NullPointerException
    at org.jenkinsci.plugins.GithubRequireOrganizationMembershipACL.hasPermission(GithubRequireOrganizationMembershipACL.java:126)
    at hudson.security.ACL.checkPermission(ACL.java:52)
    at hudson.model.Node.checkPermission(Node.java:381)
    at hudson.cli.CLICommand.main(CLICommand.java:186)
    at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:82)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:274)
    at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:255)
    at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:215)
    at hudson.remoting.UserRequest.perform(UserRequest.java:118)
    at hudson.remoting.UserRequest.perform(UserRequest.java:48)
    at hudson.remoting.Request$2.run(Request.java:287)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
    at java.util.concurrent.FutureTask.run(FutureTask.java:166)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:636)
: stdout

500 Peer Not Authorized

Seems like I need to import some certificate into somewhere...???

Try to log in via github. URl's are correct on Github side. When accessing URL:

I get:
Error 500
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:371)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:278)

Interestingly, if I change the github address to Http:// instead of https:// I get a different error.

"Participant in Organization" field ignored

Maybe I'm doing it wrong, but if I add a github user into the "Participant in Organization" field, they still don't seem to have even the READ permission.

If I add them to the "Admin User Names" field, they get full access, as expected.

Breaks Jenkins API basic auth

Before installing the plugin, we were using basic auth with the Jenkins API. After installing the github oauth plugin and updating usernames and tokens as needed, our API requests generate 500 errors (see below). Is this a bug or should we use a different auth strategy for our API requests?

GET /api/json (with basic auth headers)

Exception stacktrace:
java.lang.NullPointerException
at org.jenkinsci.plugins.GithubSecurityRealm.loadGroupByGroupname(GithubSecurityRealm.java:452)
at org.jenkinsci.plugins.GithubSecurityRealm.loadUserByUsername(GithubSecurityRealm.java:421)
at hudson.model.User.impersonate(User.java:251)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:50)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:245)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:148)\n\tat java.lang.Thread.run(Thread.java:679)

New release?

Any chance to push out a new release for at least the basic auth fixes?

That's a deal breaker for us as we script against the Jenkins REST API.

Feature request - Per-job authorization in Jenkins

At the moment, the plugin allows for only two types of users:

Admin (can do anything in Jenkins; via "Admin User Names")
'Read' users (people that may have 'Read' permissions; eg Organization members, authenticated users, or Anonymous)

This is somewhat limiting in that you may have a number of different jobs/projects on the go, and want project-based security around this. I'd like to allow for different users to have different permissions across projects. For instance, be able to let certain users configure some jobs but not others, and be able to read/build some projects but not others.

Using something like the built-in 'Project-based Matrix Authorization Strategy' would be perfect, except that choosing this breaks the ability for GitHub to successfully communicate with '/github-webhook', which I would like to also use.

Allow access to http://jenkins/github-webhook/ by GitHub

After enableling the plugin, the URL http://jenkins/github-webhook/ become unaccessible for unauthentificated users. But this address is automatically called by GitHub when I push to my repository.

Is it possible to disable security on this path or allow explicitely github.com ?

Thanks for you excellent plugin.

HTTP basic auth doesn't work for users != admin

Hi,

with this plugin the http basic auth with the api token only works for users who are listed under "Admin User Names". For other members of the github organisation it says: "Access Denied / [user] is missing the Overall/Read permission".

"Comma separated list" is incorrect

Let me first of all say thanks for this awesome plugin.

Help says that list for users with admin rights should be comma separated. But actually it should comma-space separated.
In case user entered something like p0deje,github - he'll loose admin rights and will have to stop Jenkins and manually edit config.xml.

It's better either to change documentation so it reflected that space is required or change behavior of getAdminUserNames()

https://github.com/jenkinsci/github-oauth-plugin/blob/master/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java#L121

If you click "Deny" at Github, a 500 error results

I have disabled anonymous READ access to my Jenkins instance.

After clicking "Deny" on the Github OAuth screen, I was redirected to /securityRealm/finishLogin?error=user_denied, and presented with this error message:

Status Code: 500

Exception: 
Stacktrace:
java.lang.IllegalStateException: This operation requires a credential but none is given to the GitHub constructor
    at org.kohsuke.github.GitHub.requireCredential(GitHub.java:129)
    at org.kohsuke.github.GitHub.getMyself(GitHub.java:251)
    at org.kohsuke.github.GitHub.<init>(GitHub.java:88)
    at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:116)
    at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:66)
    at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:291)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:104)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:561)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:646)
    at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:561)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:646)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
    at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
    at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
    at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
    at java.lang.Thread.run(Thread.java:679)

Generated by Winstone Servlet Engine v0.9.10 at Thu Nov 17 21:37:17 UTC 2011

Issue with github enterprise

trying to use this with github enterprise, and im getting this

Status Code: 500


Exception: no protocol: oururl.net/user?access_token=afbbb0e1eae4a22da6e06ac18bc72f51bebbd875
Stacktrace:
java.net.MalformedURLException: no protocol: oururl.net/user?access_token=afbbb0e1eae4a22da6e06ac18bc72f51bebbd875
    at java.net.URL.<init>(URL.java:585)
    at java.net.URL.<init>(URL.java:482)
    at java.net.URL.<init>(URL.java:431)
    at org.kohsuke.github.GitHub.getApiURL(GitHub.java:178)
    at org.kohsuke.github.Requester._to(Requester.java:159)
    at org.kohsuke.github.Requester.to(Requester.java:139)
    at org.kohsuke.github.GitHub.getMyself(GitHub.java:203)
    at org.kohsuke.github.GitHub.<init>(GitHub.java:105)
    at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:152)
    at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:68)
    at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:315)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:677)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:770)
    at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:677)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:770)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:583)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:214)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
    at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:124)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
    at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
    at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
    at java.util.concurrent.FutureTask.run(FutureTask.java:166)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:722)

Generated by Stapler at Fri May 31 21:56:00 UTC 2013

Maven build broken?

I'm trying to build from source and seeing this error:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile (default-compile) on project github-oauth: Compilation failure: Compilation failure:
[ERROR] /Users/xxyyzz/dev/projects/github-oauth-plugin/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java:[50,36] package org.apache.commons.httpclient does not exist
[ERROR] /Users/xxyyzz/dev/projects/github-oauth-plugin/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java:[51,41] package org.apache.commons.httpclient.util does not exist
[ERROR] /Users/xxyyzz/dev/projects/github-oauth-plugin/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java:[50,36] package org.apache.commons.httpclient does not exist
[ERROR] /Users/xxyyzz/dev/projects/github-oauth-plugin/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java:[51,41] package org.apache.commons.httpclient.util does not exist

The declared dependency in the pom is:

org.apache.httpcomponents httpclient 4.1

It looks like they've changed the package structure in httpclient. Those packages do in fact not exist in that jar.

No user at build details ("Started by user ..." empty)

When looking at build details there is no user at line "Started by user".

PatternSyntaxException: Dangling meta character '' near index 0 /github-webhook/?$

After installing the 0.4 and 0.5-SNAPSHOT versions, I get this error when enabling the plugin, downgrading to 0.3 fixed the issue.

Status Code: 500

Exception: 
Stacktrace:
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0
*/github-webhook/?$
^
    at java.util.regex.Pattern.error(Pattern.java:1730)
    at java.util.regex.Pattern.sequence(Pattern.java:1895)
    at java.util.regex.Pattern.expr(Pattern.java:1769)
    at java.util.regex.Pattern.compile(Pattern.java:1477)
    at java.util.regex.Pattern.(Pattern.java:1150)
    at java.util.regex.Pattern.compile(Pattern.java:840)
    at java.util.regex.Pattern.matches(Pattern.java:945)
    at java.lang.String.matches(String.java:2102)
    at org.jenkinsci.plugins.GithubRequireOrganizationMembershipACL.hasPermission(GithubRequireOrganizationMembershipACL.java:91)
    at hudson.security.ACL.checkPermission(ACL.java:52)
    at hudson.model.Node.checkPermission(Node.java:381)
    at jenkins.model.Jenkins.getTarget(Jenkins.java:3346)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:496)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:646)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
    at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
    at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:52)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
    at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
    at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
    at java.lang.Thread.run(Thread.java:679)

NPE when trying access to Jenkins API with auth view github

Hi. I need to use Jenkins API (JSON), but when i'm trying use with account on github - NPE and HTTP 500 error.

INFO   | jvm 1    | 2013/01/19 13:00:09 | WARNING: Untrapped Error in Servlet
INFO   | jvm 1    | 2013/01/19 13:00:09 | java.lang.NullPointerException
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at org.jenkinsci.plugins.GithubSecurityRealm.loadGroupByGroupname(GithubSecurityRealm.java:459)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at org.jenkinsci.plugins.GithubSecurityRealm.loadUserByUsername(GithubSecurityRealm.java:428)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.model.User.impersonate(User.java:254)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:52)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at java.util.concurrent.FutureTask.run(FutureTask.java:166)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO   | jvm 1    | 2013/01/19 13:00:09 |   at java.lang.Thread.run(Thread.java:722)

If i use incorrect user id or token - 401, all right. But when login and password correct - 500.

404 for callback URL

Name: Name of app
URL: http://server:8080
Cacllback: http://server:8080/securityRealm/finishLogin

When i enable Github oAuth, it did pop up to say whether I want to allow this Appliation from Github, then I click Allow.
So the authenticate step went through, but I hit 404 because The requested resource (/securityRealm/finishLogin) is not available.

There is nothing in Tomcat manager that says securityRealm, is there something else I need to set up to use this plugin?

After updating to the latest plugin version, can no longer log in.

URL:http://jenkins.cloudius-systems.com:8080/securityRealm/finishLogin?code=some_hex_digits

Stack trace

java.io.FileNotFoundException: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}
at org.kohsuke.github.Requester.handleApiError(Requester.java:494)
at org.kohsuke.github.Requester._to(Requester.java:245)
at org.kohsuke.github.Requester.to(Requester.java:191)
at org.kohsuke.github.GitHub.getMyTeams(GitHub.java:349)
at org.jenkinsci.plugins.GithubAuthenticationToken.(GithubAuthenticationToken.java:107)
at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:444)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:211)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:68)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.FileNotFoundException: https://api.github.com/user/teams
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1889)
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1884)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1883)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1456)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.kohsuke.github.Requester.parse(Requester.java:451)
at org.kohsuke.github.Requester._to(Requester.java:224)
... 79 more
Caused by: java.io.FileNotFoundException: https://api.github.com/user/teams
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.kohsuke.github.Requester.parse(Requester.java:447)
... 80 more

0.7 breaks on upgrade from 0.6

Jenkins throws a 404 with a null in the URL when I upgraded the plugin to 0.7.

Deprecated github v2 api = no access to Jenkins

Today @github turned off the v2 API, which means any jenkins instance using this plugin for auth can't authenticate users:

java.io.FileNotFoundException: https://github.com/api/v2/json/user/show?access_token=xxxxxxxx
79
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1401)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
        at org.kohsuke.github.GitHub._retrieve(GitHub.java:204)
        at org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:181)
        at org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:173)
        at org.kohsuke.github.GitHub.getMyself(GitHub.java:248)
        at org.kohsuke.github.GitHub.<init>(GitHub.java:108)
        at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:139)
        at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:68)
        at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:312)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
        at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
        at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
        at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
        at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
        at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
       ...

Checkbox to enable/disable anonymous access

Project permissions according with organization groups.

Hi,

Indeed it is not a bug, it's more like a feature request.

My GitHub organization is divided in several groups. I would like to allow build and read according with thouse groups.

Other matter is that some groups have some members hidden. In the actual plugin, they all must be public.

What is the road map for the next milestone?

Authentication Fails on Github Enterprise

Hi there,

New user here. Thanks for the plugin!

Authentication works OK if I use github.com but fails on our Github Enterprise install. I created an OAuth App:

URL: http://ourserver.foo.local:8080/jenkins/
Callback: http://ourserver.foo.local:8080/jenkins/securityRealm/finishLogin
Client ID: f489af209ffc751042b1
Client Secret: f31500110d44d0ccc40fd922dfe78e7b00b2d263

When I click 'login' on the Jenkins screen, I'm redirected to Github Enterprise, I authenticate, and am asked to allow the app. Then boom (see below):

Any ideas?

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

java.io.IOException: {"error":"Couldn't authenticate you"}
    org.kohsuke.github.GitHub.handleApiError(GitHub.java:215)
    org.kohsuke.github.GitHub._retrieve(GitHub.java:190)
    org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:160)
    org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:152)
    org.kohsuke.github.GitHub.getMyself(GitHub.java:227)
    org.kohsuke.github.GitHub.<init>(GitHub.java:91)
    org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:118)
    org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:68)
    org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:310)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:597)
    org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
    org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
    org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
    org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
    org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
    org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
    org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
    org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
    org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
    org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
    org.kohsuke.stapler.Stapler.service(Stapler.java:159)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
    hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
    hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
    hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
root cause

java.io.IOException: Server returned HTTP response code: 401 for URL: https://github.com/api/v2/json/user/show?access_token=296ae0c9426fc11b9ea4322c5dc9008d436c28b8
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
    org.kohsuke.github.GitHub._retrieve(GitHub.java:183)
    org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:160)
    org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:152)
    org.kohsuke.github.GitHub.getMyself(GitHub.java:227)
    org.kohsuke.github.GitHub.<init>(GitHub.java:91)
    org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:118)
    org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:68)
    org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:310)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:597)
    org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
    org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
    org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
    org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
    org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
    org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
    org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
    org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
    org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)

wiki references wrong url for new app

https://github.com/settings/applications/new is the correct URL now, https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin says https://github.com/account/applications/new

[SUPPORT] Access github auth token from cli or api

Just shoo me away if this a more general jenkins-related question, but wondering how I can use some programmatic means to get the token out of jenkins for use in other code. Assuming I need some way to run/expose this from the command-line:
https://github.com/mocleiri/github-oauth-plugin/blob/master/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java#L84

To give context, trying to use a config management tool (Chef) to access the github API and fetch each auth'd github user's SSH keys to the machine. Seems like an easier way than independently adding the keys somewhere in the config management instructions :)

Status Code: 500 when using GitHub Enterprise

Hi,

We're seeing the following stack trace when trying to complete an oauth login using GitHub Enterprise. Our GitHub instance is currently HTTP-only - is that supported?

http://our-github-instance:8080/securityRealm/finishLogin?code=c9a0f8a67c2272043c2c

Status Code: 500

Exception: 
Stacktrace:
java.net.ConnectException: Connection refused
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:310)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:176)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:163)
    at java.net.Socket.connect(Socket.java:537)
    at java.net.Socket.connect(Socket.java:487)
    at sun.net.NetworkClient.doConnect(NetworkClient.java:174)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:409)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:530)
    at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:289)
    at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:346)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:747)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:997)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.kohsuke.github.GitHub._retrieve(GitHub.java:204)
    at org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:181)
    at org.kohsuke.github.GitHub.retrieveWithAuth(GitHub.java:173)
    at org.kohsuke.github.GitHub.getMyself(GitHub.java:248)
    at org.kohsuke.github.GitHub.<init>(GitHub.java:108)
    at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:139)
    at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:68)
    at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:312)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:571)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:656)
    at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:571)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:656)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:485)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:159)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
    at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
    at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
    at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
    at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
    at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
    at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
    at java.util.concurrent.FutureTask.run(FutureTask.java:166)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:636)

Generated by Winstone Servlet Engine v0.9.10 at Tue Apr 10 12:57:32 EDT 2012

Breaks Jenkins SSH Server

Similar to #18, enabling Github Authentication Plugin breaks the built in Jenkins SSH server, causing commands available via SSH to fail with ClassCastException. I'm running a sideloaded plugin built from hannonhill/github-oauth-plugin@9195edd; the exception occurs on GithubSecurityRealm.java#L424.

Steps to Reproduce

Configure a user, adding an SSH public key
Enable Github Authentication Plugin

Run who-am-i command via SSH

ssh -p PORT [email protected] who-am-i
java.lang.ClassCastException: org.acegisecurity.providers.UsernamePasswordAuthenticationToken cannot be cast to org.jenkinsci.plugins.GithubAuthenticationToken
    at org.jenkinsci.plugins.GithubSecurityRealm.loadUserByUsername(GithubSecurityRealm.java:424)
    at hudson.model.User.impersonate(User.java:255)
    at org.jenkinsci.main.modules.sshd.CLICommandAdapter$1.run(CLICommandAdapter.java:31)
    at org.jenkinsci.main.modules.sshd.AsynchronousCommand$1.run(AsynchronousCommand.java:105)
    at java.lang.Thread.run(Thread.java:680)

Expected Behavior

ssh -p PORT [email protected] who-am-i
Authenticated as: the-dude
Authorities:
  authenticated

Makes Jenkins slow for non-admins

When I enable "Github Commiter Authorization Strategy", and I set up a few admin users from an organization, the non-admin users from that org get a long delay on each page load.

It seems as if Jenkins is hitting github every time to figure out if the user should have access.