Jenkins CI › Jenkins users

HTTP Status 403 – Forbidden error

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

6 messages Options

Mk-2

HTTP Status 403 – Forbidden error

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
   at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
   at hudson.Functions.filterDescriptors(Functions.java:2122)
   at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

Mark Waite-2

Re: HTTP Status 403 – Forbidden error

That null pointer exception seems likely to have been caused by one of the plugins that was updated. Since it is mentioning LibraryConfiguration, SCMRetriever, and MultiSCM, you might first look at the workflow-cps-global-lib and the multiple-scms plugin to see if either of them were recently upgraded.

The MultipleSCMs plugin has been deprecated. Jenkins Pipeline is the better way to implement multiple SCM support from within a single job.

Mark Waite

On Thu, Feb 18, 2021 at 9:47 PM Mk <[hidden email]> wrote:

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
   at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
   at hudson.Functions.filterDescriptors(Functions.java:2122)
   at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEHY-%3DMj6zsqxJfKeC9NnbJwJZsZkwbAvJaY3yFsCQ7Jw%40mail.gmail.com.

Mk-2

Re: HTTP Status 403 – Forbidden error

Thanks Mark. I have uninstalled the MultiSCM plugin and restarted the service. However still i am experiencing the same problem. (Manage Jenkins --> Configure Systems section post any modification if i click save button it fails). Now from systems log i can below above errors disappeared.

Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter
No valid crumb was included in request for /jenkins/configSubmit by vasanth.guru. Returning 403.

On Friday, February 19, 2021 at 10:31:23 AM UTC+5:30 Mark Waite wrote:

That null pointer exception seems likely to have been caused by one of the plugins that was updated. Since it is mentioning LibraryConfiguration, SCMRetriever, and MultiSCM, you might first look at the workflow-cps-global-lib and the multiple-scms plugin to see if either of them were recently upgraded.

The MultipleSCMs plugin has been deprecated. Jenkins Pipeline is the better way to implement multiple SCM support from within a single job.

Mark Waite

On Thu, Feb 18, 2021 at 9:47 PM Mk <[hidden email]> wrote:

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
   at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
   at hudson.Functions.filterDescriptors(Functions.java:2122)
   at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3f23087f-d1cd-4fbb-9a6b-30d4bf96dafbn%40googlegroups.com.

Mk-2

Re: HTTP Status 403 – Forbidden error

In reply to this post by Mark Waite-2

Thanks Mark. I have uninstalled the MultiSCM plugin and restarted the service. However still i am experiencing the same problem. Under Manage Jenkins --> Configure Systems section post any modification if i click save button it fails. Now from systems log i can below error message.

Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter
No valid crumb was included in request for /jenkins/configSubmit by vasanth.guru. Returning 403.

The account i am using has Admin privilege.

On Friday, February 19, 2021 at 10:31:23 AM UTC+5:30 Mark Waite wrote:

That null pointer exception seems likely to have been caused by one of the plugins that was updated. Since it is mentioning LibraryConfiguration, SCMRetriever, and MultiSCM, you might first look at the workflow-cps-global-lib and the multiple-scms plugin to see if either of them were recently upgraded.

The MultipleSCMs plugin has been deprecated. Jenkins Pipeline is the better way to implement multiple SCM support from within a single job.

Mark Waite

On Thu, Feb 18, 2021 at 9:47 PM Mk <[hidden email]> wrote:

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
   at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
   at hudson.Functions.filterDescriptors(Functions.java:2122)
   at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/916407dc-b449-41f8-a52a-ced5a7f32932n%40googlegroups.com.

Mark Waite-2

Re: HTTP Status 403 – Forbidden error

In reply to this post by Mk-2

You may need to investigate the settings on your tomcat server. I would guess that it is somehow disrupting the flow of the crumb from Jenkins to the browser or from the browser to Jenkins. I don't run Jenkins in tomcat, so I have no experience with diagnosing issues in tomcat.

On Thu, Feb 18, 2021 at 10:35 PM Mk <[hidden email]> wrote:

Thanks Mark. I have uninstalled the MultiSCM plugin and restarted the service. However still i am experiencing the same problem. (Manage Jenkins --> Configure Systems section post any modification if i click save button it fails). Now from systems log i can below above errors disappeared.

Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter
No valid crumb was included in request for /jenkins/configSubmit by vasanth.guru. Returning 403.

On Friday, February 19, 2021 at 10:31:23 AM UTC+5:30 Mark Waite wrote:
That null pointer exception seems likely to have been caused by one of the plugins that was updated. Since it is mentioning LibraryConfiguration, SCMRetriever, and MultiSCM, you might first look at the workflow-cps-global-lib and the multiple-scms plugin to see if either of them were recently upgraded.

The MultipleSCMs plugin has been deprecated. Jenkins Pipeline is the better way to implement multiple SCM support from within a single job.

Mark Waite

On Thu, Feb 18, 2021 at 9:47 PM Mk <[hidden email]> wrote:

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
   at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
   at hudson.Functions.filterDescriptors(Functions.java:2122)
   at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3f23087f-d1cd-4fbb-9a6b-30d4bf96dafbn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGYgfHx6S5V2VseOCe0rkSLE4Nj1fCJSAmSwgcq4vqQ9w%40mail.gmail.com.

Mk-2

Re: HTTP Status 403 – Forbidden error

It looks security feature included in 2.263.1(LTS) version,and that required authentication even for tomcat.

1) Under Configure Global security --> CSRF Protection -->Enable proxy compatibility( Tick marked Enabled). 
2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true
3) Installed the Strict Crumb Issuer plugin.
   Enabled this plugin and uncheck Check the session ID from its configuration (Under Jenkins Configure Global Security).
4) Restated the Jenkins.

Have tried above workaround, however it didn't help.

Any other pointer to solve this would be helpful.

On Fri, 19 Feb 2021, 11:18 am Mark Waite, <[hidden email]> wrote:

You may need to investigate the settings on your tomcat server. I would guess that it is somehow disrupting the flow of the crumb from Jenkins to the browser or from the browser to Jenkins. I don't run Jenkins in tomcat, so I have no experience with diagnosing issues in tomcat.

On Thu, Feb 18, 2021 at 10:35 PM Mk <[hidden email]> wrote:
Thanks Mark. I have uninstalled the MultiSCM plugin and restarted the service. However still i am experiencing the same problem. (Manage Jenkins --> Configure Systems section post any modification if i click save button it fails). Now from systems log i can below above errors disappeared.

Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter
No valid crumb was included in request for /jenkins/configSubmit by vasanth.guru. Returning 403.

On Friday, February 19, 2021 at 10:31:23 AM UTC+5:30 Mark Waite wrote:
That null pointer exception seems likely to have been caused by one of the plugins that was updated. Since it is mentioning LibraryConfiguration, SCMRetriever, and MultiSCM, you might first look at the workflow-cps-global-lib and the multiple-scms plugin to see if either of them were recently upgraded.

The MultipleSCMs plugin has been deprecated. Jenkins Pipeline is the better way to implement multiple SCM support from within a single job.

Mark Waite

On Thu, Feb 18, 2021 at 9:47 PM Mk <[hidden email]> wrote:

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
   at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
   at hudson.Functions.filterDescriptors(Functions.java:2122)
   at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3f23087f-d1cd-4fbb-9a6b-30d4bf96dafbn%40googlegroups.com.

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/AXmM72EnnaU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGYgfHx6S5V2VseOCe0rkSLE4Nj1fCJSAmSwgcq4vqQ9w%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2B4Hw5aaB3qdFW7hkzoRmbm%3DyoMVaC0uMEWPM%3DEBCt2x0SMdog%40mail.gmail.com.