Jenkins security - hide all screens unless user is logged in

JenkinsContinuous Integration

Jenkins Problem Overview

I don't know why "logged in users can do anything" means Jenkins will happily allow non-authenticated users to view project details and access artifacts... Regardless, I need to know how to get Jenkins to allow logged in users to to anything AND hide EVERYTHING for users who AREN'T logged in. Help please?

Jenkins Solutions

Solution 1 - Jenkins

This can be done with the Role-Strategy plugin.

Install the plugin, add a new group called "Anonymous" and uncheck everything. Then you want to add another group called "authenticated" and check everything. Add your existing users to this group. Jenkins will immediately prompt you for a login this way.

Solution 2 - Jenkins

You can use https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin

it allows to specify to define roles and assign roles to users, users with no roles won't even see the jenkins ui.

Solution 3 - Jenkins

Answer to an old question but I came searching here as I am trying to auto spin up a Jenkins instance on Docker and found the same issue.

Good chance this option wasn't available when the question was asked. As of this moment (v2.222.3 but not sure how far back), it turns out you can do this without installing any additional plugins.

Manually

  • Navigate to Global Security (Jenkins > Manage Jenkins > Global Security)

  • Update the Authorization section to "Logged-in users can do anything".

    UNCHECK Allow anonymous read access

enter image description here

Any unauthenticated access will redirect to login now.

I would note that if you setup Jenkins through the setup wizard then anonymous read access is disabled by default. If you want this behaviour AND want to configure jenkins automatically, read on.

Automated with Docker

My situation is that I wanted to check out my repo, run my compose file and have all my config/users/plugins etc ready to go. Great post here with more detail if interested.

In a nutshell:

Dockerfile

FROM jenkins/jenkins:lts-alpine

# Disable setup wizard since security.groovy creates our user
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"

COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy

security.groovy

#!groovy
 
import jenkins.model.*
import hudson.security.*

def instance = Jenkins.getInstance()
 
// Create Admin User
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount("admin", "admin") // Dont do this. This is bad
instance.setSecurityRealm(hudsonRealm)

// Set Auth to Full Control Once Logged In and prevent read-only access
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)

instance.save()

In particular, strategy.setAllowAnonymousRead(false) is what's needed

Solution 4 - Jenkins

Additionally, if you use GitHub as your version control system -- you can use the GitHub OAuth plugin. Once the "Anonymous" reach your page, they will be redirected to GitHub automatically.

Categories
Recommended Jenkins Solutions
Recommended Continuous Integration Solutions

Previous Solution:

Number of days between past date and current date in Google spreadsheet

DateGoogle SheetsDatediff

Next Solution:

What is difference between MemoryCache vs ObjectCache in .net 4.0?

C#.Net.Net 4.0

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestioncbmanicaView Question on Stackoverflow
Solution 1 - JenkinsKevin BrotckeView Answer on Stackoverflow
Solution 2 - JenkinsrcomblenView Answer on Stackoverflow
Solution 3 - JenkinsMatt RView Answer on Stackoverflow
Solution 4 - Jenkinsuser2122112View Answer on Stackoverflow