Quick and Simple Security

Many Hudson users run Hudson directly from Winstone like this:

$ java -jar hudson.war

This page describes steps to quickly setup a single administrative account. If you use Hudson without logging into the administrative account, Hudson will be read only and you cannot change Hudson's configuration or force a build. However, you can download builds, see the build results, and examine the logs. If you log into the administrative account, you may adjust Hudson's configuration and force builds.

For users who execute Hudson through Tomcat or some other J2EE servlet container, or for users who need more complex security arrangements, please see the Standard Security Setup directions.

  1. Start Hudson by executing Hudson as you normally do, but add two extra parameters to the startup:

    $ java -jar hudson.war --argumentsRealm.passwd.user=password --argumentsRealm.roles.user=admin

    Note that user should be the name of the administrative user, and password should be the password for that user. Also please note that the user is specified twice - once in each argument.

    For example, I want to have a user hudson with a password of swordfish as my administrative user:

    $ java -jar hudson --argumentsRealm.passwd.hudson=swordfish --argumentsRealm.roles.hudson=admin

    Notice that the word arguments is plural in both --argumentsRealm command line parameters.

  2. Enable the security setting, go to http://yourhost/hudson/configure and select enable security, then choose Delegate to servlet container for security realm and Legacy mode for authorization strategy. Or, you may click on the Manage Hudson link on the left side of the main Hudson dashboard page to get to the configuration page.
  3. To log into Hudson go to http://yourhost/hudson/loginEntry, or click on the login link located on the top right hand corner of any Hudson Dashboard page.
  4. This will bring you to the Login page. Enter the user name and password, and click on the Submit button. This will take you back to the main Hudson dashboard. You will now see the Manage Hudson link on the left side of the page.
  5. To logout simply click the logout link located on the top right hand corner of any Hudson dashboard page.

Allowing Developers to do Forced Builds with Security On

In this quick and simple set up, security on Hudson is an all or nothing affair. If you do not turn on security, anyone may create, modify, or even delete Hudson projects. If security is on, only the administrator may modify Hudson projects, but developers lose the ability to force rebuilds. Fortunately, there is a way to allow developers to force rebuilds without giving them the ability to modify Hudson itself.

  1. Log into Hudson, so you can modify its configuration.
  2. From the main dashboard page, go to the specific job you want developers to be able to force a build on by clicking on its name.
  3. Click on the Configure link located on the left hand side of the page.
  4. In the Build Triggers section, select the _Trigger builds remotely (e.g., from scripts) checkbox.
  5. An Authentication Token field box will display. Put in a text string that you can use to help trigger builds. In the example below, the string is build.
  6. You will need to either create a script, or if you have a webserver, create a webpage that will allow you to trigger the build. The format of the build URL is:

    http:\//hudsonHost/job/project/build?token=token

    Where:

  • hudsonHost is the URL for your Hudson Host (example: hudson:8080)
  • project is the name of your project or job
  • token is the token string that you entered into the Authentication Token field

If you have a Webserver, you can create a webpage with the URL. Here's an example below:

<h1>Hudson Force Build Page</h1>
<ul>
    <li>
    <a href="http://hudson:8080/job/FOO/build?token=build">Force build of Project FOO on Hudson</a>
    </li>
</ul>

The above code is to force a build on the Hudson server hudson that uses port 8080 for project FOO. It assumes that the string entered into the Authentication Token field was build.

Using a Shell Script

You can also force a build by specifying the force build URL with either the wget command or the curl command.

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.