Bamboo fails to authenticate users with JIRA (as a user repository) - HTTP Status 403 - client.forbidden.exception
症状
Bamboo cannot authenticate using JIRA as a user repository and throws this error:
2012-08-09 10:34:01,870 INFO [qtp1270312-220] [UserGroupCache] Populating user/group membership cache due to cache expiry
2012-08-09 10:34:01,903 INFO [qtp1270312-220] [UserGroupCache] Populating user/group membership cache due to cache expiry
2012-08-09 10:34:01,937 ERROR [qtp1270312-220] [DefaultUserAccessor] Error in getUser():com.atlassian.crowd.exception.ApplicationPermissionException: <html><head><title>Apache Tomcat/6.0.32 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - client.forbidden.exception</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>client.forbidden.exception</u></p><p><b>description</b> <u>Access to the specified resource (client.forbidden.exception) has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.32</h3></body></html>
com.atlassian.user.EntityException: com.atlassian.crowd.exception.ApplicationPermissionException: <html><head><title>Apache Tomcat/6.0.32 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - client.forbidden.exception</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>client.forbidden.exception</u></p><p><b>description</b> <u>Access to the specified resource (client.forbidden.exception) has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.32</h3></body></html>
at com.atlassian.crowd.integration.atlassianuser.UserGroupCache.fetchAndSetSnapshot(UserGroupCache.java:111)
at com.atlassian.crowd.integration.atlassianuser.UserGroupCache.get(UserGroupCache.java:143)
at com.atlassian.crowd.integration.atlassianuser.CrowdUserManager.getUser(CrowdUserManager.java:26)
at com.atlassian.user.impl.delegation.DelegatingListUserManager.getUser(DelegatingListUserManager.java:71)
at sun.reflect.GeneratedMethodAccessor192.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
...
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <html><head><title>Apache Tomcat/6.0.32 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - client.forbidden.exception</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>client.forbidden.exception</u></p><p><b>description</b> <u>Access to the specified resource (client.forbidden.exception) has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.32</h3></body></html>
at com.atlassian.crowd.integration.rest.service.RestExecutor.throwError(RestExecutor.java:453)
at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:307)
...
原因
One of the causes can be that the IP address of Bamboo server got changed and the configured application in JIRA is not updated to accept the calls from that IP.
ソリューション
Configure JIRA to accept the IP address that Bamboo is using for the application that had been added in JIRA to allow Bamboo to use JIRA as a user repository. By the way, you can get the Bamboo server's IP address by pinging the Bamboo server's hostname from JIRA server. Also, if you are using a reverse proxy or load balancer in-front of Jira, it the connection will likey be observed as coming from the IP address of the reverse / proxy, so the IP address of that needs to be added to the whitelist as well.
Bamboo server's IP address
::1
JIRA server's IP address
127.0.0.1
If address that comes from Proxy
There is no necessity, but still try to restart your Bamboo server and JIRA server after making the changes.