Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 567129

Summary: Jenkins SonarQube jobs startable without login
Product: [Eclipse Project] JDT Reporter: Carsten Hammer <carsten.hammer>
Component: UIAssignee: JDT-UI-Inbox <jdt-ui-inbox>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: frederic.gurr, mistria, sravankumarl
Version: 4.18   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Attachments:
Description Flags
strange security settings none

Description Carsten Hammer CLA 2020-09-18 12:26:13 EDT 
I would not configure it like this, see
https://ci.eclipse.org/jdt/

eclipse.jdt.core-SonarQube

Only one jenkins job can be started without being authorized - did not check if it really works because I do not want to cause issues. Not sure if that is a security problem but I think there is no need to configure it that open.
Comment 1 Carsten Hammer CLA 2020-09-19 11:18:13 EDT 
Created attachment 284188 [details]
strange security settings

anonymous users have more rights than logged in users
Comment 2 Frederic Gurr CLA 2021-04-06 14:42:38 EDT 
@Sravan, Mickael: I have removed the build permission for the anonymous user for https://ci.eclipse.org/jdt/job/eclipse.jdt.core-SonarQube/. This looks like an error.

If there is a good reason, why this permission should be kept, please re-open this issue and provide an explanation.