Jenkins security - hide all screens unless user is logged in

Question

I don\'t know why \"logged in users can do anything\" means Jenkins will happily allow non-authenticated users to view project details and access artifacts... Regardless, I nee

Answer 1

Additionally, if you use GitHub as your version control system -- you can use the GitHub OAuth plugin. Once the "Anonymous" reach your page, they will be redirected to GitHub automatically.

Answer 2

Answer to an old question but I came searching here as I am trying to auto spin up a Jenkins instance on Docker and found the same issue.

Good chance this option wasn't available when the question was asked. As of this moment (v2.222.3 but not sure how far back), it turns out you can do this without installing any additional plugins.

Manually

• Navigate to Global Security (Jenkins > Manage Jenkins > Global Security)

• Update the Authorization section to "Logged-in users can do anything".

  UNCHECK Allow anonymous read access

Any unauthenticated access will redirect to login now.

I would note that if you setup Jenkins through the setup wizard then anonymous read access is disabled by default. If you want this behaviour AND want to configure jenkins automatically, read on.

Automated with Docker

My situation is that I wanted to check out my repo, run my compose file and have all my config/users/plugins etc ready to go. Great post here with more detail if interested.

In a nutshell:

Dockerfile

FROM jenkins/jenkins:lts-alpine

# Disable setup wizard since security.groovy creates our user
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"

COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy

security.groovy

#!groovy

import jenkins.model.*
import hudson.security.*

def instance = Jenkins.getInstance()

// Create Admin User
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount("admin", "admin") // Dont do this. This is bad
instance.setSecurityRealm(hudsonRealm)

// Set Auth to Full Control Once Logged In and prevent read-only access
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)

instance.save()

In particular, strategy.setAllowAnonymousRead(false) is what's needed

Answer 3

You can use https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin

it allows to specify to define roles and assign roles to users, users with no roles won't even see the jenkins ui.

Answer 4

This can be done with the Role-Strategy plugin.

Install the plugin, add a new group called "Anonymous" and uncheck everything. Then you want to add another group called "authenticated" and check everything. Add your existing users to this group. Jenkins will immediately prompt you for a login this way.