Skip to content

Add source IP address and hostname to authentication failure logs (JENKINS-76220)#265

Open
sgscheffler wants to merge 4 commits intojenkinsci:masterfrom
sgscheffler:JENKINS-76220-add-source-ip-to-logs
Open

Add source IP address and hostname to authentication failure logs (JENKINS-76220)#265
sgscheffler wants to merge 4 commits intojenkinsci:masterfrom
sgscheffler:JENKINS-76220-add-source-ip-to-logs

Conversation

@sgscheffler
Copy link

@sgscheffler sgscheffler commented Oct 23, 2025

Description

Adds source IP address and hostname to authentication failure log messages to help administrators identify which Jenkins node/agent is attempting to authenticate with incorrect credentials.

Changes

  • Add getSourceInfo() helper method to capture request source information
  • Include remote address and hostname in credential exception warnings
  • Helps administrators identify which node/agent is using wrong credentials
  • Uses Jakarta servlet API (non-deprecated)
  • Gracefully handles cases where request context is unavailable

Example Output

Before:

WARNING: Credential exception trying to authenticate against XXX.YYY domain

After:

WARNING: Credential exception trying to authenticate against XXX.YYY domain from 192.168.1.100 (hostname.domain.com)

Fixes JENKINS-76220

Testing done

  • Compiled successfully with mvn clean compile
  • All existing tests pass with mvn clean test
  • Manual code review: The getSourceInfo() method safely handles null request contexts by returning an empty string
  • The change only affects log output and does not modify authentication behavior
  • Tested local build with mvn hpi:run to verify plugin loads correctly

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests that demonstrate the feature works or the issue is fixed

@sgscheffler
Add source IP/hostname to authentication failure logs
29d2dd0 
- Add getSourceInfo() helper method to capture request source information
- Include remote address and hostname in credential exception warnings
- Helps administrators identify which node/agent is using wrong credentials
- Uses Jakarta servlet API
- Gracefully handles cases where request context is unavailable

Fixes JENKINS-76220
@sgscheffler
add error
7c7bfe6
@sgscheffler
Use IP address only to avoid blocking DNS lookupsadd error
183b868
rsandell
rsandell reviewed Nov 5, 2025
View reviewed changes
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java Outdated
(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();

if (attributes != null) {
HttpServletRequest request = attributes.getRequest();
Copy link
Member

@rsandell rsandell Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't find any documentation or verify in the source if attributes.getRequest() could return null or not?

Have you verified that this doesn't break when performing authentication without a request?

@sgscheffler sgscheffler force-pushed the JENKINS-76220-add-source-ip-to-logs branch from e304827 to a8f2517 Compare November 11, 2025 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rsandell rsandell rsandell left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sgscheffler @rsandell