[JENKINS-62571] Upgrading from Jenkins 1.640 to Jenkins 2.222.4 LTS results in com.thoughtworks.xstream.converters.ConversionException: Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/

[timja]

Coq currently has Jenkins 1.640 installed on its production server.  I am attempting to upgrade this to Jenkins 2.222.4 LTS via the web management interface at https://ci.inria.fr/project/coq/cisoftware.  I have installed Jenkins 2.222.4 LTS on the Qualification sever via the web interface, and then I clicked the "Setup => Qualification" button under "Synchronization".  After waiting a bit, I get the following error when I visit any page in the Qualification server:

com.thoughtworks.xstream.converters.ConversionException: Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/
---- Debugging information ----
class : hudson.security.LDAPSecurityRealm
required-type : hudson.security.LDAPSecurityRealm
converter-type : hudson.util.XStream2$BlacklistedTypesConverter
path: /hudson/securityRealm
line number : 25
-------------------------------
at hudson.util.XStream2$BlacklistedTypesConverter.unmarshal(XStream2.java:546)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390)
at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328)
Caused: jenkins.util.xstream.CriticalXStreamException: Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/
---- Debugging information ----
class : hudson.security.LDAPSecurityRealm
required-type : hudson.security.LDAPSecurityRealm
converter-type : hudson.util.XStream2$BlacklistedTypesConverter
path: /hudson/securityRealm
line number : 25
------------------------------- : Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/
---- Debugging information ----
class : hudson.security.LDAPSecurityRealm
required-type : hudson.security.LDAPSecurityRealm
converter-type : hudson.util.XStream2$BlacklistedTypesConverter
path: /hudson/securityRealm
line number : 25
-------------------------------
message : Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/
---- Debugging information ----
class : hudson.security.LDAPSecurityRealm
required-type : hudson.security.LDAPSecurityRealm
converter-type : hudson.util.XStream2$BlacklistedTypesConverter
path: /hudson/securityRealm
line number : 25
-------------------------------
cause-exception : com.thoughtworks.xstream.converters.ConversionException
cause-message : Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/
class : hudson.model.Hudson
required-type : hudson.security.LDAPSecurityRealm
converter-type : hudson.util.RobustReflectionConverter
path: /hudson/securityRealm
line number : 25
version : not available
-------------------------------
at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:353)
at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1189)
at hudson.util.XStream2.unmarshal(XStream2.java:161)
at hudson.util.XStream2.unmarshal(XStream2.java:132)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1173)
at hudson.XmlFile.unmarshal(XmlFile.java:180)
Caused: java.io.IOException: Unable to read /net/www/ci/coq-qualif/config.xml
at hudson.XmlFile.unmarshal(XmlFile.java:183)
at hudson.XmlFile.unmarshal(XmlFile.java:163)
at jenkins.model.Jenkins.loadConfig(Jenkins.java:3118)
at jenkins.model.Jenkins.access$1200(Jenkins.java:320)
at jenkins.model.Jenkins$13.run(Jenkins.java:3219)
at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1133)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused: org.jvnet.hudson.reactor.ReactorException
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:282)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:50)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:1166)
at jenkins.model.Jenkins.(Jenkins.java:966)
at hudson.model.Hudson.(Hudson.java:85)
at hudson.model.Hudson.(Hudson.java:81)
at hudson.WebAppMain$3.run(WebAppMain.java:233)
Caused: hudson.util.HudsonFailedToLoad
at hudson.WebAppMain$3.run(WebAppMain.java:250)

---

Originally reported by jasongross, imported from: Upgrading from Jenkins 1.640 to Jenkins 2.222.4 LTS results in com.thoughtworks.xstream.converters.ConversionException: Refusing to unmarshal securityRealm for security reasons; see https://jenkins.io/redirect/class-filter/

• status: Open
• priority: Major
• resolution: Unresolved
• imported: 2022/01/10

[timja]

oleg_nenashev:

Please provide a version of the LDAP plugin. 

[timja]

jasongross:

How do I discover the version of the LDAP plugin? I cannot access it via the web interface, because even https://ci.inria.fr/coq-qualif/pluginManager/ gives this error message. The production server, which I copied the configuration from, has LDAP plugin version 1.11. (Note also that the web interface gives me no way to downgrade the Jenkins version of the qualification server, and no way to update any of the plugins, so it seems my hands are fully tied...)

[timja]

[Epic: JENKINS-47736]