jenkins-rest icon indicating copy to clipboard operation
jenkins-rest copied to clipboard

Published 20 hours ago verified publisher icon cdancy

ForbiddenException occurs when triggering remote build using Job Authentication token

Open mubinB opened this issue 2 years ago • 7 comments

Hi, I am triggering remote builds using this wrapper library... My client setup is as below.

JenkinsClient.builder().endPoint(MY_JENKINS_URL).build();

Expected Behavior

// Adding token as a query parameter Map<String, List<String>> properties = new HashMap<>(); properties.put("token", Arrays.asList("MY_TOKEN")); properties.put("name", Arrays.asList("test_param"));

IntegerResponse response = jenkinsClient.api().jobsApi().buildWithParameters(null, JOB_NAME, properties);

Here response.value(). must return the queueId.

Current Behavior

Calling above code returns below exception IntegerResponse{value=null, errors=[Error{context=POST http://JENKINS_URL/job/JOB_NAME/buildWithParameters HTTP/1.1, message=, exceptionName=com.cdancy.jenkins.rest.exception.ForbiddenException}]}

Context

Note: Calling using POSTMAN triggers builds as expected. Problem is with just Java Wrapper. POSTMAN URL: http://JENKINS_URL/job/JOB_NAME/buildWithParameters?token=MY_TOKEN&name=test_param I am unable to remotely trigger builds...

Your Environment

Jenkins server on windows 10. Jenkins version: Jenkins 2.287 Windows 10, JDK 11.

mubinB avatar May 13 '22 10:05 mubinB

@mubinB interesting ... maybe a VPN related issue? Can you run with debug logs enabled in however you would do so with your java process? The library will output the http wire logs and allow us to see what's going on.

cdancy avatar May 17 '22 14:05 cdancy

The ForbiddenException looks like an authentication issue to me. Please turn on debug logs and examine the HTTP packets.

martinda avatar May 24 '22 10:05 martinda

Hello. I'm facing a similar issue. When I try to trigger a build via API, using basic Auth, I receive a 403 No valid crumb was included in the request. In my case it relies in the set-cookie header name.

The method CrumbParser#sessionIdCookie try to get the values, from the headers multimap, using the key "Set-Cookie" (it use HttpHeaders#SET_COOKIE), but Jenkins crumb response use "set-cookie" as header name. In this way the JSESSIONID is not included in the build request and it cause the failure.

Is there a way to override this behaviour without modifying the library? e.g. using some custom com.google.inject.Module?

EDIT:

ok, configuring a module that register my custom CrumbParser that use "set-cookie" worked as expected. I don't know if there could be a better way to do it.

felicepagano avatar Jun 17 '22 16:06 felicepagano

@felicepagano interesting ... can you send in a quick PR to fix this in the library perhaps checking for both versions?

cdancy avatar Jun 17 '22 19:06 cdancy

@felicepagano interesting ... can you send in a quick PR to fix this in the library perhaps checking for both versions?

https://github.com/cdancy/jenkins-rest/pull/244

felicepagano avatar Jun 19 '22 18:06 felicepagano

Hello I'm facing a similar issue when i try to get the queue ID i got this error: IntegerResponse{value=null, errors=[Error{context=null, message=For input string: "2363039249704479081", exceptionName=java.lang.NumberFormatException}]} the build start normally but i can't get the queue id

outhmane96 avatar Oct 24 '23 09:10 outhmane96

@outhmane96 I think your issue is related to

https://github.com/cdancy/jenkins-rest/issues/315

cdancy avatar Oct 24 '23 13:10 cdancy