[
https://issues.jenkins-ci.org/browse/JENKINS-12005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
OHTAKE Tomohiro resolved JENKINS-12005.
---------------------------------------
Resolution: Fixed
Fixed in Stapler 1.181.
https://github.com/stapler/stapler/commit/9604f1e4c796bfd24175a8fff44caaec0cdfe065
Jenkins 1.456 starts to use Stapler 1.181.
https://github.com/jenkinsci/jenkins/commit/63529f0f3e7ef7d2422d6b2d52e02d03e9003820
> Broken configuration page as referenced in tutorials
> ----------------------------------------------------
>
> Key: JENKINS-12005
> URL: https://issues.jenkins-ci.org/browse/JENKINS-12005
> Project: Jenkins
> Issue Type: Bug
> Components: core
> Reporter: John Haugeland
> Labels: embarrassment
>
> So, if you follow the main site's tutorials on how to turn on authentication,
> which SHOULD BE ON BY DEFAULT, they send you to the erroneous configuration
> address http://install/configure/ .
> This is awesome for several reasons.
> 1) The correct URL does not have a trailing slash
> 2) The form will in fact respond from the wrong URL, with no apparent problem
> 3) The form gets the target *completely* wrong, but the stack trace is empty
> and the container 404s with no mention of what's wrong, and there's no
> documentation of what's correct, so you either have to source dive or hold
> your nose and spend three days being abused by the IRC channel to find out
> what's wrong.
> What's wrong?
> Well, if you put that trailing slash on there, which by the Java
> specification is supposed to be the same as without (even though that in turn
> is a violation of the URI RFC,) then suddenly instead of using
> %/configureSubmit like it's supposed to, it uses %/config/configSubmit (wrong
> path, wrong target.)
> So, if you follow the site instructions on getting user accounts working, you
> spend several days with builds exposed to the internet while you look for
> someone with enough trivia knowledge to get basic authentication instructions
> to work.
> Hooray!
> Thankfully, the bug tracker refuses to take anonymous bugs, and takes 20
> minutes for a credential to start working, guaranteeing that 95% of the
> people who would have already reported this went away and did something else
> instead.
> Because why shouldn't we make the barriers to finding out what's broken
> higher?
> Next, let's get stuck choosing from several hundred components, even though
> this doesn't really apply to a component in any sensible way.
> TL;DR: your app responds to URLs it shouldn't, and your tutorials on getting
> accounts working point at the wrong URLs, and when you go to the wrong URL
> for configuration it breaks in a spectacularly inobvious way.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
