[JIRA] (JENKINS-13636) notifyCommit method requires cookie, even when anonymous has build permission in ACL

[glfk...@gmail.com (JIRA)]

    [ 
https://issues.jenkins-ci.org/browse/JENKINS-13636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162426#comment-162426
 ] 

Rodney Stanton commented on JENKINS-13636:
------------------------------------------

https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients

User Failure on my part. I had not found or seen the above page.
                
> notifyCommit method requires cookie, even when anonymous has build permission 
> in ACL
> ------------------------------------------------------------------------------------
>
>                 Key: JENKINS-13636
>                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13636
>             Project: Jenkins
>          Issue Type: Bug
>          Components: mercurial, security
>    Affects Versions: current
>         Environment: linux
>            Reporter: Rodney Stanton
>            Assignee: Kohsuke Kawaguchi
>
> When using "Enable Security" and Mercurial, the notifyCommit method fails 
> even when anonymous has build permissions. The difference appears to be in 
> the cookies.
> Failed case:
> GET /mercurial/notifyCommit?url=ssh://<redacted>/sandbox HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 
> OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: <redacted>:8080
> Accept: */*
> HTTP/1.1 200 OK
> Server: Winstone Servlet Engine v0.9.10
> Content-Type: text/plain;charset=ISO-8859-1
> Connection: Close
> Date: Fri, 27 Apr 2012 17:37:29 GMT
> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
> Set-Cookie: JSESSIONID.79b17db3=3480193c16b0d5371437749c981fa1be; Path=/; 
> HttpOnly
> No mercurial jobs found
> SUCCESS:
> GET /mercurial/notifyCommit?url=ssh://<redacted>/sandbox HTTP/1.1
> Host: <redacted>:8080
> User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:11.0) Gecko/20100101 
> Firefox/11.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.7,ja;q=0.3
> Accept-Encoding: gzip, deflate
> DNT: 1
> Connection: keep-alive
> Cookie: __utma=142065709.672751542.1326231118.1326319384.1331761724.3; 
> __utmz=142065709.1331761724.3.2.utmcsr=t.co|utmccn=(referral)|utmcmd=referral|utmcct=/M7DYDoPx;
>  _mkto_trk=id:364-BLA-665&token:_mch-<redacted>-1326231118044-34632; 
> iconSize=16x16; 
> ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=cnN0YW50b246MTMzNjQzMTg4NTIyOTpjN2U0ZTI4MGNiMGNkNTk2YTk0MmEwNjlkMDZkNDI5ZQ==;
>  JSESSIONID.52356e8f=637ee763053a1b7d5ff29fd9a54088df; 
> screenResolution=1920x1080
> Cache-Control: max-age=0
> HTTP/1.1 200 OK
> Server: Winstone Servlet Engine v0.9.10
> Content-Type: text/plain;charset=ISO-8859-1
> Triggered: http://<redacted>/job/testjob/
> Connection: Close
> Date: Fri, 27 Apr 2012 17:36:04 GMT
> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
> Set-Cookie: JSESSIONID.79b17db3=68d15f2b379727128525f7f3933eae27; Path=/; 
> HttpOnly

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira