![]() |
|
|
|
|
Change By:
|
Stuart Montgomery
(27/Apr/13 11:29 PM)
|
|
Description:
|
I have Global Security configured to use LDAP with "Project-based Matrix Authorization Strategy" enabled. Anonymous user has the "Job > Build" privilege, and no other privileges
(in particular, the "anonymous" user does NOT have "Overall > Read" privilege, since I don't want everyone to be able to view the list of jobs and other general information)
.
I want an automated script to be able to trigger a build using the "Trigger Builds Remotely" feature, where I specify a "?token=[token]" value and the standard authentication should be bypassed, as long as the [token] value matches the one I set in the job's Configure page.
The documentation seems to indicate this should work:
https://wiki.jenkins-ci.org/display/JENKINS/Quick+and+Simple+Security
So specifically, I am expecting this HTTP request to work:
{noformat}
curl -i https://jenkinsHost/job/ProjectName/build?token=test
{noformat}
But I get
{noformat}
[~]$ curl -i https://jenkinsHost/job/ProjectName/build?token=test
HTTP/1.1 403 Forbidden
Date: Sat, 27 Apr 2013 23:17:03 GMT
Server: Winstone Servlet Engine v0.9.10
Content-Type: text/html;charset=UTF-8
Content-Length: 629
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Set-Cookie: JSESSIONID.e9bc4765=e1f0a30b9f04b3740bae527a7822b2d5; Path=/; HttpOnly
Connection: close
<html><head><meta http-equiv='refresh' content='1;url=""><script>
window.location.replace('/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest');</script>
</head>
<body style='background-color:white; color:white;'>
Authentication required
</body></html>
{noformat}
When I DO use API authentication, the request works:
{noformat}
curl -i --username "test_user:API_KEY" https://hostname/job/ProjectName/build?token=test
{noformat}
But again, according to the documentation I think it is supposed to bypass the global authentication if ?token is present and matches the project token I configure. Why is this not working? What other information/logs can I provide?
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/groups/opt_out.
