Re: Making specific jenkins request as public request without authentication

2018-09-24 Thread Mukesh Singal 
Thankyou Robert & Jesse. It solved my problem. 

On Monday, September 24, 2018 at 11:35:37 PM UTC+5:30, Jesse Glick wrote:
>
> On Mon, Sep 24, 2018 at 10:38 AM Robert Sandell  > wrote: 
> > You will probably also need to define a CrumbExclusion. 
>
> Not for GET requests, and for recent versions of Jenkins I think it is 
> not necessary even for POST since IIRC we stopped requiring crumbs on 
> requests made via API token (or anonymously). 
>
> Anyway, to second Robert: you must proceed with extreme caution. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/72828817-43a1-46bb-913e-bb7058ddb70a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Making specific jenkins request as public request without authentication

2018-09-24 Thread Jesse Glick 
On Mon, Sep 24, 2018 at 10:38 AM Robert Sandell  wrote:
> You will probably also need to define a CrumbExclusion.

Not for GET requests, and for recent versions of Jenkins I think it is
not necessary even for POST since IIRC we stopped requiring crumbs on
requests made via API token (or anonymously).

Anyway, to second Robert: you must proceed with extreme caution.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2wQRL_x2To8RELq2ykQJSjo_hw7tTFEM57%2BTaNvV6yaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Making specific jenkins request as public request without authentication

2018-09-24 Thread Robert Sandell 
Use UnprotectedRootAction

.
You will probably also need to define a CrumbExclusion
.

Though we normally consider unprotected read access to agent information a
security issue, so you should go the other way and add some permission
checks and then have whatever consumer of that API provide login
credentials in form of a token connected to an actual user.

/B

Den mån 24 sep. 2018 kl 13:52 skrev Mukesh Singal :

> Hi Everyone,
>
> I have implemented a Remote API which tells slaves *healthCheck *status.
> But Jenkins redirect users to authenticate first. I want to skip
> authentication for on a specific below URL.
>
> *http://localhost:8080/jenkins/healthCheckPlugin/api/xml
> *
>
> I have tried to create Filter and but failed in achieving this flow.
>
> if anyone can help me here, how to achieve this flow?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/4c3fda95-5869-4092-9dab-75b622ff2ab1%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
*Robert Sandell*
Software Engineer
CloudBees, Inc.
[image: CloudBees-Logo.png] 
E: rsand...@cloudbees.com
Twitter: robert_sandell

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CALzHZS0ZX%2BZqqZx_vrKdXDBgyWTDJJN9nCAJ-wiwQhvGAnT5NQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Making specific jenkins request as public request without authentication

2018-09-24 Thread Mukesh Singal 
Hi Everyone,

I have implemented a Remote API which tells slaves *healthCheck *status. 
But Jenkins redirect users to authenticate first. I want to skip 
authentication for on a specific below URL. 

*http://localhost:8080/jenkins/healthCheckPlugin/api/xml*

I have tried to create Filter and but failed in achieving this flow. 

if anyone can help me here, how to achieve this flow?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/4c3fda95-5869-4092-9dab-75b622ff2ab1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.