Jenkins在EC2服务器上传递请求头中的crumb后返回403错误。

huangapple go评论76阅读模式
英文:

Jenkins giving 403 in EC2 Server after passing the crumb in the request headers

问题

我正在使用CSRF Jenkins的crumb,在API调用中使用它来从Java在Jenkins中创建新的作业。

我尝试了以下操作:

调用API以获取crumb数据

http://admin:11542c80972c3a2b863453d234de68b1d@10.139.163.33/crumbIssuer/api/json

我还尝试了以下URL

http://10.139.163.33/crumbIssuer/api/json

下面是从服务器获取到的JSON响应:

{"_class":"hudson.security.csrf.DefaultCrumbIssuer","crumb":"b272a09b604e7b7cc8ee1431f0a0143fa1422db2fb5f92955b0356a31da37463","crumbRequestField":"Jenkins-Crumb"}

在下一步中,我正在调用Jenkins,使用以下标头创建新的作业

Jenkins-Crumb:b272a09b604e7b7cc8ee1431f0a0143fa1422db2fb5f92955b0356a31da37463

Jenkins正在给我403错误,我正在使用HttpGet获取令牌,并使用带有上述标头的HttpPost发送到Jenkins。

当我使用Postman时,不会出现此错误。我在一个EC2服务器上运行Java应用程序,Jenkins在另一个EC2服务器上运行。

没有代理,我还尝试过使用各种选项,如启用代理兼容性,重新启动Jenkins等,但没有效果。

请给出任何指示。

使用的Java代码是

HttpPost postRequest = new HttpPost(url);
JenkinsCrumb crumb = jenkinsHelper.getCrumb();
String encodedPassword = Base64.getEncoder().encodeToString((user + ":" + pwd).getBytes());
postRequest.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encodedPassword);
postRequest.addHeader(new BasicHeader(crumb.getCrumbRequestField(), crumb.getCrumb()));
return postRequest;

获取crumb的代码是

String urlWithToken = "http://" + (user + ":" + pwd) + "@";
HttpGet request = new HttpGet(jenkinsBaseUrl.replace("http://", urlWithToken) + "crumbIssuer/api/json");
request.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encodedPassword);
CloseableHttpResponse httpResponse = httpClient.execute(request);

我还尝试过使用CURL命令,仍然得到相同的响应。

英文:

i am using the CSRF Jenkins crumbs in the API call to create a new job in Jenkins from Java.

I tried the following

Called the API to get the crumb data

> http://admin:11542c80972c3a2b863453d234de68b1d@10.139.163.33/crumbIssuer/api/json

I also tried with the below URL
> http://10.139.163.33/crumbIssuer/api/json

The below is the JSON response obtained from the server

{"_class":"hudson.security.csrf.DefaultCrumbIssuer","crumb":"b272a09b604e7b7cc8ee1431f0a0143fa1422db2fb5f92955b0356a31da37463","crumbRequestField":"Jenkins-Crumb"}

In the next step, I am making a call to the Jenkins to create a new job with the header as

Jenkins-Crumb:b272a09b604e7b7cc8ee1431f0a0143fa1422db2fb5f92955b0356a31da37463

Jenkins is giving me 403, I am using HttpGet to get the token and using HttpPost with the header as above and sending to jenkins.

When i try with postman, it is not giving this error. I am running the Java application in 1 ec2 server and jenkins on another ec2 server.

There are no proxies, I also tried to use the various options like the enable proxy compatibilty, restarting jenkins etc, but not working.

Please give any pointers.

Java code used is

HttpPost postRequest = new HttpPost(url);
    JenkinsCrumb crumb = jenkinsHelper.getCrumb();
    String encodedPassword = Base64.getEncoder().encodeToString((user + ":" + pwd).getBytes());
    postRequest.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encodedPassword);
    postRequest.addHeader(new BasicHeader(crumb.getCrumbRequestField(), crumb.getCrumb()));
    return postRequest;

The code to get the crumb is

String urlWithToken = "http://" + (user + ":" + pwd) + "@";
                HttpGet request = new HttpGet(jenkinsBaseUrl.replace("http://", urlWithToken) + "crumbIssuer/api/json");
                request.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encodedPassword);
                CloseableHttpResponse httpResponse = httpClient.execute(request);

I have also tried with the CURL command and still getting the same response

答案1

得分: 2

我能够通过使用相同的HttpClient(CloseableHttpClient)来解决这个问题,既用于CRUMB请求又用于POST请求。之前,我使用了两个单独的客户端,一个用于获取crumb,另一个用于发布数据。为这两者使用共享的httpclient 导致成功状态。

希望这对其他遇到类似问题的开发者有所帮助。

英文:

I was able to fix this issue by using the same HttpClient (CloseableHttpClient) for both the CRUMB and the POST Request. Earlier, I was using 2 separate clients one for getting the crumb and new one for the posting of the data. Using a shared httpclient for both of these resulted in success state.

Hope this helps any other developer facing similar issue.

huangapple
  • 本文由 发表于 2020年7月24日 20:23:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/63073496.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定