When I try to get /api/xml from my python script (or via Firefox by typing http://username:password@localhost:8080/api/xml), I get a 403 when I have matrix security enabled, even when the user I'm trying to authenticate has full access to the system. I've tried authenticating with both the regular password and the api token with no success. I've confirmed the python is "pre-emptively" sending the username and password.
Python code (project name is "Hello"):
xml_url = "http://localhost:8080/api/xml?xpath=/hudson/job[name='Hello']/color"
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
password_mgr.add_password(None, "http://localhost:8080", "user", "96f9...apitoken....23");
handler = urllib2.HTTPBasicAuthHandler(password_mgr)
opener = urllib2.build_opener(handler)
response = opener.open(xml_url)
xml = response.read()