Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25421

Allow Swarm client to be used when CSRF is disabled

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • swarm-plugin
    • None
    • Jenkins 1.580.1
      Swarm Plugin 1.20
      "Prevent Cross Site Request Forgery exploits" - Disabled

      I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.

      java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

Discovering Jenkins master
Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
Could not obtain CSRF crumb. Response code: 404
Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
INFO: basic authentication scheme selected
Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
Failed to create a slave on Jenkins CODE: 401
Retrying in 10 seconds

          [JENKINS-25421] Allow Swarm client to be used when CSRF is disabled

          Eric Lordahl created issue -
          Eric Lordahl made changes -
          Description Original: I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.

          java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

          Discovering Jenkins master
          Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
          Could not obtain CSRF crumb. Response code: 404
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
          INFO: basic authentication scheme selected
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
          INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
          Failed to create a slave on Jenkins CODE: 401
          Retrying in 10 seconds           		New: I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.

          {noformat}
          java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

          Discovering Jenkins master
          Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
          Could not obtain CSRF crumb. Response code: 404
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
          INFO: basic authentication scheme selected
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
          INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
          Failed to create a slave on Jenkins CODE: 401
          Retrying in 10 seconds

          {noformat}
          Eric Lordahl made changes -
          Description Original: I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.

          {noformat}
          java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

          Discovering Jenkins master
          Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
          Could not obtain CSRF crumb. Response code: 404
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
          INFO: basic authentication scheme selected
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
          INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
          Failed to create a slave on Jenkins CODE: 401
          Retrying in 10 seconds

          {noformat}           		New: I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.


          {noformat}
          java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

          Discovering Jenkins master
          Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
          Could not obtain CSRF crumb. Response code: 404
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
          INFO: basic authentication scheme selected
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
          INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
          Failed to create a slave on Jenkins CODE: 401
          Retrying in 10 seconds

          {noformat}
          Eric Lordahl made changes -
          Description Original: I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.


          {noformat}
          java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

          Discovering Jenkins master
          Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
          Could not obtain CSRF crumb. Response code: 404
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
          INFO: basic authentication scheme selected
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
          INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
          Failed to create a slave on Jenkins CODE: 401
          Retrying in 10 seconds

          {noformat}           		New: I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.

          {noformat}

          java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>

          Discovering Jenkins master
          Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
          Could not obtain CSRF crumb. Response code: 404
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
          INFO: basic authentication scheme selected
          Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
          INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
          Failed to create a slave on Jenkins CODE: 401
          Retrying in 10 seconds
          {noformat}
          Eric Lordahl made changes -
          Environment Original: Jenkins 1.580.1
          Swarm Plugin 1.20
          		 New: Jenkins 1.580.1
          Swarm Plugin 1.20
          "Prevent Cross Site Request Forgery exploits" - Disabled
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 159387 ] New: JNJira + In-Review [ 179967 ]
          Oleg Nenashev made changes -
          Assignee Original: Kohsuke Kawaguchi [ kohsuke ]
          Basil Crow made changes -
          Summary Original: Swarm plugin requires "Prevent Cross Site Request Forgery exploits" be enabled. New: Allow Swarm client to be used when CSRF is disabled
          Basil Crow made changes -
          Issue Type Original: Bug [ 1 ] New: New Feature [ 2 ]
          Basil Crow made changes -
          Link New: This issue is duplicated by JENKINS-36667 [ JENKINS-36667 ]
          Basil Crow made changes -
          Link New: This issue is duplicated by JENKINS-47281 [ JENKINS-47281 ]

            Unassigned Unassigned
            elordahl Eric Lordahl
            Votes:
            6 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: