Status: Resolved (View Workflow)
Resolution: Won't Fix
When using GitHub and BitBucket hooks, they both do a HTTP POST with a lot of important payload data.
I couldn't figure out a way to access that data when using the build-token-root plugin.
I've forked my own version that does what I want here: https://github.com/shorn/build-token-root-plugin
If you're open to the idea - I'd be happy to provide a proper pull request.
The point of this plugin is to solve a single problem: that doBuild and the like in classes like AbstractProject will not even be called if the request does not provide authentication with at least read access to the project. As far as I am aware these methods in Jenkins core do not provide any access to POST payloads, so this plugin does not either.
If you are looking to have builds triggered by GitHub webhooks then you simply use the GitHub plugin, which provides a special trigger for this purpose, and which parses the POST body to determine how to trigger the build (specifying a Git commit to check out, for example). In that case there is no need for Build Token Root, because the webhook is purely advisory: the Jenkins receiver GitHubWebHook is already an UnprotectedRootAction accepting anonymous POSTs, and if it receives a notification it cross-checks against the actual repository by merely scheduling polling of the project, not directly adding a build to the queue.