[JENKINS-30116] NegSecFilter should not secure notifyCommit URLs

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: negotiate-sso-plugin
Labels:
- notifyCommit
- security

Similar Issues:
Powered by SuggestiMate

Show

Once this plugin is configured, I am no longer able to hit the notifyCommit URLs. Instead I get "This request requires HTTP authentication."

Based on the git plugin documentation, these URLs should not be secured:

this URL doesn't require authentication even for secured Jenkins, because the server doesn't directly use anything that the client is sending. It runs polling to verify that there is a change, before it actually starts a build.

source: https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin#GitPlugin-Pushnotificationfromrepository

I believe both svn and mercurial also support push notifications. I'm not aware of any other Jenkins URLs that need to be excluded from the security filter, but others may exist.

pmv created issue - 2015-08-24 19:15

Bryson Gibbons made changes - 2015-08-29 23:52

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Bryson Gibbons made changes - 2015-08-30 00:48

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

R. Tyler Croy made changes - 2016-07-25 23:57

Workflow

Original: JNJira [ 165201 ]

New: JNJira + In-Review [ 197651 ]

Assignee:: Bryson Gibbons

Reporter:: pmv

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2015-08-24 19:15

Updated:: 2015-09-03 19:22

Resolved:: 2015-08-30 00:48

Jenkins

Details

Description

Attachments

Activity

People

Dates