Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61916

[JEP-200] http-request-plugin java.lang.SecurityException: Rejected: org.apache.http.HttpHost

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: http-request-plugin
    • Labels:
      None
    • Environment:
      Jenkins ver. 2.213
      HTTP Request Plugin 1.8.24
    • Similar Issues:

      Description

      Hello,

      First of all, I already read the https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200 but I don't have any proxy configured.

      Also checked the https://issues.jenkins-ci.org/browse/JENKINS-51741.

      I try to create a http request as follows:

      private String getResponse(def apiUrl, def requestBody){ 
          def response = httpRequest httpMode: "POST",
                      url: apiUrl, 
                      authentication: 'someApiKey', 
                      customHeaders: [[name: 'Content-type', value: 'application/xml']], 
                      requestBody: requestBody, 
                      ignoreSslErrors: true 
          return response.getContent() 
      }  

      When trying to execute this inside my Jenkins Pipeline I get the following error:

      18:15:16  java.lang.SecurityException: Rejected: org.apache.http.HttpHost; see https://jenkins.io/redirect/class-filter/
      18:15:16  	at hudson.remoting.ClassFilter.check(ClassFilter.java:77)
      18:15:16  	at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:133)
      18:15:16  	at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1620)
      18:15:16  	at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1521)
      18:15:16  	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1781)
      18:15:16  	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353)
      18:15:16  	at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2018)
      18:15:16  	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1942)
      18:15:16  	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1808)
      18:15:16  	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353)
      18:15:16  	at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2018)
      18:15:16  	at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:503)
      18:15:16  	at java.lang.Throwable.readObject(Throwable.java:914)
      18:15:16  	at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
      18:15:16  	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      18:15:16  	at java.lang.reflect.Method.invoke(Method.java:498)
      18:15:16  	at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1058)
      18:15:16  	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1909)
      18:15:16  	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1808)
      18:15:16  	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353)
      18:15:16  	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:373)
      18:15:16  	at hudson.remoting.UserRequest.deserialize(UserRequest.java:290)
      18:15:16  	at hudson.remoting.UserResponse.retrieve(UserRequest.java:385)
      18:15:16  	at hudson.remoting.Channel.call(Channel.java:955)
      18:15:16  Caused: java.io.IOException: Failed to deserialize response to UserRequest:jenkins.plugins.http_request.HttpRequestExecution@4bbe800a
      18:15:16  	at hudson.remoting.Channel.call(Channel.java:963)
      18:15:16  	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:337)
      18:15:16  	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:319)
      18:15:16  	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      18:15:16  	at hudson.security.ACL.impersonate(ACL.java:290)
      18:15:16  	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      18:15:16  	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      18:15:16  	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      18:15:16  	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      18:15:16  	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      18:15:16  	at java.lang.Thread.run(Thread.java:745)
      18:15:16  Finished: FAILURE 

       

      I have no idea why it's trying to call HttpHost as I saw in the code for HTTP REQUEST plugin on GitHub that seems to be only used for proxy, otherwise it's null.

       

        Attachments

          Activity

            People

            Assignee:
            janario Janario Oliveira
            Reporter:
            robertibram Robert Ibram
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: