Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62681

Plug-in calling Jenkins REST API fails with 403 when configured with pluginFirstClassLoader = true

XMLWordPrintable

      Enabling pluginFirstClassLoader for conflicting dependencies seems to affect the plug-in's capability to invoke Jenkins REST endpoints. 

      Statistics gatherer plug-in currently uses GSON 2.8.6 (through unirest). This conflicts with Jenkins GIT plug-in (4.2.2), that currently uses GSON 2.8.2.  These two versions are incompatible. To get around the GSON conflict, we recompiled the plug-in with pluginFirstClassLoader enabled as per guidance found here https://www.jenkins.io/doc/developer/plugin-development/dependencies-and-class-loading.This however seems to affect the security context of the plug-in as it is now gets an error calling an API endpoint on Jenkins. 

      More detail: 

      Tested on: 

      • Jenkins 2.222.3 
      • Jenkins 2.190.2

      Before enabling pluginFirstClassLoader: 

      java.lang.NoSuchMethodError: com.google.gson.Gson.newBuilder()Lcom/google/gson/GsonBuilder;
at kong.unirest.json.JSONElement.<clinit>(JSONElement.java:39)
at kong.unirest.JsonNode.<init>(JsonNode.java:44)
at kong.unirest.JsonResponse.toJsonNode(JsonResponse.java:49)
at kong.unirest.JsonResponse.getNode(JsonResponse.java:43)
at kong.unirest.JsonResponse.<init>(JsonResponse.java:35)
at kong.unirest.apache.BaseApacheClient.transformBody(BaseApacheClient.java:53)
at kong.unirest.apache.ApacheClient.request(ApacheClient.java:127)
at kong.unirest.BaseRequest.asJson(BaseRequest.java:232)
at org.jenkins.plugins.statistics.gatherer.util.RestClientUtil.getJson(RestClientUtil.java:79)
at org.jenkins.plugins.statistics.gatherer.listeners.RunStatsListener.addBuildFailureCauses(RunStatsListener.java:322)

      Enabling pluginFirstClassLoader:

      Added to pom.xml for plug-in and recompiled: 

      <build>
 <plugins>
 <plugin>
 <groupId>org.jenkins-ci.tools</groupId>
 <artifactId>maven-hpi-plugin</artifactId>
 <configuration>
 <minimumJavaVersion>1.8</minimumJavaVersion>
 <pluginFirstClassLoader>true</pluginFirstClassLoader>
 </configuration>
 </plugin>

      After enabling pluginFirstClassLoader:

      java.lang.NullPointerException at org.jenkins.plugins.statistics.gatherer.util.RestClientUtil.getJson(RestClientUtil.java:86) at org.jenkins.plugins.statistics.gatherer.listeners.RunStatsListener.addBuildFailureCauses(RunStatsListener.java:326) at org.jenkins.plugins.statistics.gatherer.listeners.RunStatsListener.onFinalized(RunStatsListener.java:304) at hudson.model.listeners.RunListener.fireFinalized(RunListener.java:255)

      Logged out the URL it is attempting to invoke: 

      https://<hidden>/jenkins/android-digital/job/Carl_BFA_Test/7/api/json?depth=2&tree=actions[foundFailureCauses[categories,description,id,name]]

      Logging out the HTTP status reason for the call: 

      JSON status: Forbidden

      Verified that this URL can be manually invoked when signed in and returns results.  

            carlmeyer Carl Meyer
            carlmeyer Carl Meyer
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: