https://github.com/jenkinsci/build-publisher-plugin/blob/6632a43369ae247535a471117a911eef471aba9e/src/main/java/hudson/plugins/build_publisher/HTTPBuildTransmitter.java#L136-L173 is insecure and will not work with Spring Security. https://github.com/jenkinsci/build-publisher-plugin/blob/6632a43369ae247535a471117a911eef471aba9e/src/main/java/hudson/plugins/build_publisher/HudsonInstance.java#L47 should be reinterpreted as an API token, and HTTP calls made using BASIC authn, which will work for any security realm and any Jenkins version.