[JIRA] (JENKINS-13636) notifyCommit method requires cookie, even when anonymous has build permission in ACL

Fri, 27 Apr 2012 11:24:27 -0700 

Rodney Stanton created JENKINS-13636:
----------------------------------------

             Summary: notifyCommit method requires cookie, even when anonymous 
has build permission in ACL
                 Key: JENKINS-13636
                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13636
             Project: Jenkins
          Issue Type: Bug
          Components: mercurial, security
    Affects Versions: current
         Environment: linux
            Reporter: Rodney Stanton
            Assignee: Kohsuke Kawaguchi


When using "Enable Security" and Mercurial, the notifyCommit method fails even 
when anonymous has build permissions. The difference appears to be in the 
cookies.

Failed case:
GET /mercurial/notifyCommit?url=ssh://<redacted>/sandbox HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b 
zlib/1.2.3 libidn/0.6.5
Host: <redacted>:8080
Accept: */*

HTTP/1.1 200 OK
Server: Winstone Servlet Engine v0.9.10
Content-Type: text/plain;charset=ISO-8859-1
Connection: Close
Date: Fri, 27 Apr 2012 17:37:29 GMT
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Set-Cookie: JSESSIONID.79b17db3=3480193c16b0d5371437749c981fa1be; Path=/; 
HttpOnly

No mercurial jobs found


SUCCESS:
GET /mercurial/notifyCommit?url=ssh://<redacted>/sandbox HTTP/1.1
Host: <redacted>:8080
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:11.0) Gecko/20100101 
Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,ja;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: __utma=142065709.672751542.1326231118.1326319384.1331761724.3; 
__utmz=142065709.1331761724.3.2.utmcsr=t.co|utmccn=(referral)|utmcmd=referral|utmcct=/M7DYDoPx;
 _mkto_trk=id:364-BLA-665&token:_mch-<redacted>-1326231118044-34632; 
iconSize=16x16; 
ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=cnN0YW50b246MTMzNjQzMTg4NTIyOTpjN2U0ZTI4MGNiMGNkNTk2YTk0MmEwNjlkMDZkNDI5ZQ==;
 JSESSIONID.52356e8f=637ee763053a1b7d5ff29fd9a54088df; 
screenResolution=1920x1080
Cache-Control: max-age=0

HTTP/1.1 200 OK
Server: Winstone Servlet Engine v0.9.10
Content-Type: text/plain;charset=ISO-8859-1
Triggered: http://<redacted>/job/testjob/
Connection: Close
Date: Fri, 27 Apr 2012 17:36:04 GMT
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Set-Cookie: JSESSIONID.79b17db3=68d15f2b379727128525f7f3933eae27; Path=/; 
HttpOnly

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to