Community
Participate
Working Groups
Build Identifier: I20110613-1736 org.eclipse.core.runtime.CoreException: Unexpected error: Forbidden at org.eclipse.mylyn.internal.hudson.core.HudsonCorePlugin.toCoreException(HudsonCorePlugin.java:61) at org.eclipse.mylyn.internal.hudson.core.HudsonServerBehaviour.runBuild(HudsonServerBehaviour.java:738) at org.eclipse.mylyn.builds.internal.core.operations.RunBuildOperation$1.doExecute(RunBuildOperation.java:55) at org.eclipse.mylyn.builds.internal.core.operations.BuildJob.run(BuildJob.java:79) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: org.eclipse.mylyn.internal.hudson.core.client.HudsonException: Forbidden at org.eclipse.mylyn.internal.hudson.core.client.HudsonOperation.run(HudsonOperation.java:34) at org.eclipse.mylyn.internal.hudson.core.client.RestfulHudsonClient.runBuild(RestfulHudsonClient.java:397) at org.eclipse.mylyn.internal.hudson.core.HudsonServerBehaviour.runBuild(HudsonServerBehaviour.java:736) ... 3 more Caused by: java.io.IOException: Forbidden at org.eclipse.mylyn.commons.http.CommonHttpClient.needsReauthentication(CommonHttpClient.java:105) at org.eclipse.mylyn.commons.http.HttpOperation.needsReauthentication(HttpOperation.java:102) at org.eclipse.mylyn.commons.http.HttpOperation.execute(HttpOperation.java:76) at org.eclipse.mylyn.internal.hudson.core.client.RestfulHudsonClient$7.execute(RestfulHudsonClient.java:390) at org.eclipse.mylyn.internal.hudson.core.client.HudsonOperation.run(HudsonOperation.java:32) ... 5 more Caused by: java.lang.UnsupportedOperationException at org.eclipse.mylyn.internal.commons.repositories.LocationService.requestCredentials(LocationService.java:93) at org.eclipse.mylyn.builds.internal.core.util.RepositoryWebLocation.requestCredentials(RepositoryWebLocation.java:55) at org.eclipse.mylyn.commons.http.CommonHttpClient.needsReauthentication(CommonHttpClient.java:99) ... 9 more eclipse.buildId=I20110613-1736 java.version=1.7.0 java.vendor=Oracle Corporation BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=de_DE Framework arguments: -product org.eclipse.epp.package.jee.product Command-line arguments: -data C:\DevMine\workspace\Java -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product Jenkins ver. 1.424 on Tomcat 7 on Windows Server 2008 Running build with saem user/pwd from Jenkins web-gui works without problems. Reproducible: Always Steps to Reproduce: 1.Install Jenkins as build sever in Builds view 2. Choose a build job in build view job list below jenkins build server instance and click run 3.Running of build fails
Can you check if an entry for the Jenkins username and password was created in the preferences under General > Secure Storage > Contents: org.eclipse.mylyn.commons.repository?
Yes, there are two entries: org.eclipse.mylyn.tasklist.repositories.password org.eclipse.mylyn.tasklist.repositories.user I deleted secure storage, then saved user/pwd after "Validate" in Server properties in Build View via Secure Storage agaian - refreshed job List and selected gob to run. Same Error!
Thanks for the information. The connector currently only support authenticating through HTTP. I suspect that authentication is failing since your server expects a different type of login. Is your server publicly accessible? If not, can you check if it uses the standard form-based login mechanism (e.g. http://mylyn.org/jenkins-latest/login?from=%2Fjenkins-latest%2F)?
(In reply to comment #3) > Thanks for the information. The connector currently only support authenticating > through HTTP. I suspect that authentication is failing since your server > expects a different type of login. We use the build in ldap support to authtenticate , but standard http form based > Is your server publicly accessible? If not, can you check if it uses the > standard form-based login mechanism (e.g. > http://mylyn.org/jenkins-latest/login?from=%2Fjenkins-latest%2F)? Our login form looks similar in jekins lookup is done via ldap
I managed to locate the origin of that bug. When i disable the checkbox "Prevent from Cross Site Request Forgery" attacks in Jenkins global settings the bug disappears. Mylyn can't handle the crumb security feature to prevent csrf attacks . That is a major secuity flaw in my opinion. Can you fix thta bug please! Tx for support.
*** Bug 341414 has been marked as a duplicate of this bug. ***
Thanks for investigating that. I don't agree that this a security flaw since it doesn't work. Obviously support for this security feature should be implemented to enable running of builds when the "Prevent from Cross Site Request Forgery" setting is active. I have updated the summary accordingly. Request wise it looks like there is a script tag that initializes JavaScript magic: <script>crumb.init(".crumb", "540de756e8c00c046a3a739a85cfe701");</script> This causes an additional header to be included in the request: .crumb: 540de756e8c00c046a3a739a85cfe701
I have committed a first pass at this. The fix is in master and will be available in the next weekly build (first week of 2012).
A new weekly build now is available from http://eclipse.org/mylyn/downloads/#weekly . Please retry with the latest and reopen this bug if the problem persists.
Starting a build job from inside Eclipse is failing again in newer versions of Jenkins (I'm currently using 2.121.1). The crumb name has changed from ".crumb" to "Jenkins-Crumb": <script>crumb.init("Jenkins-Crumb", "c4daeb35223b76650d04d5dda1d96cab");</script>