如何为 Jenkins 请求面包屑发行者 [英] How to request for the crumb issuer for Jenkins
问题描述
我想使用 Jenkins 远程 API,我正在寻找安全的解决方案.我遇到了防止跨站点请求伪造漏洞,我想使用它,但我在某处读到您必须提出 crumb 请求.
I want to use the Jenkins Remote API, and I am looking for safe solution. I came across Prevent Cross Site Request Forgery exploits and I want to use it, but I read somewhere that you have to make a crumb request.
如何获取 crumb 请求以使 API 正常工作?
How do I get a crumb request in order to get the API working?
我发现了这个https://github.com/entagen/jenkins-build-per-branch/pull/20,但我仍然不知道如何修复它.
I found this https://github.com/entagen/jenkins-build-per-branch/pull/20, but still I don't know how to fix it.
我的 Jenkins 版本是 1.50.x.
My Jenkins version is 1.50.x.
使用 POST 请求时,经过身份验证的远程 API 请求响应 403
推荐答案
我也没有在文档中找到这个.此代码针对较旧的 Jenkins (1.466) 进行了测试,但应该仍然有效.
I haven't found this in the documentation either. This code is tested against an older Jenkins (1.466), but should still work.
要发布面包屑,请使用 crumbIssuer
To issue the crumb use the crumbIssuer
// left out: you need to authenticate with user & password -> sample below
HttpGet httpGet = new HttpGet(jenkinsUrl + "crumbIssuer/api/json");
String crumbResponse = toString(httpclient, httpGet);
CrumbJson crumbJson = new Gson().fromJson(crumbResponse, CrumbJson.class);
这会给你这样的回复
{"crumb":"fb171d526b9cc9e25afe80b356e12cb7","crumbRequestField":".crumb"}
这里包含你需要的两条信息
This contains two pieces of information you need
- 您需要传递面包屑的字段名称
- 面包屑本身
如果您现在想从 Jenkins 获取某些内容,请将面包屑添加为标题.在下面的示例中,我获取了最新的构建结果.
If you now want to fetch something from Jenkins, add the crumb as header. In the sample below I fetch the latest build results.
HttpPost httpost = new HttpPost(jenkinsUrl + "rssLatest");
httpost.addHeader(crumbJson.crumbRequestField, crumbJson.crumb);
这里是整个示例代码.我正在使用 gson 2.2.4 来解析响应和 Apache 的 httpclient 4.2.3 其余部分.
Here is the sample code as a whole. I am using gson 2.2.4 to parse the response and Apache's httpclient 4.2.3 for the rest.
import org.apache.http.auth.*;
import org.apache.http.client.*;
import org.apache.http.client.methods.*;
import org.apache.http.impl.client.*;
import com.google.gson.Gson;
public class JenkinsMonitor {
public static void main(String[] args) throws Exception {
String protocol = "http";
String host = "your-jenkins-host.com";
int port = 8080;
String usernName = "username";
String password = "passwort";
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(host, port),
new UsernamePasswordCredentials(usernName, password));
String jenkinsUrl = protocol + "://" + host + ":" + port + "/jenkins/";
try {
// get the crumb from Jenkins
// do this only once per HTTP session
// keep the crumb for every coming request
System.out.println("... issue crumb");
HttpGet httpGet = new HttpGet(jenkinsUrl + "crumbIssuer/api/json");
String crumbResponse= toString(httpclient, httpGet);
CrumbJson crumbJson = new Gson()
.fromJson(crumbResponse, CrumbJson.class);
// add the issued crumb to each request header
// the header field name is also contained in the json response
System.out.println("... issue rss of latest builds");
HttpPost httpost = new HttpPost(jenkinsUrl + "rssLatest");
httpost.addHeader(crumbJson.crumbRequestField, crumbJson.crumb);
toString(httpclient, httpost);
} finally {
httpclient.getConnectionManager().shutdown();
}
}
// helper construct to deserialize crumb json into
public static class CrumbJson {
public String crumb;
public String crumbRequestField;
}
private static String toString(DefaultHttpClient client,
HttpRequestBase request) throws Exception {
ResponseHandler<String> responseHandler = new BasicResponseHandler();
String responseBody = client.execute(request, responseHandler);
System.out.println(responseBody + "\n");
return responseBody;
}
}
这篇关于如何为 Jenkins 请求面包屑发行者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
