This page is READ-ONLY. It is generated from the old site.
All timestamps are relative to 2013 (when this page is generated).
If you are looking for TeX support, please go to VietTUG.org

jenkins: un-authorized requests and 403 error

jenkins ... tricky
Added by icy about 1 year ago  »  Votes: 2/2

Problem

When a user access the default page of Jenkins (continuous intergration server) (for example, http://jenkins.foobar.com/), Jenkins will ask browser to redirect user to login form. The tricky thing is that, the request is put in the body's contents and it is simply ignored by many clients. Let see how it works

Step by step curl-ing

The client sends a request to Jenkins server

 1 $ curl -vL localhost:8080
 2 
 3 * About to connect() to localhost port 8080 (#0)
 4 *   Trying 127.0.0.1... connected
 5 * Connected to localhost (127.0.0.1) port 8080 (#0)
 6 > GET / HTTP/1.1
 7 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
 8 > Host: localhost:8080
 9 > Accept: */*

The server will return the error 403. Normally, the basic authentication is used with this type of error code; in our case, no more instructions are sent into the header, the client will do nothing

 1 < HTTP/1.1 403 Forbidden
 2 < Server: Winstone Servlet Engine v0.9.10
 3 < Content-Type: text/html;charset=UTF-8
 4 < Content-Length: 527
 5 < Connection: Keep-Alive
 6 < Date: Wed, 14 Mar 2012 15:08:42 GMT
 7 < X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
 8 < Set-Cookie: JSESSIONID.09129890=af28c9b5fb0b7fcde9abb800ef7cc084; Path=/
 9 < 
10 * Connection #0 to host localhost left intact
11 * Closing connection #0

The client now sees the contents of the body.

1 <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/>
2    <script>window.location.replace('/login?from=%2F');</script>
3 </head><body style='background-color:white; color:white;'>Authentication required</body></html> 

Woh, Jenkins requires Javascript to redirect users to the page http://jenkins.foobar.com/login/ . This will cause trouble!!!

A simple fix

We can fix the default Jenkins's behavior, e.g, by nginx

1   error_page 403 =200 /jenkins.403.html;
2   location /jenkins.403.html {
3     root   /home/nginx/default;
4   }

The contents of the file /home/nginx/default/jenkins.403.html is below

<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/>
   <script>window.location.replace('/login?from=%2F');</script>
</head><body style='background-color:white; color:white;'>Authentication required</body></html> 

Now the server will return the error 200 as usual :)

Another way is to provide new URL in the HTTP header. This isn't trivial :)


Comments