Authorization/JAXB-API for Jenkins #55, #57

[gnl42]

Added "crumbissuer" authentication. Do we still need the old authentication code?

Fixed missing JAXB-API complaint
(https://www.vogella.com/blog/eclipse-rcp-java-11-jaxb/)

[wimjongman]

Thanks, George!

This looks good. I found a couple of nits.

[wimjongman]

You can drop it.

[ruspl-afed]

Please keep alphabetic order for dependencies

[gnl42]

Hi Wim,
I made the changes and had to rework the code a bit to fix some issues I came across after some more testing.

The build framework is weird, I don't understand what the intent was in its design.
CommonHttpClient has an "authenticated" flag that is good for a session, yet has a ThreadLocal variable "context" that is used to store the token. Side effect of this is that each thread had to authenticate rather than just doing it once for the session.

One issue I'm unable to solve is how use the JSESSION id to authenticate when running a build using ones password.
It works fine when using a API token, but according to all the documentation I've come across it should be doable in both cases???

I've been testing it against my local Jenkins instance, and against https://ci.eclipse.org/mylyn/job/github-mylyn/.
If someone who is able to login to ci.eclipse.org could test the code I would feel more comfortable.

Also, I haven't seen any sign that the crumb is needed. Could be my jenkins hasn't been set up fully.

[BeckerFrank]

Also, I haven't seen any sign that the crumb is needed. Could be my jenkins hasn't been set up fully.

I have finally remember the password so that I could reactivate the Hudson and Jenkins test instances of the http://mylyn.org domain. Maybe that helps.

[gnl42]

Also, I haven't seen any sign that the crumb is needed. Could be my jenkins hasn't been set up fully.

I have finally remember the password so that I could reactivate the Hudson and Jenkins test instances of the http://mylyn.org domain. Maybe that helps.

If that is the same instances that the unit tests are using (e.g.: https://mylyn.org/hudson-3.3.3, http://mylyn.org/jenkins-2.32.3/) it doesn't help.

Neither of them accept the ''crumbIssuer/api/json" request

[BeckerFrank]

Maybe the versions are to old to support that or we have never configure this.

[gnl42]

@BeckerFrank

Maybe the versions are to old to support that or we have never configure this.

Looks like 2.32.3 was released back in 2016 so I would say it's too old.
It also hasn't been configured to use the crumb security (CSRF not enabled)

[gnl42]

Hi @wimjongman
I think I've done all I can with this at the moment. The unit tests pass (one is disabled).
The only thing I haven't been able to make work is starting a build using username/pw. Docs say this should be doable when passing crumb AND sessionId but I haven't been able to make it work with my Jenkins instance.
Using user/token works

I would suggest merging the code and deal with any issues that crop up with a new ticket

George

[wimjongman]

I would suggest merging the code and deal with any issues that crop up with a new ticket

Hey George. Cool! Do you want to take a look at the review comments before merging?

[ruspl-afed]

I've removed my comments regarding issues in .target, I need to have closer look later.

[gnl42]

I would suggest merging the code and deal with any issues that crop up with a new ticket

Hey George. Cool! Do you want to take a look at the review comments before merging?

I think I've addressed the comments to the best of my ability. When I tried to address the comments about the .target I ran into unresolved references that I have no idea how to fix

[gnl42]

Don't merge yet. Started looking into the session Id problem and found some very not nice behaviour

[gnl42]

Solved the "sessionId" issue.

user/pw can run build now. Caveat is that if Jenkins is using StrictCrumbIssuer with a timeout set for the crumb one will be unable to run builds once the crumb expires. I can't see any way to have a new crumb created in this situation with how the build framework is designed.
Does not happen with a token, the recommended way, so I'm ok with this behaviour.

[wimjongman]

George, is the token used in the password field?

[gnl42]

Hi Wim,   yes. It's getting complicated. Depending on the system, authentication can be by: * Token * username/pw * username/token George

…

On 2023-03-07 00:30, Wim Jongman wrote: George, is the token used in the password field? — Reply to this email directly, view it on GitHub <#60 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AP36HKKWKYQEAMK4YEUUM23W23WZDANCNFSM6AAAAAAVFIKDPQ>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[wimjongman]

Yes, it is. To be clear by 'system' do you mean systems like Jenkins or different Jenkins versions? Is the UI still using "Hudson"?

[gnl42]

Yes, * Token: Bamboo 8, GitHub, Jira 8 * username/pw: Bamboo 8, Jenkins, Jira 8 * username/token: Jira 10, Jenkins (modern) The connector is advertised as 'Hudson (supports Jenkins)' but I don't see anything in the UI itself

…

On 2023-03-07 01:21, Wim Jongman wrote: Yes, it is. To be clear by 'system' do you mean systems like Jenkins or different Jenkins versions? Is the UI still using "Hudson"? — Reply to this email directly, view it on GitHub <#60 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AP36HKKAE3NTNRANAN6QT6DW234ZTANCNFSM6AAAAAAVFIKDPQ>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[BeckerFrank]

@BeckerFrank

Maybe the versions are to old to support that or we have never configure this.

Looks like 2.32.3 was released back in 2016 so I would say it's too old. It also hasn't been configured to use the crumb security (CSRF not enabled)

Yes we should use a newer Jenkins version in our new test infrastructure (see Multipass setup supports >= 2_303_3)

[gnl42]

Could someone merge the PR?