Value from token Param is not evaluated

[trivago-tgoik]

We try to make use of the "Build Token Root Plugin" within the trigger, but it's seems not to evaluate the token value for authentication.

We read this on the Plugin page:
Authentication
There is a special token parameter. When supplied, it is used with BuildAuthorizationToken to authenticate.

We have setup the "Trigger builds remotely (e.g., from scripts)"
Token= OUR_TOKEN

If we enable Anonymous Users JOB:read than it works, but this we don't want to

What we do:

curl -X POST \
  'http://localhost:8080/generic-webhook-trigger/invoke?token=_OUR_TOKEN_' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -d '{"eventKey":"pr:opened"}'

I our log we receive this message:

Jun 14, 2018 12:04:24 PM org.jenkinsci.plugins.gwt.GenericWebHookRequestReceiver doInvoke
SEVERE: PullRequestPipeline
org.acegisecurity.AccessDeniedException: Please log in to access job/PullRequestPipeline/

What we have tried:
Use the URL from the Build Token Plugin

curl -X POST \
  'http://localhost:8080/buildByToken/build?job=PullRequestPipeline&token=_OUR_TOKEN_' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -d '{"eventKey":"pr:opened"}'

The second one works, but it does allow us to access to the JSON data

Maybe we have understood wrong, but i looked at the PlugIn code and there it says

  private static final String NO_JOBS_MSG =
      "Did not find any jobs to trigger! "
          + "The user invoking /generic-webhook-trigger/invoke must have read permission to any jobs that should be triggered. "
          + "You may try adding http://user:passw@url... "
          + "or configuring and passing an authentication token like ...trigger/invoke?token=TOKENHERE";

But for some reason it does not work.

[tomasbjerre]

what version of the plugin?

[trivago-tgoik]

Sorry

Jenkins: ver. 2.125

Name | Maven ID | License
-- | -- | --
Generic Webhook Trigger Plugin | org.jenkins-ci.plugins:generic-webhook-trigger:1.36 | MIT License
JSON Small and Fast Parser | net.minidev:json-smart:2.2.1 | The Apache Software License, Version 2.0
ASM based accessors helper used by json-smart | net.minidev:accessors-smart:1.1 | The Apache Software License, Version 2.0
ASM Core | org.ow2.asm:asm:5.0.3 | BSD
Json Path | com.jayway.jsonpath:json-path:2.2.0 | The Apache Software License, Version 2.0
Gson | com.google.code.gson:gson:2.8.2 | Apache 2.0

[tomasbjerre]

Can you provide the full stack trace found below this part? :

Jun 14, 2018 12:04:24 PM org.jenkinsci.plugins.gwt.GenericWebHookRequestReceiver doInvoke
SEVERE: PullRequestPipeline
org.acegisecurity.AccessDeniedException: Please log in to access job/PullRequestPipeline/

[trivago-tgoik]

Jun 14, 2018 12:31:25 PM hudson.model.Run execute
INFO: RunEagleEyeTracker #235555 main build action completed: FAILURE
Jun 14, 2018 12:31:27 PM org.jenkinsci.plugins.gwt.GenericWebHookRequestReceiver doInvoke
INFO: Triggering PullRequestPipeline
Jun 14, 2018 12:31:27 PM org.jenkinsci.plugins.gwt.GenericWebHookRequestReceiver doInvoke
SEVERE: PullRequestPipeline
org.acegisecurity.AccessDeniedException: Please log in to access job/PullRequestPipeline/
	at hudson.model.Queue$Item.getApi(Queue.java:2297)
	at org.jenkinsci.plugins.gwt.GenericTriggerResults.<init>(GenericTriggerResults.java:31)
	at org.jenkinsci.plugins.gwt.GenericTrigger.trigger(GenericTrigger.java:126)
	at org.jenkinsci.plugins.gwt.GenericWebHookRequestReceiver.doInvoke(GenericWebHookRequestReceiver.java:109)
	at org.jenkinsci.plugins.gwt.GenericWebHookRequestReceiver.doInvoke(GenericWebHookRequestReceiver.java:58)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
	at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:64)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:530)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)

[tomasbjerre]

Ok, I'll provide a fix later today... You are doing nothing wrong!

[trivago-tgoik]

👍

[tomasbjerre]

Should be fixed now in 1.37. Available in update site within a few hours.

[trivago-tgoik]

Like a charm, thanks !