[JIRA] (JENKINS-58626) the response code of "Authentication required" should be 401

[niwei_forever@sina.com (JIRA)]

Davy Ni created an issue

Jenkins / JENKINS-58626 the response code of "Authentication required" should be 401 Issue Type: Bug Assignee: Kseniia Nenasheva Components: security-inspector-plugin Created: 2019-07-24 03:28 Priority: Minor Reporter: Davy Ni When a jenkins api is called without authentication info, jenkins return 403 error code. According to RFC 2616, jenkins should return 401. This bug makes my Jira webhook not working.  My Jira webhook is created this:    http://username:pass...@jenkins.xxxxx.com/view/ci-megalodon-master/job/provision2/buildWithParameters.   Jira first call this webhook without authentication info, if webhook return 401, Jira will then call webwook with authentication info. But as jenkins return 403, the Jira webhook just failed.   Reference about 401 &403: https://tools.ietf.org/html/rfc2616#section-10.4.2 http://www.dirv.me/blog/2011/07/18/understanding-403-forbidden/index.html   Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[niwei_forever@sina.com (JIRA)]

Davy Ni updated an issue

Jenkins / JENKINS-58626 the response code of "Authentication required" should be 401

Change By: Davy Ni

When a jenkins api is called without authentication info, jenkins return 403 error code. According to RFC 2616, jenkins should return 401.   This bug makes my Jira webhook not working.

My Jira webhook is created like this:    [http://username:pass...@jenkins.xxxxx.com/view/ci-megalodon-master/job/provision2/buildWithParameters.|http://dev:yodo...@jenkins.ut.feikongbao.cn/view/ci-megalodon-master/job/provision2/buildWithParameters.]

Jira first call this webhook without authentication info, if webhook return 401, Jira will then call webwook with authentication info. But as jenkins return 403, the Jira webhook just failed.   Reference about 401 &403: [https://tools.ietf.org/html/rfc2616#section-10.4.2] [http://www.dirv.me/blog/2011/07/18/understanding-403-forbidden/index.html]

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev updated an issue

Jenkins / JENKINS-58626 the response code of "Authentication required" should be 401

Change By: Oleg Nenashev Component/s: core Component/s: security-inspector-plugin

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev assigned an issue to Unassigned

Jenkins / JENKINS-58626 the response code of "Authentication required" should be 401

Change By: Oleg Nenashev Assignee: Kseniia Nenasheva

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev updated an issue

Jenkins / JENKINS-58626 the response code of "Authentication required" should be 401

Change By: Oleg Nenashev Labels: authentication

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck closed an issue as Won't Fix

We will probably never address this as it breaks too much other stuff. Do the equivalent of wget --auth-no-challenge and send the auth headers early.

Jenkins / JENKINS-58626 the response code of "Authentication required" should be 401

Change By: Daniel Beck Status: Open Closed Resolution: Won't Fix

Add Comment