This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 193008 - Cannot authenticate when CSRF enabled
Summary: Cannot authenticate when CSRF enabled
Status: VERIFIED FIXED
Alias: None
Product: connecteddeveloper
Classification: Unclassified
Component: Hudson (show other bugs)
Version: 7.0
Hardware: PC Linux
: P3 normal (vote)
Assignee: Jesse Glick
URL:
Keywords:
: 185144 (view as bug list)
Depends on: 209427 224586
Blocks:
  Show dependency tree
 
Reported: 2010-12-07 17:38 UTC by Tomas Mysik
Modified: 2013-01-07 18:38 UTC (History)
2 users (show)

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
IDE log (60.74 KB, text/x-log)
2010-12-07 17:38 UTC, Tomas Mysik 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Mysik 2010-12-07 17:38:32 UTC 
Created attachment 103695 [details]
IDE log

Hudson v1.386 (behind HTTP proxy).

If I start Hudson job from NB, nothing happens. In the server log, I can see this message:
7.12.2010 18:23:00 hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /job/IAS-CCDB2/build.  Returning 403.

Attaching IDE log (logging with FINE level).

Product Version: NetBeans IDE Dev (Build 101207-82ef52c60670)
Java: 1.6.0_22; Java HotSpot(TM) 64-Bit Server VM 17.1-b03
System: Linux version 2.6.35-23-generic running on amd64; UTF-8; cs_CZ (nb)
Comment 1 Jesse Glick 2010-12-07 20:15:36 UTC 
*** Bug 193009 has been marked as a duplicate of this bug. ***
Comment 2 Jesse Glick 2010-12-07 20:51:47 UTC 
I guess https://hudson.orchitech.cz/api/xml?tree=useCrumbs says true. Seems to be reproducible only when "Prevent Cross Site Request Forgery exploits" is checked.

BTW your HTTPS cert is invalid.
Comment 3 Tomas Mysik 2010-12-07 22:09:33 UTC 
(In reply to comment #2)
> I guess https://hudson.orchitech.cz/api/xml?tree=useCrumbs says true.

Yes, you are right.
Comment 4 Jesse Glick 2010-12-08 01:08:11 UTC 
I think I have a fix, please test. core-main #1a8c09b7089e
Comment 5 Tomas Mysik 2010-12-08 09:08:11 UTC 
(In reply to comment #4)
> I think I have a fix, please test. core-main #1a8c09b7089e

Super, thanks a lot Jesse! I will test it after the change is propagated to the web-main repository.
Comment 6 Tomas Mysik 2010-12-08 11:09:01 UTC 
Verified the original scenario, it means that Hudson job can be successfully started. However, please have a look at issue #193009.

Thanks a lot.

Product Version: NetBeans IDE Dev (Build 101208-6428741fbbfb)
Java: 1.6.0_22; Java HotSpot(TM) 64-Bit Server VM 17.1-b03
System: Linux version 2.6.35-23-generic running on amd64; UTF-8; cs_CZ (nb)
Comment 7 Quality Engineering 2010-12-09 06:19:16 UTC 
Integrated into 'main-golden', will be available in build *201012090001* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/1a8c09b7089e
User: Jesse Glick <jglick@netbeans.org>
Log: #193008: Cannot authenticate when CSRF enabled
Comment 8 Jesse Glick 2010-12-09 15:09:27 UTC 
*** Bug 185144 has been marked as a duplicate of this bug. ***