问题
I found that with CSRF Protection enabled, i can either issue a post request with crumbs header and using username:PASSWORD
for the basic auth header:
String basic = "<username>:<PASSWORD>";
HttpURLConnection c = (HttpURLConnection) new URL("https://host.com/jenkins/quietDown").openConnection();
c.setInstanceFollowRedirects(false);
c.setRequestMethod("POST");
c.addRequestProperty("Jenkins-Crumb", "<CRUMB>");
c.addRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString(basic.getBytes()));
c.getInputStream().close();
or use username:APITOKEN
for the basic auth header, in wich case the crumbs header is not necessary:
String basic = "<username>:<APITOKEN>";
HttpURLConnection c = (HttpURLConnection) new URL("https://host.com/jenkins/quietDown").openConnection();
c.setInstanceFollowRedirects(false);
c.setRequestMethod("POST");
c.addRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString(basic.getBytes()));
c.getInputStream().close();
Question:
- Is this intended usage (username:APITOKEN without crumbs header)? The documentation and existing SO answers are vague.
Using Jenkins 2.164.3 and Java 8.
来源:https://stackoverflow.com/questions/56138723/please-clarify-jenkins-rest-api-with-csrf-needs-crumbs-for-userpassword-but-n