-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Ubuntu 10.04 32 bit, Jenkins 1.421
Configured to use Jenkins' user database, matrix-based security.
I am calling the HTTP API using an authenticated request as described here:
https://wiki.jenkins-ci.org/display/JENKINS/Authenticating%2Bscripted%2Bclients
I discovered while trying to use the Python plugin in development at https://launchpad.net/python-jenkins that actually authentication only works using GET requests, not POST. This can be verified with wget as follows:
GET request:
wget --auth-no-challenge --http-user=[user] --http-password=[pass] http://[path to Jenkins]/job/[job_name]/buildWithParameters?[params]
This works OK and triggers the job.
POST request (note the --post-data option causes wget to use a POST request rather than GET):
wget --post-data="" --auth-no-challenge --http-user=[user] --http-password=[pass] http://[path to Jenkins]/job/[job_name]/buildWithParameters?[params]
This results in 403 Forbidden.
I can't find in the documentation anything that says whether the design is that you should use GET or POST for triggering a request, but the semantics of triggering a job would certainly seem to be one that should be using POST rather than GET (since it definitely does have side effects).