This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 193008

Summary: Cannot authenticate when CSRF enabled
Product: connecteddeveloper Reporter: Tomas Mysik <tmysik>
Component: HudsonAssignee: Jesse Glick <jglick>
Status: VERIFIED FIXED    
Severity: normal CC: javydreamercsw, rkubacki
Priority: P3    
Version: 7.0   
Hardware: PC   
OS: Linux   
Issue Type: DEFECT Exception Reporter:
Bug Depends on: 209427, 224586    
Bug Blocks:    
Attachments: IDE log

Description Tomas Mysik 2010-12-07 17:38:32 UTC 
Created attachment 103695 [details]
IDE log

Hudson v1.386 (behind HTTP proxy).

If I start Hudson job from NB, nothing happens. In the server log, I can see this message:
7.12.2010 18:23:00 hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /job/IAS-CCDB2/build.  Returning 403.

Attaching IDE log (logging with FINE level).

Product Version: NetBeans IDE Dev (Build 101207-82ef52c60670)
Java: 1.6.0_22; Java HotSpot(TM) 64-Bit Server VM 17.1-b03
System: Linux version 2.6.35-23-generic running on amd64; UTF-8; cs_CZ (nb)
Comment 1 Jesse Glick 2010-12-07 20:15:36 UTC 
*** Bug 193009 has been marked as a duplicate of this bug. ***
Comment 2 Jesse Glick 2010-12-07 20:51:47 UTC 
I guess https://hudson.orchitech.cz/api/xml?tree=useCrumbs says true. Seems to be reproducible only when "Prevent Cross Site Request Forgery exploits" is checked.

BTW your HTTPS cert is invalid.
Comment 3 Tomas Mysik 2010-12-07 22:09:33 UTC 
(In reply to comment #2)
> I guess https://hudson.orchitech.cz/api/xml?tree=useCrumbs says true.

Yes, you are right.
Comment 4 Jesse Glick 2010-12-08 01:08:11 UTC 
I think I have a fix, please test. core-main #1a8c09b7089e
Comment 5 Tomas Mysik 2010-12-08 09:08:11 UTC 
(In reply to comment #4)
> I think I have a fix, please test. core-main #1a8c09b7089e

Super, thanks a lot Jesse! I will test it after the change is propagated to the web-main repository.
Comment 6 Tomas Mysik 2010-12-08 11:09:01 UTC 
Verified the original scenario, it means that Hudson job can be successfully started. However, please have a look at issue #193009.

Thanks a lot.

Product Version: NetBeans IDE Dev (Build 101208-6428741fbbfb)
Java: 1.6.0_22; Java HotSpot(TM) 64-Bit Server VM 17.1-b03
System: Linux version 2.6.35-23-generic running on amd64; UTF-8; cs_CZ (nb)
Comment 7 Quality Engineering 2010-12-09 06:19:16 UTC 
Integrated into 'main-golden', will be available in build *201012090001* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/1a8c09b7089e
User: Jesse Glick <jglick@netbeans.org>
Log: #193008: Cannot authenticate when CSRF enabled
Comment 8 Jesse Glick 2010-12-09 15:09:27 UTC 
*** Bug 185144 has been marked as a duplicate of this bug. ***