I'm trying to set an HTTP request authorization header through the REST endpoint option in scriptrunner for Jira server, to get a crumb from a jenkins server:
triggerJenkinsBuild3(httpMethod: "GET") { MultivaluedMap queryParams ->
//try 1
def authString = "admin:password".bytes.encodeBase64().toString()
//try 2
String userCredentials = "admin:password"
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()))
//try 3
byte[] encodedBytes = Base64.getEncoder().encode(userCredentials.getBytes())
String basicAuth2 = "Basic " + new String(encodedBytes)
// try 4
final byte[] authBytes = userCredentials.getBytes(StandardCharsets.UTF_8)
final String encoded = Base64.getEncoder().encodeToString(authBytes)
String basicAuth3 = "Basic " + encoded
URL url
def baseURL = 'http://localhost:8080/crumbIssuer/api/json'
url = new URL(baseURL)
HttpURLConnection connection = (HttpURLConnection) url.openConnection()
connection.requestMethod = "GET"
connection.doOutput = true
connection.setRequestProperty("Authorization", "Basic "+ authString)
connection.addRequestProperty("Content-Type", "application/json;charset=UTF-8")
// check headers b4 connection
def checkHeadersB4Request = []
for (String header : connection.getRequestProperties().keySet()) {
if (header != null) {
for (String value : connection.getRequestProperties().get(header)) {
checkHeadersB4Request << header + ":" + value
}
}
}
connection.connect()
if (connection.getResponseCode() == 200 || connection.getResponseCode() == 201 || connection.getResponseCode() == 202 || connection.getResponseCode() == 203 || connection.getResponseCode() == 204) {
Response.ok(checkHeadersB4Request).build()
} else {
Response.status(Response.Status.NOT_FOUND).entity(connection.getResponseCode()).build()
}
}
As you can see, I'm checking ALL the headers of the request (notice checkHeardersB4Request var) before sending it, and I am surprised with the output, since the Authorization header does not show up as opposed to the Content-Type header:
I tried several ways to achieve this (notice try 1, try 2, etc), but I always get the same result, all the headers get associated with the request, except the Authorization header.
NOTE: I know that the Content-Type header is not necessary in order to do this, I just added it to illustrate the issue a little bit better.
According to this stackoverflow link (https://stackoverflow.com/questions/2864062/getrequestpropertyauthorization-always-returns-null) it seems like the authorization header always returns null when using the getRequestProperties() method due to a security feature of the httpURLConnection class. This explains my issue.
Is there another way of checking if an authorization header is correctly associated with a certain request???
Well, I still don't know how to answer this question, but now I'm sure that my request has the authorization header associated with it because I was able to trigger a Jenkins build through Jira (XRAY project).
It turns out I had a crumb problem, which I resolved by installing an add-on to jenkins (strict crumb issuer) and turned off the check the session ID feature:
Turning off security features is far from being a best practice, but at least it means that I'm doing something correctly. Will continue to improve my solution. Hopefully someone finds this monologue helpful in some way =)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.