Can't set HTTP request authorization header using REST endpoint in scriptrunner for jira server
I'm trying to set an HTTP request authorization header through the REST endpoint option in scriptrunner for Jira server, to get a crumb from a jenkins server:
triggerJenkinsBuild3(httpMethod: "GET") { MultivaluedMap queryParams ->
//try 1
def authString = "admin:password".bytes.encodeBase64().toString()
//try 2
String userCredentials = "admin:password"
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()))
//try 3
byte[] encodedBytes = Base64.getEncoder().encode(userCredentials.getBytes())
String basicAuth2 = "Basic " + new String(encodedBytes)
// try 4
final byte[] authBytes = userCredentials.getBytes(StandardCharsets.UTF_8)
final String encoded = Base64.getEncoder().encodeToString(authBytes)
String basicAuth3 = "Basic " + encoded
URL url
def baseURL = 'http://localhost:8080/crumbIssuer/api/json'
url = new URL(baseURL)
HttpURLConnection connection = (HttpURLConnection) url.openConnection()
connection.requestMethod = "GET"
connection.doOutput = true
connection.setRequestProperty("Authorization", "Basic "+ authString)
connection.addRequestProperty("Content-Type", "application/json;charset=UTF-8")
// check headers b4 connection
def checkHeadersB4Request = []
for (String header : connection.getRequestProperties().keySet()) {
if (header != null) {
for (String value : connection.getRequestProperties().get(header)) {
checkHeadersB4Request << header + ":" + value
}
}
}
connection.connect()
if (connection.getResponseCode() == 200 || connection.getResponseCode() == 201 || connection.getResponseCode() == 202 || connection.getResponseCode() == 203 || connection.getResponseCode() == 204) {
Response.ok(checkHeadersB4Request).build()
} else {
Response.status(Response.Status.NOT_FOUND).entity(connection.getResponseCode()).build()
}
}As you can see, I'm checking ALL the headers of the request (notice checkHeardersB4Request var) before sending it, and I am surprised with the output, since the Authorization header does not show up as opposed to the Content-Type header:
I tried several ways to achieve this (notice try 1, try 2, etc), but I always get the same result, all the headers get associated with the request, except the Authorization header.
NOTE: I know that the Content-Type header is not necessary in order to do this, I just added it to illustrate the issue a little bit better.
1 answer
Well, I still don't know how to answer this question, but now I'm sure that my request has the authorization header associated with it because I was able to trigger a Jenkins build through Jira (XRAY project).
It turns out I had a crumb problem, which I resolved by installing an add-on to jenkins (strict crumb issuer) and turned off the check the session ID feature:
Turning off security features is far from being a best practice, but at least it means that I'm doing something correctly. Will continue to improve my solution. Hopefully someone finds this monologue helpful in some way =)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.