概述:
今天在调用jenkins接口构建项目的时候,发现一直报403错误,报错信息:Error 403 No valid crumb was included in the request ,去jenkins官网搜索一番,发现是jenkins未关闭csrf认证导致的,在Configure Global Security配置中:关闭Crumb保存之后发现还是报同样的错误,后来发现Jenkins版本自2.2xx版本之后,csrf认证在web界面里已经没法关闭了(关闭也不生效):
官网解释:[JENKINS-61375] Cannot disable CSRF - Jenkins Jira
未关闭前:
完整报错信息:
[2023-06-16 11:24:28][ERROR][jenkins_api.py:86:start_job_build]:执行jenkins_job构建出现异常,异常原因:Error in request. Possibly authentication failed [403]: Forbidden
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
<table>
<tr><th>URI:</th><td>/job/haomo-lucas-web-test/buildWithParameters</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>No valid crumb was included in the request</td></tr>
<tr><th>SERVLET:</th><td>Stapler</td></tr>
</table>
<hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// 10.0.13</a><hr/>
</body>
</html>
解决方案:
在jenkins的启动配置中添加参数:
-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
(1)使用容器运行的Jenkins
(1)进入容器,找到/usr/local/bin/jenkins.sh
(2)在该文件中的:
exec java -Duser.home="$JENKINS_HOME" ${FUTURE_OPTS} "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@" 一行中,
增加:
-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
[root@ops_test ~]# docker exec -it jenkins-master /bin/bash
jenkins@d1fffdb3323:/$
jenkins@d1fffdb3323:/$ vi /usr/local/bin/jenkins.sh
#修改后内容如下:
......
exec java -Duser.home="$JENKINS_HOME" -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true ${FUTURE_OPTS} "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
(3)配置完成后重启Jenkins容器
(2) 使用war包运行的Jenkins
直接在启动脚本里面添加
-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 参数
export JENKINS_HOME=/mnt/jenkins_home
nohup java -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar jenkins.war > /dev/null 2>&1 &
配置完成后,重新启动Jenkins
关闭后,再次查看配置,关闭成功后如下图所示: