I'm trying to retrieve information about one job build from the api rest provided by Jenkins with Angularjs.
Jsonp is actually disabled on Jenkins:
Jenkins Security Advisory 2013-02-16
so this piece of code can't work:
var url = 'http://jenkins-server:8080/job/job-name/api/json?jsonp=callback';
$http.jsonp(url).success(function (data) {
console.log(data);
});
throw:
Uncaught SyntaxError: Unexpected token :
Cors is not enabled by default... to be honest I can't find the way to install this plugins:
https://github.com/algal/cors
https://github.com/jhinrichsen/cors-plugin
and this code can't work as well
var url = 'http://jenkins-server:8080/job/job-name/api/json'
$http({url: url, method: 'GET'}).success(function(data){console.log(data)})
You can use this CORS filter plugin:
https://wiki.jenkins-ci.org/display/JENKINS/Cors+Filter+Plugin
Or you can host your Angular app on the Jenkins server using the User Content mechanism:
https://wiki.jenkins-ci.org/display/JENKINS/User+Content
There seems to be a plugin now for whitelisting JSON requests...Just go to the plugins, and search for JSON.
The Secure Access plugin.
#Mauro, starting with Jenkins 1.537 you can implement "jenkins.security.SecureRequester" and allow the json request to work.
You just have to implement the method permit(StaplerRequest req, Object bean) and have your validations there and just return true (based on your validation result) to allow the request.
Once you done that you can simply use the first code snipped you have mentioned in your question.
Example SecureRequester Implementation : -
import hudson.Extension;
import jenkins.security.SecureRequester;
import org.kohsuke.stapler.StaplerRequest;
#Extension
public class AllowRequest implements SecureRequester {
public boolean permit(StaplerRequest req, Object bean) {
// A method to validate the request and return the appropriate result
return YOUR_VALIDATION_METHOD(req,bean);
}
private boolean YOUR_VALIDATION_METHOD(StaplerRequest req, Object bean) {
// validation goes here
}
}
You need to build this as a plugin and install it in you Jenkins setup to work.
Related
I'm writing a POC for Quarkus. I'm using this quick start guide to build a REST client. The REST service I'll be integrating with is third party. Here is a simple example of my current implementation:
#Path("/v1")
#RegisterRestClient
public class EmployeeApi {
#POST
#Path("/employees")
ApiResponse createEmployee(#RequestBody Employee employee)
}
This works fine. The issue I'm having is that the third party API will, depending on success / failure, return a response body. In the scenario it does fail, it provides details in the response body (ApiResponse) on why it was unsuccessful. When it succeeds, it returns nothing. This causes Quarkus to throw the following exception:
javax.ws.rs.ProcessingException: RESTEASY003145: Unable to find a MessageBodyReader of content-type application/octet-stream and type com.test.app.ApiResponse
I've tried to wrap ApiResponse in an Optional type but does not solve the problem. I see absolutely nothing in Quarkus / RESTEasy documentation that would indicate a work-around.
I'm wondering if I should be using javax.ws.rs.core.Response instead.
The problem is JaxRS tries to fit ApiResponse to a default return type being application/octet-stream
You should make sure to specify explicitly that you're returning application/json
This is possible using #Produces(APPLICATION_JSON) on top of your service.
Here is the correct code snippet
#Path("/v1")
#RegisterRestClient
public class EmployeeApi {
#POST
#Path("/employees")
#Produces(APPLICATION_JSON)
ApiResponse createEmployee(#RequestBody Employee employee)
}
I have set up my spring to maintain a HTTP session on an object like so:
#Component
#SessionScope
public class Basket { .. }
controller:
#PostMapping(path="/basket/addItem/{user}", consumes = "application/json", produces = "application/json")
public Basket createBasket(#PathVariable String user, #RequestBody Item item) {
System.out.println("POSTING..................................");
return basketService.addItem(user, item);
}
now when i use a REST client, in firefox i can see that the session bean is created and maintained for the duration - multiple calls. I can append to the object. If i try another client, it gets its own session with its own bean. great..
spring logs the following:
Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [269] milliseconds.
However im trying to create a basic front end in react, when react makes a request using axios it gets a new bean every time, which means that the session must be ending after each call. IS that correct? or im not tying it to the react application...
Maybe the approach im taking is not correct, maybe i should use a a different approach, Im trying to learn about spring boot, so its a basic project... and right now i want to maintain user session for a cart. so subsequent calls i can append to the object...
by adding the following to my controller it all began to work.
#CrossOrigin(origins = { "http://localhost:3000" }, allowedHeaders = "*", allowCredentials = "true")
I am currently building an application using token based authentication with Angular and Laravel. I initially set things up just to test the API by creating a BookController . At first I was getting a Cross Origin Request Block error when I tried to call this data from Angular. However I managed to resolve this by adding the headers to my routes/web.php file. Here is the whole file. NB: After adding these headers I was succesfully able to use the API even from another domain
<?php
header('Access-Control-Allow-Origin: *');
header( 'Access-Control-Allow-Headers: Authorization, Content-Type' );
//Route::get('/', 'BookController#show');
//Route::resource('book/create', 'BookController#create');
Auth::routes();
Route::get('/', 'HomeController#index');
Route::resource('book', 'BookController');
Route::resource('authenticate', 'AuthenticateController', ['only' => ['index']]);
Route::post('authenticate', 'AuthenticateController#authenticate');
However I am currently following this tutorial to set up token based authentication. https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps
To summarise , my issue is when I submit the form containing username and password I am getting the following errors. Below I will try elaborate a bit more but it is quite difficult as there is alot to it.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at http://www.example.local/authenticate/.
(Reason: CORS header 'Access-Control-Allow-Origin' missing).
And
Possibly unhandled rejection:
{"data":null,"status":-1,"config":{"method":"POST","transformRequest":[null],"transformResponse":[null],"jsonpCallbackParam":"callback","url":"http://www.example.local/authenticate/","data":{"email":"dasdas#Dasa.com","password":"fsdfd"},"withCredentials":false,"headers":{"Accept":"application/json,
text/plain,
/","Content-Type":"application/json;charset=utf-8"}},"statusText":""}
I am using Angular UI Router V 0.4.2 and satellizer. My Angular version is 1.6.2 It using a different domain than the API. Much like the working example above.
On the laravel side I also followed this tutorial to add middleware to attempt to resolve this but no luck.
http://en.vedovelli.com.br/2015/web-development/Laravel-5-1-enable-CORS/
I will also include my AuthenticateController.php file..
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use App\User;
class AuthenticateController extends Controller
{
public function __construct()
{
// Apply the jwt.auth middleware to all methods in this controller
// except for the authenticate method. We don't want to prevent
// the user from retrieving their token if they don't already have it
$this->middleware('jwt.auth', ['except' => ['authenticate']]);
$this->middleware('cors');
}
public function index()
{
// Retrieve all the users in the database and return them
$users = User::all();
return $users;
}
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
try {
// verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong
return response()->json(['error' => 'could_not_create_token'], 500);
}
// if no errors are encountered we can return a JWT
return response()->json(compact('token'));
}
}
My issue is I do not even know if the "possibly unhandled rejection" is related to the "Cross-Origin Request Blocked" error. But I have to assume it is.
Can you recognise anything from my routes files that may be allowing one and not another?
EDIT:
I have noticed the difference between one request and another is that one is a GET request while another is an OPTIONS request. This may be the cause.
I have since added Header set Access-Control-Allow-Origin "*" to both the virtual hosts config file in Apache and to a .htaccess file in the root of the Laravel project. Still no change.
I am wondering is this related something in Angular
Your server code needs to handle that OPTIONS request by sending a headers-only response to it that includes the Access-Control-Allow-Methods: GET, POST, PUT, DELETE header and Access-Control-Allow-Headers: Authorization, Content-Type header.
Or you can just try using https://github.com/barryvdh/laravel-cors which makes all this easier.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests has general info you might want to read up on.
I have a web application which calls several App Engine Endpoints with the Google API JavaScript client library.
I am currently changing this application from callback mode to promises mode, as recommended by Google (https://developers.google.com/api-client-library/javascript/features/promises#using-promises) and I am encountering a problem. Note that the app works well with the callback mode.
My problem with the promises mode is to find what is the correct path argument to use when calling the request method:
JavaScrit code:
var params = {'webSafeKeyParent’: ‘neN4fm15xW52b2ljZXMtb19saW5lmlYLEglBY1NFwpRpdHkYgICAgQj97AoM’};
gapi.client.request({
'path': 'https://myappenginename.appspot.com/_ah/api/customerApi/v1/?????????',
'params': params
}).then(function(response) {
// Handle response
}, function(reason) {
// Handle error
});
Endpoint definition in "customerApi":
#ApiMethod(
name = "listByParent",
path = "customerByParent/{webSafeKeyParent}",
httpMethod = ApiMethod.HttpMethod.GET,
scopes = {Constants.EMAIL_SCOPE},
clientIds = {Constants.WEB_CLIENT_ID, com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID},
audiences = {Constants.ANDROID_AUDIENCE})
public List<Customer> listByParent(final User user, #Named("webSafeKeyParent") final String webSafeKeyParent, #Nullable #Named("cursor") String cursor, #Nullable #Named("limit") Integer limit) throws UnauthorizedException {
For few of my endpoints it works by including in the path argument of the JavaScript request method, the values of "path" and "name" as declared in the #ApiMethod annotation.
i.e. for the above endpoint, the following path works:
https://myappenginename.appspot.com/_ah/api/customerApi/v1/customerByParent/listByParent
Strangely enough this does NOT work for some other endpoints of the same kind. I receive either a 404 HTTP error or a 503 one.
I've also tried with the paths displayed under "Request" when you query the endpoints with the APIs Explorer but without success....
Is there any detailed documentation on how to call App Engine Endpoints with promises, with the Google API JavaScript client library? I have not found any. Do you have some advice to share please?
Thanks in advance
Actually the request method DOES work ALL THE TIME with the "path" argument composed of the values of "path" and "name" as declared in the #ApiMethod annotation...
It was a mistake on my side if it didn't work for some endpoints. Don't know which mistake, however.
Note that I have noticed that it is very important to pass to the JavaScript request method the correct httpMethod of the App Engine Endpoints. By default the request methid assumes that it is a GET. In case your Endpoint has httpMethod= ApiMethod.HttpMethod.POST in the #ApiMethod annotation, you shall pass the argument 'method': 'POST', as detailed in the doc: https://developers.google.com/api-client-library/javascript/reference/referencedocs#gapiclientrequestargs
I am trying to run the IBM Watson's Tradeoff Analytics widget to show the trade-off analytics graph in a webpage. The Tradeoff Analytics API is starting properly but when I submit the problem to the show the graph, I get some undefined error.
Here is the sample code that I am using the run the Tradeoff Analytics Widget.
function errorHandler(payload){
alert(payload.errorMessage);
}
function onShowCompleteCB(payload){
alert('show Tradeoff graph complete');
}
function onStartCB(payload){
alert('sending trade-off problem');
var problem = <problem-json>;
taClient.show(problem, onShowCompleteCB);
}
var options = {
dilemmaServiceUrl : <tradeoff-service-url>,
username : <username>,
password : <password>
};
var taClient = new TradeoffAnalytics(options , document.getElementById('watson_widget'));
var s = taClient.subscribe('afterError', errorHandler);
taClient.start(onStartCB);
I also noticed from javascript debugger that HTTP response to the last request returned the reponse header WWW-Authenticate:Basic realm="IBM Watson Gateway Log-in". Moreover I get the following error in javascript console XMLHttpRequest cannot load . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. The response had HTTP status code 401.
Can somebody help me out with what might be going wrong here?
PS: I have cross checked my username and password and they seem to be working fine through REST based API invocation.
Based on your code, you are trying to use the client widget. You need to have a proxy app that will receive the request and use your username and password.
On your client side you will need something like:
HTML:
<div id='DIV_ID'></div>
JS:
taClient = new TA.TradeoffAnalytics({
customCssUrl: 'https://ta-cdn.mybluemix.net/v1/modmt/styles/watson.css',
dilemmaServiceUrl: '/proxy',
profile: 'basic'
}, 'DIV_ID');
taClient.subscribe('afterError', function onError(){ /* on error */});
taClient.start(function onLoad(){ /* on load */});
}
Server side(nodejs):
var tradeoffAnalytics = watson.tradeoff_analytics({
version: 'v1',
username: '<username>',
password: '<password>'
});
app.post('/proxy', function(req, res) {
tradeoffAnalytics.dilemmas(req.body, function(err, dilemmas) {
if (err)
return res.status(err.code || 500).json(err.error || 'Error processing the request');
else
return res.json(dilemmas);
});
});
Above you will find an example of how to implement the proxy using express and the watson-developer-cloud npm module.
There is a full sample you can look in github