Jenkins关闭跨站请求伪造保护(CSRF)配置

概述:

        今天在调用jenkins接口构建项目的时候,发现一直报403错误,报错信息:Error 403 No valid crumb was included in the request ,去jenkins官网搜索一番,发现是jenkins未关闭csrf认证导致的,在Configure Global Security配置中:关闭Crumb保存之后发现还是报同样的错误,后来发现Jenkins版本自2.2xx版本之后,csrf认证在web界面里已经没法关闭了(关闭也不生效):

官网解释:[JENKINS-61375] Cannot disable CSRF - Jenkins Jira

未关闭前:

Jenkins关闭跨站请求伪造保护(CSRF)配置_第1张图片

完整报错信息:

[2023-06-16 11:24:28][ERROR][jenkins_api.py:86:start_job_build]:执行jenkins_job构建出现异常,异常原因:Error in request. Possibly authentication failed [403]: Forbidden



Error 403 No valid crumb was included in the request

HTTP ERROR 403 No valid crumb was included in the request

URI:/job/haomo-lucas-web-test/buildWithParameters
STATUS:403
MESSAGE:No valid crumb was included in the request
SERVLET:Stapler

Powered by Jetty:// 10.0.13

解决方案:

在jenkins的启动配置中添加参数:

-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true

(1)使用容器运行的Jenkins

(1)进入容器,找到/usr/local/bin/jenkins.sh
(2)在该文件中的:
exec java -Duser.home="$JENKINS_HOME" ${FUTURE_OPTS} "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"  一行中,

增加:
-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true


[root@ops_test ~]# docker exec -it jenkins-master /bin/bash
jenkins@d1fffdb3323:/$
jenkins@d1fffdb3323:/$ vi /usr/local/bin/jenkins.sh
#修改后内容如下:
......
exec java -Duser.home="$JENKINS_HOME" -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true ${FUTURE_OPTS} "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"

(3)配置完成后重启Jenkins容器

(2) 使用war包运行的Jenkins

直接在启动脚本里面添加
-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true 参数

export JENKINS_HOME=/mnt/jenkins_home
nohup java -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -jar jenkins.war > /dev/null 2>&1 &

配置完成后,重新启动Jenkins

关闭后,再次查看配置,关闭成功后如下图所示:

Jenkins关闭跨站请求伪造保护(CSRF)配置_第2张图片

 

你可能感兴趣的:(运维,jenkins,csrf,运维)