Description
Summary
Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection
Environment
- Bamboo 5.10.3
- Bitbucket Cloud
Steps to Reproduce
In Bitbucket Cloud
- Go to Repositories > Your_repo > Settings > Webhooks > Add Webhook
- Add the following URL: http://bamboo-host/updateAndBuild.action?planKey=FOO-BAR
- And customize it the way you want
In Bamboo
- Make sure the there is a remote trigger configured for the plan FOO-BAR
- Go to Admin > Security Settings then uncheck the option Enable XSRF protection
Expected Results
The build is triggered by the changes in Bitbucket
Actual Resuts
No build is triggered
The following errors can be seen in the catalina.out
2016-04-08 16:26:58,215 ERROR [http-nio-8086-exec-12] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139) ... 2016-04-08 16:26:58,235 ERROR [http-nio-8086-exec-12] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) ...
Workaround
- Go to Admin > Security Settings then uncheck the option Enable XSRF protection
- Use the Services feature: Bamboo service management
Resolution
Use Webhook with:
BAMBOO_URL/rest/triggers/1.0/remote/changeDetection?planKey=PLAN_KEY&skipBranches=false
The steps are described here: How to trigger a Bamboo build from Bitbucket Cloud using a Webhook - Atlassian Documentation
Attachments
Issue Links
- is related to
-
BAM-13700 updateAndBuild.action should have a REST API endpoint and/or be documented
- Closed
- relates to
-
BDEV-11514 Loading...