Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 5.12.0.2
    • Affects Version/s: 5.10.3
    • Component/s: None

      Summary

      Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection

      Environment

      • Bamboo 5.10.3
      • Bitbucket Cloud

      Steps to Reproduce

      In Bitbucket Cloud

      1. Go to Repositories > Your_repo > Settings > Webhooks > Add Webhook
      2. Add the following URL: http://bamboo-host/updateAndBuild.action?planKey=FOO-BAR
      3. And customize it the way you want

      In Bamboo

      1. Make sure the there is a remote trigger configured for the plan FOO-BAR
      2. Go to Admin > Security Settings then uncheck the option Enable XSRF protection

      Expected Results

      The build is triggered by the changes in Bitbucket

      Actual Resuts

      No build is triggered

      The following errors can be seen in the catalina.out

      2016-04-08 16:26:58,215 ERROR [http-nio-8086-exec-12] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
        at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
        at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139)
        ...

2016-04-08 16:26:58,235 ERROR [http-nio-8086-exec-12] [FiveOhOh] 500 Exception was thrown.
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
        at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
        at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
        ...

      Workaround

      1. Go to Admin > Security Settings then uncheck the option Enable XSRF protection
      2. Use the Services feature: Bamboo service management

      Resolution

      Use Webhook with:

      BAMBOO_URL/rest/triggers/1.0/remote/changeDetection?planKey=PLAN_KEY&skipBranches=false

      The steps are described here: How to trigger a Bamboo build from Bitbucket Cloud using a Webhook - Atlassian Documentation

              Assignee:
              Przemek Bruski
              Reporter:
              Daniel Santos (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: