Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-17433

Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • 5.12.0.2
    • 5.10.3
    • None

    Description

      Summary

      Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection

      Environment

      • Bamboo 5.10.3
      • Bitbucket Cloud

      Steps to Reproduce

      In Bitbucket Cloud

      1. Go to Repositories > Your_repo > Settings > Webhooks > Add Webhook
      2. Add the following URL: http://bamboo-host/updateAndBuild.action?planKey=FOO-BAR
      3. And customize it the way you want

      In Bamboo

      1. Make sure the there is a remote trigger configured for the plan FOO-BAR
      2. Go to Admin > Security Settings then uncheck the option Enable XSRF protection

      Expected Results

      The build is triggered by the changes in Bitbucket

      Actual Resuts

      No build is triggered

      The following errors can be seen in the catalina.out

      2016-04-08 16:26:58,215 ERROR [http-nio-8086-exec-12] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
        at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
        at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139)
        ...

2016-04-08 16:26:58,235 ERROR [http-nio-8086-exec-12] [FiveOhOh] 500 Exception was thrown.
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
        at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
        at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
        at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
        ...

      Workaround

      1. Go to Admin > Security Settings then uncheck the option Enable XSRF protection
      2. Use the Services feature: Bamboo service management

      Resolution

      Use Webhook with:

      BAMBOO_URL/rest/triggers/1.0/remote/changeDetection?planKey=PLAN_KEY&skipBranches=false

      The steps are described here: How to trigger a Bamboo build from Bitbucket Cloud using a Webhook - Atlassian Documentation

      Attachments

        Issue Links

          is related to

          Suggestion - BAM-13700 updateAndBuild.action should have a REST API endpoint and/or be documented

          • Closed
          relates to

          BDEV-11514 Loading...

          Activity

            People

              pbruski Przemek Bruski
              dsantos Daniel Santos
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: