Secret Token issues with Jenkins Job Builder

[halverneus]

Version report

Jenkins and plugins versions report:

Jenkins: 2.277.1
OS: Linux - 3.2.0-6-686-pae
---
durable-task:1.35
external-monitor-job:1.7
jquery:1.12.4-1
PrioritySorter:4.0.0
dtkit-api:3.0.0
visualworks-store:1.1.4
command-launcher:1.5
display-url-api:2.3.4
workflow-durable-task-step:2.38
mailer:1.33
email-ext:2.82
jsch:0.1.55.2
branch-api:2.6.3
git:4.7.0
instant-messaging:1.42
scm-sync-configuration:0.0.10
antisamy-markup-formatter:2.1
ssh-credentials:1.18.1
icon-shim:3.0.0
subversion:2.14.0
multiple-scms:0.6
cppcheck:1.25
junit:1.49
fitnesse:1.34
javadoc:1.6
matrix-auth:2.6.6
xunit:3.0.1
validating-string-parameter:2.8
maven-plugin:3.10
jquery3-api:3.5.1-3
timestamper:1.12
credentials:2.3.15
ircbot:2.36
mapdb-api:1.0.9.0
workflow-step-api:2.23
workflow-scm-step:2.12
copyartifact:1.46
token-macro:2.15
cloudbees-folder:6.15
pam-auth:1.6
windows-slaves:1.7
checks-api:1.6.1
apache-httpcomponents-client-4-api:4.5.13-1.0
gitlab-plugin:1.5.19
font-awesome-api:5.15.2-2
slack:2.46
git-client:3.7.0
workflow-cps:2.90
ldap:2.4
workflow-api:2.42
ant:1.11
plain-credentials:1.7
scm-api:2.6.4
ssh-slaves:1.31.5
trilead-api:1.0.13
throttle-concurrents:2.2
cors-filter:1.1
jackson2-api:2.12.1
bootstrap4-api:4.6.0-2
echarts-api:5.0.1-1
jquery-ui:1.0.2
depgraph-view:1.0.5
emailext-template:1.2
snakeyaml-api:1.27.0
jaxb:2.3.0.1
bouncycastle-api:2.20
workflow-support:3.8
build-timeout:1.20
popper-api:1.16.1-2
script-security:1.76
workflow-job:2.40
matrix-project:1.18
structs:1.22
ace-editor:1.1
git-server:1.9
urltrigger:0.48
jdk-tool:1.5
plugin-util-api:2.0.0
extra-columns:1.22
workflow-cps-global-lib:2.18
next-build-number:1.6
Result: [Plugin:durable-task, Plugin:external-monitor-job, Plugin:jquery, Plugin:PrioritySorter, Plugin:dtkit-api, Plugin:visualworks-store, Plugin:command-launcher, Plugin:display-url-api, Plugin:workflow-durable-task-step, Plugin:mailer, Plugin:email-ext, Plugin:jsch, Plugin:branch-api, Plugin:git, Plugin:instant-messaging, Plugin:scm-sync-configuration, Plugin:antisamy-markup-formatter, Plugin:ssh-credentials, Plugin:icon-shim, Plugin:subversion, Plugin:multiple-scms, Plugin:cppcheck, Plugin:junit, Plugin:fitnesse, Plugin:javadoc, Plugin:matrix-auth, Plugin:xunit, Plugin:validating-string-parameter, Plugin:maven-plugin, Plugin:jquery3-api, Plugin:timestamper, Plugin:credentials, Plugin:ircbot, Plugin:mapdb-api, Plugin:workflow-step-api, Plugin:workflow-scm-step, Plugin:copyartifact, Plugin:token-macro, Plugin:cloudbees-folder, Plugin:pam-auth, Plugin:windows-slaves, Plugin:checks-api, Plugin:apache-httpcomponents-client-4-api, Plugin:gitlab-plugin, Plugin:font-awesome-api, Plugin:slack, Plugin:git-client, Plugin:workflow-cps, Plugin:ldap, Plugin:workflow-api, Plugin:ant, Plugin:plain-credentials, Plugin:scm-api, Plugin:ssh-slaves, Plugin:trilead-api, Plugin:throttle-concurrents, Plugin:cors-filter, Plugin:jackson2-api, Plugin:bootstrap4-api, Plugin:echarts-api, Plugin:jquery-ui, Plugin:depgraph-view, Plugin:emailext-template, Plugin:snakeyaml-api, Plugin:jaxb, Plugin:bouncycastle-api, Plugin:workflow-support, Plugin:build-timeout, Plugin:popper-api, Plugin:script-security, Plugin:workflow-job, Plugin:matrix-project, Plugin:structs, Plugin:ace-editor, Plugin:git-server, Plugin:urltrigger, Plugin:jdk-tool, Plugin:plugin-util-api, Plugin:extra-columns, Plugin:workflow-cps-global-lib, Plugin:next-build-number]

• What Operating System are you using (both controller, and any agents involved in the problem)?

Debian Wheezy

Reproduction steps

• Use Jenkins Job Builder to insert a secret-token Docs.
• Update jobs with Jenkins Job Builder.
• When getting the value from config.xml, the value is in plain text.
• Attempting to run the webhook fails with the following:

Hook executed successfully but returned HTTP 500 <!DOCTYPE html><html class=""><head resURL="/static/7e0eb739" data-rooturl="" data-resurl="/static/7e0eb739" data-extensions-available="true" data-unit-test="false" data-imagesurl="/static/7e0eb739/images" data-crumb-header="Jenkins-Crumb" data-crumb-value="99be29d86e38f95ed54bfe4436466e3c843962a3a6d47039d20f1565c6a6a174"> <title>Jenkins [Jenkins]</title><link rel="stylesheet" href="/static/7e0eb739/jsbundles/base-styles-v2.css" type="text/css"><link rel="stylesheet" href="/static/7e0eb739/css/color.css" type="text/css"><link rel="stylesheet" href="/static/7e0eb739/css/responsive-grid.css" type="text/css"><link rel="shortcut icon" href="/static/7e0eb739/favicon.ico" type="image/vnd.microsoft.icon"><link color="black" rel="mask-icon" href="/images/mask-icon.svg"><script src="/static/7e0eb739/scripts/prototype.js" type="text/javascript"></script><script src="/static/7e0eb739/scripts/behavior.js" type="text/javascript"></script><script src='/adjuncts/7e0eb739/org/kohsuke/stapler/bind.js' type='text/javascript'></script><script src="/static/7e0eb739/scripts/yui/yahoo/yahoo-min.js"></script><script src="/static/7e0eb739/scripts/yui/dom/dom-min.js"></script><script src="/static/7e0eb739/scripts/yui/event/event-min.js"></script><script src="/static/7e0eb739/scripts/yui/animation/animation-min.js"></script><script src="/static/7e0eb739/scripts/yui/dragdrop/dragdrop-min.js"></script><script src="/static/7e0eb739/scripts/yui/container/container-min.js"></script><script src="/static/7e0eb739/scripts/yui/connection/connection-min.js"></script><script src="/static/7e0eb739/scripts/yui/datasource/datasource-min.js"></script><script src="/static/7e0eb739/scripts/yui/autocomplete/autocomplete-min.js"></script><script src="/static/7e0eb739/scripts/yui/menu/menu-min.js"></script><script src="/static/7e0eb739/scripts/yui/element/element-min.js"></script><script src="/static/7e0eb739/scripts/yui/button/button-min.js"></script><script src="/static/7e0eb739/scripts/yui/storage/storage-min.js"></script><script src="/static/7e0eb739/scripts/polyfills.js" type="text/javascript"></script><script src="/static/7e0eb739/scripts/hudson-behavior.js" type="text/javascript"></script><script src="/static/7e0eb739/scripts/sortable.js" type="text/javascript"></script><link rel="stylesheet" href="/static/7e0eb739/scripts/yui/container/assets/container.css" type="text/css"><link rel="stylesheet" href="/static/7e0eb739/scripts/yui/container/assets/skins/sam/container.css" type="text/css"><link rel="stylesheet" href="/static/7e0eb739/scripts/yui/menu/assets/skins/sam/menu.css" type="text/css"><link rel="stylesheet" href="/static/7e0eb739/jsbundles/ui-refresh-overrides.css" type="text/css"><link rel="search" href="/opensearch.xml" type="application/opensearchdescription+xml" title="Jenkins"><meta name="ROBOTS" content="INDEX,NOFOLLOW"><meta name="viewport" content="width=device-width, initial-scale=1"><script src="/adjuncts/7e0eb739/org/kohsuke/stapler/jquery/jquery.full.js" type="text/javascript"></script><script>var Q=jQuery.noConflict()</script><link rel="stylesheet" href="/plugin/jquery-ui/css/jquery-ui-1.8.9.custom.css" type="text/css"><script src="/plugin/jquery-ui/js/jquery-ui-1.8.9.custom.min.js"></script><script src="/static/7e0eb739/jsbundles/vendors.js" type="text/javascript"></script><script src="/static/7e0eb739/jsbundles/page-init.js" type="text/javascript"></script><script src="/static/7e0eb739/jsbundles/sortable-drag-drop.js" type="text/javascript"></script></head><body data-model-type="hudson.model.Hudson" id="jenkins" class="yui-skin-sam one-column jenkins-2.277.1" data-version="2.277.1"><a href="#skip2content" class="skiplink">Skip to content</a><div id="page-head"><header id="header" class="page-header"><div class="page-header__brand"><div class="logo"><a id="jenkins-home-link" href="/"><img src="/static/7e0eb739/images/jenkins-header-logo-v2.svg" alt="[Jenkins]" id="jenkins-head-icon"><img src="/static/7e0eb739/images/title.png" alt="Jenkins" width="139" id="jenkins-name-icon" height="34"></a></div><a href="/" class="page-header__brand-link"><img src="/static/7e0eb739/images/jenkins-header-logo-v2.svg" alt="[Jenkins]" class="page-header__brand-image"><span class="page-header__brand-name">Jenkins</span></a></div><div class="searchbox hidden-xs"><form role="search" method="get" name="search" action="/search/" style="position:relative;" class="no-json"><div id="search-box-sizer"></div><div id="searchform"><input role="searchbox" name="q" placeholder="search" id="search-box" class="main-search__input"><span class="main-search__icon-leading"><svg viewBox="0 0 24 24" focusable="false" class="svg-icon "><use href="/static/7e0eb739/images/material-icons/svg-sprite-action-symbol.svg#ic_search_24px"></use></svg></span><a href="https://jenkins.io/redirect/search-box" class="main-search__icon-trailing"><svg viewBox="0 0 24 24" focusable="false" class="svg-icon "><use href="/static/7e0eb739/images/material-icons/svg-sprite-action-symbol.svg#ic_help_outline_24px"></use></svg></a><div id="search-box-completion"></div><script>createSearchBox("/search/");</script></div></form></div><div class="login page-header__hyperlinks"><div id="visible-am-insertion" class="page-header__am-wrapper"></div><div id="visible-sec-am-insertion" class="page-header__am-wrapper"></div><a href="/login?from=%2Fproject%2FAddons%2FavcInstallationCD"><b>log in</b></a></div></header><div id="breadcrumbBar"><tr id="top-nav"><td id="left-top-nav" colspan="2"><link rel='stylesheet' href='/adjuncts/7e0eb739/lib/layout/breadcrumbs.css' type='text/css' /><script src='/adjuncts/7e0eb739/lib/layout/breadcrumbs.js' type='text/javascript'></script><div class="top-sticker noedge"><div class="top-sticker-inner"><div class="breadcrumbs__wrapper"><ul id="breadcrumbs"><li class="item"><a href="/" class="model-link inside">Dashboard</a></li><li href="/" class="children"></li></ul><div id="breadcrumb-menu-target"></div></div></div></div></td></tr></div></div><div id="page-body" class="clear"><div id="main-panel"><a name="skip2content"></a><h1 style="text-align: center"><img src="/static/7e0eb739/images/rage.png" width="154" height="179"><span style="font-size:50px"> Oops!</span></h1><div id="error-description"><h2 style="text-align: center">A problem occurred while processing the request.</h2><p style="text-align: center">Logging ID=b1330789-fb9d-42f1-a04e-20ed5a296fb2</div></div></div><footer class="page-footer"><div class="container-fluid"><div class="page-footer__flex-row"><div class="page-footer__footer-id-placeholder" id="footer"></div><div class="page-footer__links rest_api hidden-xs"><a href="api/">REST API</a></div><div class="page-footer__links page-footer__links--white jenkins_ver"><a rel="noopener noreferrer" href="https://jenkins.io/" target="_blank">Jenkins 2.277.1</a></div></div></div></footer><script async="true" src="/static/7e0eb739/scripts/svgxuse.min.js" type="text/javascript"></script></body></html>

HTML portion but more readable:

<!DOCTYPE html>
<html class="">
    <head resURL="/static/7e0eb739" data-rooturl="" data-resurl="/static/7e0eb739" data-extensions-available="true" data-unit-test="false" data-imagesurl="/static/7e0eb739/images" data-crumb-header="Jenkins-Crumb" data-crumb-value="99be29d86e38f95ed54bfe4436466e3c843962a3a6d47039d20f1565c6a6a174">
        <title>Jenkins [Jenkins]</title>
        <link rel="stylesheet" href="/static/7e0eb739/jsbundles/base-styles-v2.css" type="text/css">
        <link rel="stylesheet" href="/static/7e0eb739/css/color.css" type="text/css">
        <link rel="stylesheet" href="/static/7e0eb739/css/responsive-grid.css" type="text/css">
        <link rel="shortcut icon" href="/static/7e0eb739/favicon.ico" type="image/vnd.microsoft.icon">
        <link color="black" rel="mask-icon" href="/images/mask-icon.svg">
        <script src="/static/7e0eb739/scripts/prototype.js" type="text/javascript"></script>
        <script src="/static/7e0eb739/scripts/behavior.js" type="text/javascript"></script>
        <script src='/adjuncts/7e0eb739/org/kohsuke/stapler/bind.js' type='text/javascript'></script>
        <script src="/static/7e0eb739/scripts/yui/yahoo/yahoo-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/dom/dom-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/event/event-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/animation/animation-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/dragdrop/dragdrop-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/container/container-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/connection/connection-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/datasource/datasource-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/autocomplete/autocomplete-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/menu/menu-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/element/element-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/button/button-min.js"></script>
        <script src="/static/7e0eb739/scripts/yui/storage/storage-min.js"></script>
        <script src="/static/7e0eb739/scripts/polyfills.js" type="text/javascript"></script>
        <script src="/static/7e0eb739/scripts/hudson-behavior.js" type="text/javascript"></script>
        <script src="/static/7e0eb739/scripts/sortable.js" type="text/javascript"></script>
        <link rel="stylesheet" href="/static/7e0eb739/scripts/yui/container/assets/container.css" type="text/css">
        <link rel="stylesheet" href="/static/7e0eb739/scripts/yui/container/assets/skins/sam/container.css" type="text/css">
        <link rel="stylesheet" href="/static/7e0eb739/scripts/yui/menu/assets/skins/sam/menu.css" type="text/css">
        <link rel="stylesheet" href="/static/7e0eb739/jsbundles/ui-refresh-overrides.css" type="text/css">
        <link rel="search" href="/opensearch.xml" type="application/opensearchdescription+xml" title="Jenkins">
        <meta name="ROBOTS" content="INDEX,NOFOLLOW">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <script src="/adjuncts/7e0eb739/org/kohsuke/stapler/jquery/jquery.full.js" type="text/javascript"></script>
        <script>
            var Q = jQuery.noConflict()
        </script>
        <link rel="stylesheet" href="/plugin/jquery-ui/css/jquery-ui-1.8.9.custom.css" type="text/css">
        <script src="/plugin/jquery-ui/js/jquery-ui-1.8.9.custom.min.js"></script>
        <script src="/static/7e0eb739/jsbundles/vendors.js" type="text/javascript"></script>
        <script src="/static/7e0eb739/jsbundles/page-init.js" type="text/javascript"></script>
        <script src="/static/7e0eb739/jsbundles/sortable-drag-drop.js" type="text/javascript"></script>
    </head>
    <body data-model-type="hudson.model.Hudson" id="jenkins" class="yui-skin-sam one-column jenkins-2.277.1" data-version="2.277.1">
        <a href="#skip2content" class="skiplink">Skip to content</a>
        <div id="page-head">
            <header id="header" class="page-header">
                <div class="page-header__brand">
                    <div class="logo">
                        <a id="jenkins-home-link" href="/">
                            <img src="/static/7e0eb739/images/jenkins-header-logo-v2.svg" alt="[Jenkins]" id="jenkins-head-icon">
                            <img src="/static/7e0eb739/images/title.png" alt="Jenkins" width="139" id="jenkins-name-icon" height="34">
                        </a>
                    </div>
                    <a href="/" class="page-header__brand-link">
                        <img src="/static/7e0eb739/images/jenkins-header-logo-v2.svg" alt="[Jenkins]" class="page-header__brand-image">
                        <span class="page-header__brand-name">Jenkins</span>
                    </a>
                </div>
                <div class="searchbox hidden-xs">
                    <form role="search" method="get" name="search" action="/search/" style="position:relative;" class="no-json">
                        <div id="search-box-sizer"></div>
                        <div id="searchform">
                            <input role="searchbox" name="q" placeholder="search" id="search-box" class="main-search__input">
                            <span class="main-search__icon-leading">
                                <svg viewBox="0 0 24 24" focusable="false" class="svg-icon ">
                                    <use href="/static/7e0eb739/images/material-icons/svg-sprite-action-symbol.svg#ic_search_24px"></use>
                                </svg>
                            </span>
                            <a href="https://jenkins.io/redirect/search-box" class="main-search__icon-trailing">
                                <svg viewBox="0 0 24 24" focusable="false" class="svg-icon ">
                                    <use href="/static/7e0eb739/images/material-icons/svg-sprite-action-symbol.svg#ic_help_outline_24px"></use>
                                </svg>
                            </a>
                            <div id="search-box-completion"></div>
                            <script>
                                createSearchBox("/search/");
                            </script>
                        </div>
                    </form>
                </div>
                <div class="login page-header__hyperlinks">
                    <div id="visible-am-insertion" class="page-header__am-wrapper"></div>
                    <div id="visible-sec-am-insertion" class="page-header__am-wrapper"></div>
                    <a href="/login?from=%2Fproject%2FAddons%2FavcInstallationCD">
                        <b>log in</b>
                    </a>
                </div>
            </header>
            <div id="breadcrumbBar">
                <tr id="top-nav">
                    <td id="left-top-nav" colspan="2">
                        <link rel='stylesheet' href='/adjuncts/7e0eb739/lib/layout/breadcrumbs.css' type='text/css'/>
                        <script src='/adjuncts/7e0eb739/lib/layout/breadcrumbs.js' type='text/javascript'></script>
                        <div class="top-sticker noedge">
                            <div class="top-sticker-inner">
                                <div class="breadcrumbs__wrapper">
                                    <ul id="breadcrumbs">
                                        <li class="item">
                                            <a href="/" class="model-link inside">Dashboard</a>
                                        </li>
                                        <li href="/" class="children"></li>
                                    </ul>
                                    <div id="breadcrumb-menu-target"></div>
                                </div>
                            </div>
                        </div>
                    </td>
                </tr>
            </div>
        </div>
        <div id="page-body" class="clear">
            <div id="main-panel">
                <a name="skip2content"></a>
                <h1 style="text-align: center">
                    <img src="/static/7e0eb739/images/rage.png" width="154" height="179">
                    <span style="font-size:50px">Oops!</span>
                </h1>
                <div id="error-description">
                    <h2 style="text-align: center">A problem occurred while processing the request.</h2>
                    <p style="text-align: center">Logging ID=b1330789-fb9d-42f1-a04e-20ed5a296fb2
                </div>
            </div>
        </div>
        <footer class="page-footer">
            <div class="container-fluid">
                <div class="page-footer__flex-row">
                    <div class="page-footer__footer-id-placeholder" id="footer"></div>
                    <div class="page-footer__links rest_api hidden-xs">
                        <a href="api/">REST API</a>
                    </div>
                    <div class="page-footer__links page-footer__links--white jenkins_ver">
                        <a rel="noopener noreferrer" href="https://jenkins.io/" target="_blank">Jenkins 2.277.1</a>
                    </div>
                </div>
            </div>
        </footer>
        <script async="true" src="/static/7e0eb739/scripts/svgxuse.min.js" type="text/javascript"></script>
    </body>
</html>

The "Logging ID" referenced in the HTML corresponds to the following log message:

Caught unhandled exception with ID b1330789-fb9d-42f1-a04e-20ed5a296fb2
java.lang.NullPointerException
    at com.dabsquared.gitlabjenkins.trigger.handler.AbstractWebHookTriggerHandler.setCommitStatusPendingIfNecessary(AbstractWebHookTriggerHandler.java:67)
    at com.dabsquared.gitlabjenkins.trigger.handler.AbstractWebHookTriggerHandler.handle(AbstractWebHookTriggerHandler.java:53)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerImpl.handle(PushHookTriggerHandlerImpl.java:37)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerImpl.handle(PushHookTriggerHandlerImpl.java:23)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerList.handle(PushHookTriggerHandlerList.java:24)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerList.handle(PushHookTriggerHandlerList.java:13)
    at com.dabsquared.gitlabjenkins.GitLabPushTrigger.onPost(GitLabPushTrigger.java:478)
    at com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction$1.performOnPost(PushBuildAction.java:88)
    at com.dabsquared.gitlabjenkins.webhook.build.BuildWebHookAction$TriggerNotifier.run(BuildWebHookAction.java:54)
    at hudson.security.ACL.impersonate2(ACL.java:423)
    at hudson.security.ACL.impersonate(ACL.java:435)
    at com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction.execute(PushBuildAction.java:85)
    at com.dabsquared.gitlabjenkins.webhook.build.BuildWebHookAction.execute(BuildWebHookAction.java:31)
    at com.dabsquared.gitlabjenkins.webhook.GitLabWebHook.getDynamic(GitLabWebHook.java:44)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
    at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:455)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
Caused: javax.servlet.ServletException
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:816)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
    at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:457)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
    at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
    at org.jenkinsci.plugins.corsfilter.AccessControlsFilter.doFilter(AccessControlsFilter.java:79)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.plugins.scm_sync_configuration.extensions.ScmSyncConfigurationFilter$1.call(ScmSyncConfigurationFilter.java:49)
    at hudson.plugins.scm_sync_configuration.extensions.ScmSyncConfigurationFilter$1.call(ScmSyncConfigurationFilter.java:44)
    at hudson.plugins.scm_sync_configuration.ScmSyncConfigurationDataProvider.provideRequestDuring(ScmSyncConfigurationDataProvider.java:106)
    at hudson.plugins.scm_sync_configuration.extensions.ScmSyncConfigurationFilter.doFilter(ScmSyncConfigurationFilter.java:44)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at com.dabsquared.gitlabjenkins.webhook.GitLabWebHook$GitlabWebHookCrumbExclusion.process(GitLabWebHook.java:53)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:127)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:92)
    at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:133)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:92)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.Server.handle(Server.java:516)
    at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:279)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)
    at java.lang.Thread.run(Thread.java:748)

• Open the job configuration page (secret key is available in plain text).
• Click "Apply" button. Now the value of secretToken in config.xml is hashed and the webhook works.
• Re-running Jenkins Job Builder returns the secret key to its plain text value and breaks the webhook.
• With over 1,000 jobs managed with Jenkins Job Builder, having a method to automate webhook linking is vital. Either looking for a way to assign the token using Jenkins Job Builder using its documented feature or a way to hit an API endpoint to generate and get a new secret token for a job (attempted to use the 'generateSecretToken' endpoint used by the button, but still requires submitting form data for the entire configuration... not very friendly).

Results

Expected result:

Webhooks to work with the secret token provided to Jenkins Job Builder OR an API endpoint to generate, save and retrieve a secret token for a given job (for a script that can be executed immediately after Jenkins Job Builder to re-link all web hooks). I also expect no NullPointerExceptions, in general.

Actual result:

Status 500 error pasted above about the NullPointerException.

[halverneus]

Looks similar to #1088 .

[halverneus]

Likewise, following the instructions for both, "Configuring per-project authentication" and "Disabling authentication" results in "HTTP ERROR 401 Invalid token".