Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-21286

UserUtilImpl doesn't properly handle the case when "Anyone" has permission to administrate JIRA

    XMLWordPrintable

Details

    • 4
    • 1
    • Severity 3 - Minor
    • Hide
      Atlassian Update – 16 November 2017

      Hi everyone,

      The issue has not collected enough votes, watches, comments or support cases during it's lifetime. In this sense overal interest in the reported problem is low.
      Jira team is focusing on bigger and more impactful issues at the moment and we are not likely to look at the current bug soon. Therefore I'm resolving the issue as Timed Out.

      Atlassian will continue to watch issue for the further updates, so please don't hesitate to share your feedback in the issue comments.

      Cheers,
      Ignat Alexeyenko
      Jira bugmaster.

      Show
      Atlassian Update – 16 November 2017 Hi everyone, The issue has not collected enough votes, watches, comments or support cases during it's lifetime. In this sense overal interest in the reported problem is low. Jira team is focusing on bigger and more impactful issues at the moment and we are not likely to look at the current bug soon. Therefore I'm resolving the issue as Timed Out . Atlassian will continue to watch issue for the further updates, so please don't hesitate to share your feedback in the issue comments. Cheers, Ignat Alexeyenko Jira bugmaster.

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      Bizarrely this bug only seems to occur when the Anyone "group" has admin or sysadmin permissions (as set in permission schemes). It results in a call to UserUtilImpl.getGroup with a null group (which I guess, but am not sure is supposed to represent the Anyone group). This in turn may throw an exception, depending on what is backing it.

      Luckily it is unusual for people to grant admin access to Anyone, so this is unlikely to affect too many customers.

      The workaround is to replace the Anyone group where it is used in the permissions scheme with a group containing all users.

      An example stack trace that occurs in this situation is (though I doubt this problem is limited to Studio or GreenHopper)
      com.atlassian.util.concurrent.LazyReference$InitializationException: java.lang.IllegalArgumentException: [Assertion Failed] - argument passed to method must not be null
      at com.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:152)
      at com.atlassian.util.concurrent.LazyReference.get(LazyReference.java:115)
      at com.atlassian.util.concurrent.ResettableLazyReference.get(ResettableLazyReference.java:73)
      at com.atlassian.jira.user.util.UserUtilImpl.getActiveUserCount(UserUtilImpl.java:370)
      at com.atlassian.jira.user.util.UserUtilImpl.hasExceededUserLimit(UserUtilImpl.java:388)
      at com.atlassian.studio.jira.license.StudioLicenseUserUtilImpl.hasExceededUserLimit(StudioLicenseUserUtilImpl.java:130)
      at sun.reflect.GeneratedMethodAccessor487.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at com.atlassian.jira.ProxyAdapter$ProxiedComponentInvocationHandler.invoke(ProxyAdapter.java:171)
      at $Proxy171.hasExceededUserLimit(Unknown Source)
      at com.pyxis.greenhopper.jira.license.GreenHopperLicenseManagerImpl.doVerify(GreenHopperLicenseManagerImpl.java:154)
      at com.pyxis.greenhopper.jira.license.GreenHopperLicenseManagerImpl.verify(GreenHopperLicenseManagerImpl.java:49)
      at com.pyxis.greenhopper.jira.actions.ConfigurationAction.doSuccess(ConfigurationAction.java:93)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:61)
      at webwork.util.InjectionUtils.invoke(InjectionUtils.java:52)
      at webwork.action.ActionSupport.invokeCommand(ActionSupport.java:417)
      at webwork.action.ActionSupport.execute(ActionSupport.java:146)
      at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:59)
      at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:141)
      at com.atlassian.jira.web.dispatcher.JiraServletDispatcher.service(JiraServletDispatcher.java:181)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:44)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.jira.web.filters.accesslog.AccessLogFilter.executeRequest(AccessLogFilter.java:154)
      at com.atlassian.jira.web.filters.accesslog.AccessLogFilter.doFilter(AccessLogFilter.java:133)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:119)
      at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:55)
      at com.atlassian.jira.web.filters.SitemeshExcludePathFilter.doFilter(SitemeshExcludePathFilter.java:40)
      at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:206)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:98)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:131)
      at com.atlassian.jira.web.filters.JiraLoginFilter.doFilter(JiraLoginFilter.java:70)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
      at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
      at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:69)
      at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
      at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:99)
      at com.atlassian.jira.web.filters.JIRAProfilingFilter.doFilter(JIRAProfilingFilter.java:16)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.jira.web.filters.ActionCleanupDelayFilter.doFilter(ActionCleanupDelayFilter.java:59)
      at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.jira.web.filters.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:53)
      at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:72)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:350)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:81)
      at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:51)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
      at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33)
      at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41)
      at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:72)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
      at java.lang.Thread.run(Thread.java:613)
      Caused by: java.lang.IllegalArgumentException: [Assertion Failed] - argument passed to method must not be null
      at com.atlassian.crowd.integration.util.Assert.notNull(Assert.java:33)
      at com.atlassian.crowd.integration.osuser.CrowdAccessProvider.handles(CrowdAccessProvider.java:59)
      at com.opensymphony.user.UserManager.getProvider(UserManager.java:269)
      at com.opensymphony.user.UserManager.getEntity(UserManager.java:257)
      at com.opensymphony.user.UserManager.getGroup(UserManager.java:173)
      at com.atlassian.jira.user.util.DefaultUserManager.getGroup(DefaultUserManager.java:79)
      at sun.reflect.GeneratedMethodAccessor294.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at com.atlassian.jira.ProxyAdapter$ProxiedComponentInvocationHandler.invoke(ProxyAdapter.java:167)
      at $Proxy90.getGroup(Unknown Source)
      at sun.reflect.GeneratedMethodAccessor294.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at com.atlassian.plugin.osgi.hostcomponents.impl.DefaultComponentRegistrar$ContextClassLoaderSettingInvocationHandler.invoke(DefaultComponentRegistrar.java:129)
      at $Proxy90.getGroup(Unknown Source)
      at sun.reflect.GeneratedMethodAccessor294.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:150)
      at $Proxy90.getGroup(Unknown Source)
      at com.atlassian.jira.user.util.UserUtilImpl.getGroup(UserUtilImpl.java:567)
      at com.atlassian.jira.user.util.UserUtilImpl$1.create(UserUtilImpl.java:103)
      at com.atlassian.jira.user.util.UserUtilImpl$1.create(UserUtilImpl.java:96)
      at com.atlassian.util.concurrent.ResettableLazyReference$InternalReference.create(ResettableLazyReference.java:127)
      at com.atlassian.util.concurrent.LazyReference$1.call(LazyReference.java:79)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)
      at java.util.concurrent.FutureTask.run(FutureTask.java:123)
      at com.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:146)
      at com.atlassian.util.concurrent.LazyReference.get(LazyReference.java:115)
      at com.atlassian.util.concurrent.ResettableLazyReference.get(ResettableLazyReference.java:73)
      at com.atlassian.jira.user.util.UserUtilImpl.getActiveUserCount(UserUtilImpl.java:370)
      at com.atlassian.jira.user.util.UserUtilImpl.hasExceededUserLimit(UserUtilImpl.java:388)
      at com.atlassian.studio.jira.license.StudioLicenseUserUtilImpl.hasExceededUserLimit(StudioLicenseUserUtilImpl.java:130)
      at sun.reflect.GeneratedMethodAccessor487.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at com.atlassian.jira.ProxyAdapter$ProxiedComponentInvocationHandler.invoke(ProxyAdapter.java:171)
      at $Proxy171.hasExceededUserLimit(Unknown Source)
      at com.atlassian.jira.web.action.admin.GlobalPermissions.hasExceededUserLimit(GlobalPermissions.java:337)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:592)
      at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:61)
      at webwork.util.InjectionUtils.invoke(InjectionUtils.java:52)
      at webwork.util.ValueStack.findValue(ValueStack.java:409)
      at webwork.util.SimpleTest.test(SimpleTest.java:391)
      at webwork.util.ValueStack.test(ValueStack.java:157)
      at webwork.view.taglib.IfTag.doStartTag(IfTag.java:38)
      at org.apache.jsp.secure.admin.jira.views.globalpermissions_jsp._jspService(globalpermissions_jsp.java:193)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
      at com.atlassian.jira.web.dispatcher.JiraServletDispatcher.service(JiraServletDispatcher.java:251)
      ... 94 more

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-21286 UserUtilImpl doesn't properly handle the case when "Anyone" has permission to administrate JIRA

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              edalgliesh Eric Dalgliesh
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: