Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-13959

Do not show error messages in the UI when the error is failed authentication

    XMLWordPrintable

Details

    • 1
    • 4
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Currently, JIRA source tab user interface do not handle the exception well enough. Let takes a scenario where the integration between FishEye and JIRA is using trusted application, two user had the right to access the issue but one of the user does not actually have the rights to access the repository in FishEye. When user does not has the right to access the FishEye repository it will have the following exception in the UI:

      The JIRA logs report:

      2012-11-28 18:51:51,640 http-8888-2 ERROR <Username> 1131x692870x1 8b1qq6 172.16.61.89 /browse/SE-1212 [jirafisheyeplugin.domain.crucible.ReviewManagerImpl] (CRU Changeset Search) Error encountered retrieving issue reviews from '<Fisheye_Repository>' on 'Fisheye_URL'
java.io.IOException: Error in remote call to '<Fisheye Application Name>' (Fisheye_URL) [AbstractRestCommand{path='api/rest/query', params={query=select revisions where (comment matches 'SE-1212' or p4:jobid = 'SE-1212') return reviews, rep=PIAdaptor}, methodType=POST}] : permission denied for: <Fisheye_Repository>

	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl.callFisheye(FishEyeRestApiManagerImpl.java:197)
	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl.callFisheye(FishEyeRestApiManagerImpl.java:124)
	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl.callFisheye(FishEyeRestApiManagerImpl.java:119)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl.searchForReviews(ReviewManagerImpl.java:323)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl.access$000(ReviewManagerImpl.java:31)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl$1.doQuery(ReviewManagerImpl.java:172)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl$1.doQuery(ReviewManagerImpl.java:164)
	at com.atlassian.jirafisheyeplugin.domain.P4Query.doQuery(P4Query.java:12)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl.getReviewsFromRepositories(ReviewManagerImpl.java:183)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl.getReviewsForIssue(ReviewManagerImpl.java:86)
	at com.atlassian.jirafisheyeplugin.domain.crucible.ReviewManagerImpl.getReviewsForIssue(ReviewManagerImpl.java:100)
	at com.atlassian.jirafisheyeplugin.web.issuetabpanel.crucible.CrucibleIssueTabPanel.createActions(CrucibleIssueTabPanel.java:79)
	at com.atlassian.jirafisheyeplugin.web.issuetabpanel.AbstractFishEyeCrucibleIssueTabPanel.getActions(AbstractFishEyeCrucibleIssueTabPanel.java:91)
	at com.atlassian.jira.plugin.issuetabpanel.IssueTabPanelInvokerImpl.invokeGetActions(IssueTabPanelInvokerImpl.java:87)
	at com.atlassian.jira.issue.tabpanels.AllTabPanel.getActions(AllTabPanel.java:40)
	at com.atlassian.jira.plugin.issuetabpanel.IssueTabPanelInvokerImpl.invokeGetActions(IssueTabPanelInvokerImpl.java:87)  <+2> (DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.atlassian.multitenant.impl.MultiTenantComponentFactoryImpl$AbstractMultiTenantAwareInvocationHandler.invokeInternal(MultiTenantComponentFactoryImpl.java:181)
	at com.atlassian.multitenant.impl.MultiTenantComponentFactoryImpl$MultiTenantAwareInvocationHandler.invoke(MultiTenantComponentFactoryImpl.java:211)
	at $Proxy415.invokeGetActions(Unknown Source)  <+2> (DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.atlassian.plugin.osgi.hostcomponents.impl.DefaultComponentRegistrar$ContextClassLoaderSettingInvocationHandler.invoke(DefaultComponentRegistrar.java:129)
	at $Proxy415.invokeGetActions(Unknown Source)  <+2> (DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:154)
	at $Proxy415.invokeGetActions(Unknown Source)
	at com.atlassian.jira.plugin.viewissue.ActivityBlockViewIssueContextProvider.getContextMap(ActivityBlockViewIssueContextProvider.java:82)
	at com.atlassian.jira.plugin.webfragment.CacheableContextProviderDecorator.initContextMap(CacheableContextProviderDecorator.java:70)
	at com.atlassian.jira.plugin.webfragment.CacheableContextProviderDecorator.getContextMap(CacheableContextProviderDecorator.java:46)
	at com.atlassian.jira.plugin.webfragment.contextproviders.MultiContextProvider.getContextMap(MultiContextProvider.java:99)
	at com.atlassian.plugin.web.descriptors.DefaultWebPanelModuleDescriptor$ContextAwareWebPanel.getHtml(DefaultWebPanelModuleDescriptor.java:143)
	at com.atlassian.jira.web.action.issue.ViewIssue.renderActivityModule(ViewIssue.java:269)  <+2> (DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:70)
	at webwork.util.InjectionUtils.invoke(InjectionUtils.java:56)
	at webwork.util.ValueStack.findValue(ValueStack.java:514)
	at webwork.util.ValueStack.findValue(ValueStack.java:213)
	at webwork.view.taglib.WebWorkBodyTagSupport.findValue(WebWorkBodyTagSupport.java:62)
	at webwork.view.taglib.BasicPropertyTag.doStartTag(BasicPropertyTag.java:54)
	at org.apache.jsp.secure.views.issue.viewissuetab_jsp._jspx_meth_ww_005fproperty_005f2(viewissuetab_jsp.java:143)
	at org.apache.jsp.secure.views.issue.viewissuetab_jsp._jspService(viewissuetab_jsp.java:78)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:386)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)  <+11> (ApplicationFilterChain.java:290) (ApplicationFilterChain.java:206) (XContentTypeOptionsNoSniffFilter.java:22) (AbstractHttpFilter.java:31) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (HeaderSanitisingFilter.java:32) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66)
	at com.atlassian.labs.botkiller.BotKillerFilter.doFilter(BotKillerFilter.java:30)  <+31> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66) (ContextFilter.java:25) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (SitemeshPageFilter.java:119) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (SecurityFilter.java:82) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (BaseLoginFilter.java:169) (JiraLoginFilter.java:70) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66) (OAuthFilter.java:71) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66)
	at com.atlassian.bonfire.web.filters.BonfireP3PFilter.doFilter(BonfireP3PFilter.java:43)  <+17> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (ApplicationDispatcher.java:646) (ApplicationDispatcher.java:436) (ApplicationDispatcher.java:374) (ApplicationDispatcher.java:302) (JiraWebworkActionDispatcher.java:314) (JiraWebworkActionDispatcher.java:205)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)  <+11> (ApplicationFilterChain.java:290) (ApplicationFilterChain.java:206) (XContentTypeOptionsNoSniffFilter.java:22) (AbstractHttpFilter.java:31) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (HeaderSanitisingFilter.java:32) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66)
	at com.atlassian.labs.botkiller.BotKillerFilter.doFilter(BotKillerFilter.java:30)  <+28> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66) (ContextFilter.java:25) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (SecurityFilter.java:82) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (BaseLoginFilter.java:169) (JiraLoginFilter.java:70) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66) (OAuthFilter.java:71) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66)
	at com.atlassian.bonfire.web.filters.BonfireP3PFilter.doFilter(BonfireP3PFilter.java:43)  <+15> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (ApplicationDispatcher.java:646) (ApplicationDispatcher.java:436) (ApplicationDispatcher.java:374) (ApplicationDispatcher.java:302)
	at com.atlassian.jira.servlet.QuickLinkServlet.linkToIssue(QuickLinkServlet.java:158)
	at com.atlassian.jira.servlet.QuickLinkServlet.service(QuickLinkServlet.java:46)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)  <+14> (ApplicationFilterChain.java:290) (ApplicationFilterChain.java:206) (ChainedFilterStepRunner.java:78) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (XContentTypeOptionsNoSniffFilter.java:22) (AbstractHttpFilter.java:31) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (HeaderSanitisingFilter.java:44) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66)
	at com.atlassian.labs.botkiller.BotKillerFilter.doFilter(BotKillerFilter.java:36)  <+3> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66)
	at com.atlassian.jira.tzdetect.IncludeResourcesFilter.doFilter(IncludeResourcesFilter.java:39)  <+22> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66) (ContextFilter.java:25) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (AccessLogFilter.java:103) (AccessLogFilter.java:87) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (XsrfTokenAdditionRequestFilter.java:54) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (SitemeshPageFilter.java:119) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66)
	at com.atlassian.labs.remoteapps.modules.permissions.ApiScopingFilter.doFilter(ApiScopingFilter.java:60)  <+22> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (SecurityFilter.java:234) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (TrustedApplicationsFilter.java:98) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (BaseLoginFilter.java:169) (JiraLoginFilter.java:70) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66) (OAuthFilter.java:71) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66)
	at com.atlassian.bonfire.web.filters.BonfireP3PFilter.doFilter(BonfireP3PFilter.java:57)  <+22> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (ProfilingFilter.java:99) (JIRAProfilingFilter.java:19) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (AbstractJohnsonFilter.java:71) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (UrlRewriteFilter.java:738) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (GzipFilter.java:80) (GzipFilter.java:51) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (IteratingFilterChain.java:46) (DelegatingPluginFilter.java:66)
	at com.atlassian.labs.remoteapps.modules.oauth.OAuth2LOFilter.doFilter(OAuth2LOFilter.java:70)  <+3> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66)
	at com.atlassian.labs.remoteapps.util.http.bigpipe.RequestIdSettingFilter.doFilter(RequestIdSettingFilter.java:22)  <+47> (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (DelegatingPluginFilter.java:66) (JWDSendRedirectFilter.java:25) (DelegatingPluginFilter.java:74) (IteratingFilterChain.java:42) (ServletFilterModuleContainerFilter.java:77) (ServletFilterModuleContainerFilter.java:63) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (ChainedFilterStepRunner.java:78) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (AbstractCachingFilter.java:33) (AbstractHttpFilter.java:31) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (AbstractEncodingFilter.java:41) (AbstractHttpFilter.java:31) (PathMatchingEncodingFilter.java:49) (AbstractHttpFilter.java:31) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (ActiveRequestsFilter.java:346) (ActiveRequestsFilter.java:463) (ActiveRequestsFilter.java:173) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (JiraStartupChecklistFilter.java:75) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (MultiTenantServletFilter.java:91) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (ChainedFilterStepRunner.java:78) (ApplicationFilterChain.java:235) (ApplicationFilterChain.java:206) (StandardWrapperValve.java:233) (StandardContextValve.java:191) (StandardHostValve.java:127) (ErrorReportValve.java:102) (StandardEngineValve.java:109) (AccessLogValve.java:554) (CoyoteAdapter.java:298) (Http11AprProcessor.java:864) (Http11AprProtocol.java:579) (AprEndpoint.java:1665)
	at java.lang.Thread.run(Thread.java:662)
Caused by: com.atlassian.sal.api.net.ResponseException: permission denied for: <Fisheye_Repository>

	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl$FishEyeResponseHandler.extractDocumentFrom(FishEyeRestApiManagerImpl.java:399)
	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl$FishEyeResponseHandler.handle(FishEyeRestApiManagerImpl.java:377)
	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl$FishEyeResponseHandler.handle(FishEyeRestApiManagerImpl.java:334)
	at com.atlassian.applinks.core.auth.oauth.OAuthApplinksResponseHandler.handle(OAuthApplinksResponseHandler.java:116)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166)
	at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:307)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:85)
	at com.atlassian.applinks.core.auth.oauth.OAuthRequest.execute(OAuthRequest.java:196)
	at com.atlassian.jirafisheyeplugin.rest.FishEyeRestApiManagerImpl.callFisheye(FishEyeRestApiManagerImpl.java:175)
	... 315 more

      Where else the user has the right to access the repository do not have the particular exception. It would be great if such exception is suppress in the user interface level

      Workaround


      Changing the Jira Permission Scheme to hide the Source Tab from users without access to Fisheye will hide the Source tab activity from the All tab as well.

      Attachments

        Activity

          People

            Unassigned Unassigned
            zyap Zed Yap [Atlassian]
            Votes:
            12 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated: