Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-77619

Activity Stream polls third-party applications

    XMLWordPrintable

Details

    Description

      Issue Summary

      Jira's Activity Stream (dashboard gadget/user profile) provides activity data from external applications connected using application links. This may include third-party applications not designed to provide Activity Stream data. In addition to producing log spam, this may effectively DoS the third-party application or hit rate limits.

      This bug report mirrors STRM-2355 for increased visibility.

      Steps to Reproduce

      1. Create an application link between Jira and a third-party application (OAuth).
      2. Load a dashboard with the Activity Stream gadget.

      Expected Results

      The Activity Stream plugin doesn't poll third-party applications.

      Alternatively:

      1. The Activity Stream plugin makes a one-time verification to confirm whether it's an Activity Stream provider.
      2. Jira administrators can globally exclude third-party applications from Activity Stream polling in the application link settings.

      Actual Results

      When the Activity Stream gadget loads, it makes an HTTP GET request to <application-url>/plugins/servlet/streams?use-accept-lang=true&authOnly=true&local=true&maxResults=10. Additionally, the following is logged to atlassian-jira.log:

      2024-04-10 00:00:00,000+0000 http-nio-8080-exec-1 WARN admin 1x1x1 abcdef 0.0.0.0 /plugins/servlet/streams [c.a.streams.internal.StreamsCompletionService] Registering failure for stream provider Generic App Link due to error other

      (where "Generic App Link" is the name of third-party application)

      Workaround

      If your Jira installation uses ScriptRunner, the following console script allows you to exclude specific application links from the Activity Stream:

      import com.atlassian.applinks.api.ApplicationId
import com.atlassian.applinks.api.ApplicationLink
import com.atlassian.applinks.api.ApplicationLinkService
import com.atlassian.jira.component.ComponentAccessor

// Replace with application link UUID
// You can obtain this at <jira-base-url>/rest/applinks/3.0/applinks
final String APP_LINK_UUID = "9cfe4508-64fe-3bdd-969a-538f4634a999"

final String ACTIVITY_PROP = "IS_ACTIVITY_ITEM_PROVIDER"
final String DISABLED = Boolean.FALSE.toString()

log.warn(String.format("Setting %s property to %s for app link %s", ACTIVITY_PROP, DISABLED, APP_LINK_UUID))
final ApplicationLinkService appLinkService = ComponentAccessor.getComponent(ApplicationLinkService.class)
final ApplicationLink appLink = appLinkService.getApplicationLink(new ApplicationId(APP_LINK_UUID))
assert appLink != null
appLink.putProperty(ACTIVITY_PROP, DISABLED)

      The value of APP_LINK_UUID will need to be replaced with the application link's internal ID. This can be found by navigating to <jira-base-url>/rest/applinks/3.0/applinks. For example:

      {
    "id": "9cfe4508-64fe-3bdd-969a-538f4634a999",
    "name": "Generic App Link",
    "displayUrl": "https://example.com",
    "rpcUrl": "https://example.com",
    "type": "generic",
    "system": false,
    "primary": true,
    "properties": {},
    "data": {}
  },

      Here, the internal ID for "Generic App Link" is 9cfe4508-64fe-3bdd-969a-538f4634a999.

      After running the script, the application link will be immediately excluded from the Activity Stream providers. No restart is required.

      Attachments

        Issue Links

          is caused by

          STRM-2355 Loading...

          Activity

            People

              Unassigned Unassigned
              1353e2e9fd2f Benjamin S
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: