Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Highest
Fix Version/s: 9.15.2
Affects Version/s: 9.15.0, 9.15.1
Component/s: Data Center - Apps, REST API
Labels:
- FY24RRD
- ecohelp

Introduced in Version:
9.15
Symptom Severity:
Severity 1 - Critical
UIS:
2
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

This is reproducible on Data Center: (yes)

When an app provides a REST endpoint through the REST Module under some conditions, including but not limited to

Securing a REST endpoint with @AdminOnly and when the end point is accessed with a non-admin user

Jira crashes.

Symption include

Apps are not initialised - this is non-deterministic
Endpoints return HTTP 500

This is caused by the code in *com/atlassian/plugins/rest/atlassian-rest-v2-api/7.2.0/atlassian-rest-v2-api-7.2.0.jar!/com/atlassian/plugins/rest/api/model/Status.class* which is a bug in Data Center Platform 6.5.3 which and is fixed in newer versions of Data Centre Platform 6.5.x.

package com.atlassian.plugins.rest.api.model;
...
@XmlRootElement
public class Status {
    @XmlElement
    private final Plugin plugin;
    @XmlElement(
        name = "status-code"
    )
...

    @XmlElementWrapper(
        name = "resources-created"
    )
    @XmlElement(
        name = "link"    // <================ DUPLICATE !!!!!
    )
    private final Collection<Link> resourcesCreated;
    @XmlElementWrapper(
        name = "resources-updated"
    )
    @XmlElement(
        name = "link"    // <================ DUPLICATE !!!!!
    )
    private final Collection<Link> resourcesUpdated;
...

Steps to Reproduce

Create an app that provides REST endoints
Secure an endpoint with @AdminOnly

Access the endpoint with a username/password that doesn't have admin access

curl -u bob:1234 -H 'accept: application/json' "http://localhost:8080/rest/myapp/1/admin/foo"

Expected Results

The endpoint returns HTTP 403.

Actual Results

The below exception is thrown in the atlassian-jira.log file:

13-Apr-2024 11:45:02.509 SEVERE [http-nio-8080-exec-3 url: /rest/myapp/1/admin/foo; user: bob] org.glassfish.jersey.server.ServerRuntime$Responder.process Error occurred when processing a response created from an already mapped exception.
13-Apr-2024 11:45:02.511 WARNING [http-nio-8080-exec-3 url: /rest/myapp/1/admin/foo; user: bob] org.glassfish.jersey.server.ServerRuntime$Responder.release Attempt to release request processing resources has failed for a request.
	org.glassfish.jersey.server.ContainerException: java.util.concurrent.ExecutionException: org.glassfish.jersey.server.internal.process.MappableException: com.fasterxml.jackson.databind.exc.InvalidDefinitionException:
	   Multiple fields representing property "link": com.atlassian.plugins.rest.api.model.Status#resourcesCreated vs com.atlassian.plugins.rest.api.model.Status#resourcesUpdated
		at org.glassfish.jersey.servlet.internal.ResponseWriter.getResponseContext(ResponseWriter.java:278)
		at org.glassfish.jersey.servlet.internal.ResponseWriter.writeResponseStatusAndHeaders(ResponseWriter.java:128)

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Mladen Girazovski

Reporter:: James Richards

Votes:: 17 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 18/Apr/2024 4:00 AM

Updated:: 11 hours ago