Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 9.15.2
Affects Version/s: 9.15.0, 9.15.1
Component/s: Data Center - Apps, REST API
Labels:
- FY24RRD
- ecohelp

Introduced in Version:
9.15
Support reference count:
9
Symptom Severity:
Severity 1 - Critical
UIS:
30
Bug Fix Policy:
View Atlassian Server bug fix policy
Current Status:

Hide

Dear Customer,

We are glad to inform you that the fix for Jira 9.15.0 and 9.15.1 incompatibility with ScriptRunner and Rich Filters has been released and it is available for download.

It is recommended that if you are using any of the above versions, you proceed to the download, available here. In case you have questions on how to perform the upgrade, you can check our documentation here or contact us directly by replying to this ticket.

We apologize for the inconvenience that this issue might have caused and our team will be ready to support you in case you have any questions.

Thank you,

Dita Vyslouzilova

Jira DC Engineering Manager

Show
Dear Customer, We are glad to inform you that the fix for Jira 9.15.0 and 9.15.1 incompatibility with ScriptRunner and Rich Filters has been released and it is available for download. It is recommended that if you are using any of the above versions, you proceed to the download, available here . In case you have questions on how to perform the upgrade, you can check our documentation here or contact us directly by replying to this ticket. We apologize for the inconvenience that this issue might have caused and our team will be ready to support you in case you have any questions. Thank you, Dita Vyslouzilova Jira DC Engineering Manager

Description

Issue Summary

This is reproducible on Data Center: (yes)

When an app provides a REST endpoint through the REST Module under some conditions, including but not limited to

Securing a REST endpoint with @AdminOnly and when the end point is accessed with a non-admin user

Jira crashes.

Symptoms include

Endpoints return HTTP 500

This is caused by the code in {}com/atlassian/plugins/rest/atlassian-rest-v2-api/7.2.0/atlassian-rest-v2-api-7.2.0.jar!/com/atlassian/plugins/rest/api/model/Status.class{} which is a bug in Data Center Platform 6.5.3 which and is fixed in newer versions of Data Centre Platform 6.5.x.

package com.atlassian.plugins.rest.api.model;
...
@XmlRootElement
public class Status {
    @XmlElement
    private final Plugin plugin;
    @XmlElement(
        name = "status-code"
    )
...

    @XmlElementWrapper(
        name = "resources-created"
    )
    @XmlElement(
        name = "link"    // <================ DUPLICATE !!!!!
    )
    private final Collection<Link> resourcesCreated;
    @XmlElementWrapper(
        name = "resources-updated"
    )
    @XmlElement(
        name = "link"    // <================ DUPLICATE !!!!!
    )
    private final Collection<Link> resourcesUpdated;
...

Steps to Reproduce

Create an app that provides REST endoints
Secure an endpoint with @AdminOnly

Access the endpoint with a username/password that doesn't have admin access

curl -u bob:1234 -H 'accept: application/json' "http://localhost:8080/rest/myapp/1/admin/foo"

Expected Results

The endpoint returns HTTP 403.

Actual Results

The below exception is thrown in the atlassian-jira.log file:

13-Apr-2024 11:45:02.509 SEVERE [http-nio-8080-exec-3 url: /rest/myapp/1/admin/foo; user: bob] org.glassfish.jersey.server.ServerRuntime$Responder.process Error occurred when processing a response created from an already mapped exception.
13-Apr-2024 11:45:02.511 WARNING [http-nio-8080-exec-3 url: /rest/myapp/1/admin/foo; user: bob] org.glassfish.jersey.server.ServerRuntime$Responder.release Attempt to release request processing resources has failed for a request.
	org.glassfish.jersey.server.ContainerException: java.util.concurrent.ExecutionException: org.glassfish.jersey.server.internal.process.MappableException: com.fasterxml.jackson.databind.exc.InvalidDefinitionException:
	   Multiple fields representing property "link": com.atlassian.plugins.rest.api.model.Status#resourcesCreated vs com.atlassian.plugins.rest.api.model.Status#resourcesUpdated
		at org.glassfish.jersey.servlet.internal.ResponseWriter.getResponseContext(ResponseWriter.java:278)
		at org.glassfish.jersey.servlet.internal.ResponseWriter.writeResponseStatusAndHeaders(ResponseWriter.java:128)

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

Attachments

Issue Links

relates to

JRASERVER-77692 Apps using REST endpoints return HTTP 404

Closed

causes: BOAR-440 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(9 mentioned in)

Activity

People

Assignee:: Mladen Girazovski

Reporter:: James Richards

Votes:: 21 Vote for this issue

Watchers:: 38 Start watching this issue

Dates

Created:: 18/Apr/2024 4:00 AM

Updated:: Yesterday 12:51 AM

Resolved:: 02/May/2024 9:08 PM