-
Bug
-
Resolution: Fixed
-
High
-
5.10.0
-
19
-
Severity 3 - Minor
-
19
-
Summary
Clicking on Jira issue link in Bitbucket Server will have Unknown error in the pop up window
Environment
Jira Service Desk 3.12.2 (Jira Server 7.9.2)
Steps to Reproduce
- Create Application Link OAuth with Impersonation between Bitbucket Server and Jira Service Desk
- Create an issue, ex TST-1
- Create a user with Jira Service Desk group in Jira Service Desk
- Create a user with the same username in Bitbucket Server
- Push a commit with message TST-1 into Bitbucket Server
- Click on the link TST-1 in Bitbucket Server Commit list
It works fine - Remove the user in Step 3 from all the groups in Jira Service Desk (the user become Jira Service Desk Customer)
- Click on the link TST-1 in Bitbucket Server Commit list again
Expected Results
It will show that the user does not have permission to access the issue or it will not work for Jira Service Desk Customer.
Actual Results
The pop up window showing "Unknown error" message and the below exception is thrown in the atlassian-bitbucket.log file:
2018-05-23 19:50:44,918 ERROR [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" c.a.p.r.c.e.j.ThrowableExceptionMapper Uncaught exception thrown by REST service: null java.lang.NullPointerException: null at net.oauth.signature.OAuthSignatureMethod.normalizeUrl(OAuthSignatureMethod.java:161) at net.oauth.signature.OAuthSignatureMethod.getBaseString(OAuthSignatureMethod.java:155) at net.oauth.signature.OAuthSignatureMethod.getSignature(OAuthSignatureMethod.java:81) at net.oauth.signature.OAuthSignatureMethod.sign(OAuthSignatureMethod.java:53) at net.oauth.OAuthMessage.sign(OAuthMessage.java:295) at net.oauth.OAuthMessage.addRequiredParameters(OAuthMessage.java:285) at net.oauth.OAuthAccessor.newRequestMessage(OAuthAccessor.java:91) at net.oauth.OAuthAccessor.newRequestMessage(OAuthAccessor.java:97) at com.atlassian.oauth.consumer.core.ConsumerServiceImpl.sign(ConsumerServiceImpl.java:160) at com.atlassian.oauth.consumer.core.ConsumerServiceImpl.sign(ConsumerServiceImpl.java:139) at com.atlassian.oauth.consumer.core.ConsumerServiceImpl.sign(ConsumerServiceImpl.java:114) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) at com.atlassian.applinks.oauth.auth.OAuthRequest.signRequest(OAuthRequest.java:97) at com.atlassian.applinks.oauth.auth.twolo.impersonation.TwoLeggedOAuthWithImpersonationRequest.signRequest(TwoLeggedOAuthWithImpersonationRequest.java:48) at com.atlassian.applinks.oauth.auth.OAuthRequest.execute(OAuthRequest.java:57) at com.atlassian.applinks.oauth.auth.OAuthApplinksResponseHandler.handle(OAuthApplinksResponseHandler.java:73) at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:106) at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:58) at com.atlassian.applinks.oauth.auth.OAuthRequest.execute(OAuthRequest.java:58) at com.atlassian.internal.integration.jira.DefaultJiraService.retrieveIssuesFromJira(DefaultJiraService.java:657) at com.atlassian.internal.integration.jira.DefaultJiraService.getIssuesAsJson(DefaultJiraService.java:319) at com.atlassian.internal.integration.jira.rest.JiraResource.getDetailsForIssueKeys(JiraResource.java:163) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) at com.atlassian.analytics.client.filter.UniversalAnalyticsFilter.doFilter(UniversalAnalyticsFilter.java:92) at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.plugin.connect.plugin.auth.scope.ApiScopingFilter.doFilter(ApiScopingFilter.java:81) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:85) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:112) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94) at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.plugin.connect.plugin.auth.oauth2.DefaultSalAuthenticationFilter.doFilter(DefaultSalAuthenticationFilter.java:69) at com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109) at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32) at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:38) at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:89) at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.lang.Thread.run(Thread.java:745) ... 257 frames trimmed
Stack trace missing?
If the entire stack trace is not being logged and you would like to confirm that it matches the one above, add the -XX:-OmitStackTraceInFastThrow to the JVM_SUPPORT_RECOMMENDED_ARGS in the setenv.sh/setenv.bat file (Bitbucket up to 4.14) or _start-webapp.sh/_start-webapp.bat file (Bitbucket from 5).
Notes
- Normally, Bitbucket Server have Application Links to Jira Software (primary) and Jira Service Desk
- Even though the Jira issue exist in Jira Software only, it will still throw the error
- When clicking on the Jira issue key, Bitbucket sends a request to all the Jira instances connected via application link.
Even if the issue key is found in the first instance (or any instance before the service desk one), the issue will still occur because all Jira instances will be checked and any service desk one where the user does not have admin or agent permissions will cause this problem. - HTTP debug logging:
2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "GET /rest/api/2/search?jql=issuekey+in+(TST-1)+ORDER+BY+issuekey&fields=*all,-comment&expand=renderedFields,transitions&validateQuery=false&xoauth_requestor_id=admin HTTP/1.1[\r][\n]" 2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "Authorization: OAuth oauth_token="", oauth_consumer_key="Bitbucket%3A6798726783", oauth_signature_method="RSA-SHA1", oauth_timestamp="1527076244", oauth_nonce="17320975851980", oauth_version="1.0", oauth_signature="YgH%2B%2BYwX1rXfN24yfuP0xUCAf0Z%2F9Pxh0mK0QcEqdl3zDSISaPNnebEAyT3MVxzwYVVgzm0IjVm%2F8LgBIQZYvaUQuTZ78tpYyD8TD0OVbTUIpXSf849IkQEluC%2B4jc43YgQUDXLfgOAT%2BbcFI%2B0oLuFV%2BajciCMImUpD5TZ5KYs%3D"[\r][\n]" 2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "Host: localhost:8312[\r][\n]" 2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "Connection: Keep-Alive[\r][\n]" 2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_73)[\r][\n]" 2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "Accept-Encoding: gzip,deflate[\r][\n]" 2018-05-23 19:50:44,907 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 >> "[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "HTTP/1.1 302 [\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-AREQUESTID: 1190x860x1[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-XSS-Protection: 1; mode=block[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-Content-Type-Options: nosniff[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-Frame-Options: SAMEORIGIN[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Content-Security-Policy: frame-ancestors 'self'[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-ASEN: SEN-L6702624[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Set-Cookie: JSESSIONID=8959B6B1450A4415E48BE4D59AFDD198;path=/;HttpOnly[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-Seraph-LoginReason: OK[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Set-Cookie: atlassian.xsrf.token=BWAZ-Y4NZ-MTII-HXX5|605a41f513e421a870b1fa4aee42a5da0188bbfd|lin;path=/[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-ASESSIONID: 14swbut[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "X-AUSERNAME: admin[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Location: /servicedesk/customer/portals[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Content-Type: text/html;charset=UTF-8[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Content-Length: 0[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "Date: Wed, 23 May 2018 11:50:44 GMT[\r][\n]" 2018-05-23 19:50:44,916 DEBUG [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" org.apache.http.wire http-outgoing-131 << "[\r][\n]" 2018-05-23 19:50:44,918 ERROR [http-nio-7990-exec-2] admin @1FGXYHIx1190x602x0 11qed9t 0:0:0:0:0:0:0:1 "GET /rest/jira-integration/latest/issues HTTP/1.1" c.a.p.r.c.e.j.ThrowableExceptionMapper Uncaught exception thrown by REST service: null
To recap, this problem will occur:
- as soon as there is a Jira service desk application link and the user is not an agent or an admin on the Jira side (the permissions in Bitbucket don't control this behaviour)
- irrespectively if the Jira service desk application link is above or below the one of the instance containing the issue
Workaround
Update all the Jira Service desk instances to not return relative Location headers as detailed in this comment.
Suggested solution
- The SAL-374 bug will need to be resolved for this problem to be fixed in this case.
- More importantly, Bitbucket should properly handle cases where the user is not part of one of the Jira instances connected and carry-on with running REST calls against the next instance in the list.
- is related to
-
BSERV-13660 The error message in Jira issue preview in Bitbucket is misleading in case of the user doesn't have access to Jira
- Long Term Backlog
- causes
-
PS-40886 Loading...
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...