Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-99130

Editing a Jira Issue Macro when Application Link with OAuth Impersonation causes StackOverflowError

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 8.5.15, 9.2.0, 8.5.18
    • Platform - Application Links
    • None

      Issue Summary

      Confluence throws a StackOverflowError when there is an Application link(Oauth(Impersonation)) between Confluence and JSM and a user who has edit permissions on Confluence but not service desk user permissions on JSM tries to edit a Jira issue macro on a page.

      For more details, multiple requests have been sent by Confluence to duplicate the context path of JSM, as shown below. After multiple 302 responses from JSM, it stops with StackOverflowError.

      This is reproducible on Data Center: yes

      Steps to Reproduce

      1. Create an Application link with OAuth(Impersonation) between Confluence and JSM
      2. Create a page with Jira issue macro with a user who has edit permission on Confluence and login permission on JSM.
      3. Create a new user called test, add it to the confluence-users group
      4. Create the same user in JSM without any permission.
      5. Login to Confluence using the test user
      6. Edit the created page and double-click click Jira issue macro
        Tested JSM versions: 4.20.15 and 10.3.2

      Expected Results

      • Confluence doesn't call multiple times to Jira.
      • Not seeing any error messages instead seeing you don't have a permission.

      Actual Results

      • On the page, it shows 500 errors.
      • In the logs, we can see that multiple requests were sent to " base-url/jsm/jsm/servicedesk/customer/portals?xoauth_requestor_id=test " Then after some time we see: 
        ERROR [https-jsse-nio2-8443-exec-2837] [[Standalone].[localhost].[/confluence].[servlet-module-container-servlet]] log Servlet.service() for servlet [servlet-module-container-servlet] in context with path [/confluence] threw exception [Servlet execution threw an exception] with root cause
java.lang.StackOverflowError
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.net.Socket.getInputStream(Socket.java:930)
 

      Workaround

      There are two workarounds:

      Adding a rewrite rule

      1. Add a rewrite rule in Tomcat to remove the duplicate context path
        1. Add <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
          into server.xml just above </host>
        2. Create a file named rewrite.config in Jira_install/conf/Catalina/localhost path
        3. Add the following into rewrite.config 
          RewriteRule ^/contextpath/contextpath/(.*)$ /contextpath/$1

          Please change "contextpath" with your environment's context path.

      Changing the authentication method on Application Link

      • Change from OAuth(Impersonation) to OAuth

              Unassigned Unassigned
              cf398590ce2c Cihan (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: