[CRUC-4697] Empty strings accepted in proxy-host / proxy-scheme - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.2.0
Affects Version/s: 2.4.0
Component/s: None
Labels:
- bug-bucket
- bug-bucket-backlog

Bug Fix Policy:
View Atlassian Server bug fix policy

This breaks login with errors such as:

java.lang.IllegalArgumentException: :///admin/admin.do
at org.mortbay.jetty.HttpURI.parse2(HttpURI.java:166)
at org.mortbay.jetty.HttpURI.parse(HttpURI.java:109)
at org.mortbay.jetty.HttpURI.<init>(HttpURI.java:91)
at org.mortbay.jetty.Response.sendRedirect(Response.java:406)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at org.mortbay.servlet.GzipFilter$GZIPResponseWrapper.sendRedirect(GzipFilter.java:331)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at com.opensymphony.module.sitemesh.filter.PageResponseWrapper.sendRedirect(PageResponseWrapper.java:181)
at org.apache.taglibs.standard.tag.common.core.RedirectSupport.doEndTag(RedirectSupport.java:148)
at org.apache.jsp.admin.index_jsp._jspx_meth_c_redirect_0(index_jsp.java:80)
at org.apache.jsp.admin.index_jsp._jspService(index_jsp.java:55)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)

or

com.atlassian.streams.api.common.uri.Uri$UriException: java.lang.IllegalArgumentException: java.net.URISyntaxException: Expected scheme name at index 0: ://:443/activity?local=true&use-accept-lang=true&maxResults=7
        at com.atlassian.streams.api.common.uri.Uri.parse(Uri.java:110)
        at com.atlassian.streams.internal.atom.abdera.AbderaAtomFeedParser.readFeed(AbderaAtomFeedParser.java:60)
        at com.atlassian.streams.internal.AppLinksActivityProvider$FeedResponseHandler.readStream(AppLinksActivityProvider.java:570)
        at com.atlassian.streams.internal.AppLinksActivityProvider$FeedResponseHandler.handle(AppLinksActivityProvider.java:551)
        at com.atlassian.streams.internal.AppLinksActivityProvider$FeedResponseHandler.handle(AppLinksActivityProvider.java:531)
        at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:87)
        at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166)
        at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:336)
        at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161)
        at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:84)
        at com.atlassian.streams.internal.AppLinksActivityProvider.fetch(AppLinksActivityProvider.java:425)
        at com.atlassian.streams.internal.AppLinksActivityProvider.access$200(AppLinksActivityProvider.java:96)
        at com.atlassian.streams.internal.AppLinksActivityProvider$1.call(AppLinksActivityProvider.java:179)
        at com.atlassian.streams.internal.AppLinksActivityProvider$1.call(AppLinksActivityProvider.java:171)
        at com.atlassian.streams.internal.FeedBuilder$ToFeedCallable$1.call(FeedBuilder.java:112)
        at com.atlassian.streams.internal.FeedBuilder$ToFeedCallable$1.call(FeedBuilder.java:107)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at com.atlassian.util.concurrent.LimitedExecutor$Runner.run(LimitedExecutor.java:93)
        at com.atlassian.sal.core.executor.ThreadLocalDelegateRunnable.run(ThreadLocalDelegateRunnable.java:38)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:724)
Caused by: java.lang.IllegalArgumentException: java.net.URISyntaxException: Expected scheme name at index 0: ://:443/activity?local=true&use-accept-lang=true&maxResults=7
        at com.atlassian.streams.api.common.uri.DefaultUriParser.parse(DefaultUriParser.java:44)
        at com.atlassian.streams.api.common.uri.Uri.parse(Uri.java:102)
        ... 23 more
Caused by: java.net.URISyntaxException: Expected scheme name at index 0: ://:443/activity?local=true&use-accept-lang=true&maxResults=7
        at java.net.URI$Parser.fail(URI.java:2829)
        at java.net.URI$Parser.parse(URI.java:3027)
        at java.net.URI.<init>(URI.java:595)
        at com.atlassian.streams.api.common.uri.DefaultUriParser.parse(DefaultUriParser.java:40)
        ... 24 more

To replicate add the following to config.xml:

<proxy-info proxy-host="" proxy-scheme=""/>

We should constrain the scheme such that proxy scheme is one of [http,https]. We should validate the proxy host does not consist only of whitespace and is not 0 characters long.

The admin UI (Adminsitration -> Global Settings -> Server) allows you to enter only spaces (but doesn't allow the empty strings above) to there needs to be validation there as well.

The fix for this should be constrained to the UI and only allowing users to save proxy-hosts and proxy-schemes which form a valid URL.

We need not do any extra checking on startup, other than failing to start and logging a helpful error message, which is currently the case, I believe ?

is related to

FE-3044 Having a blank proxy port tag in config.xml prevents Fisheye from starting up

Closed

FE-4794 Upgrading the Application Link to FishEye causes config.xml corruption

Closed

relates to

FE-3044 Having a blank proxy port tag in config.xml prevents Fisheye from starting up

Closed

mentioned in: Cannot login to Fisheye/Crucible

Loading...

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.2.0
Affects Version/s: 2.4.0
Component/s: None
Labels:
- bug-bucket
- bug-bucket-backlog

Bug Fix Policy:
View Atlassian Server bug fix policy

This breaks login with errors such as:

java.lang.IllegalArgumentException: :///admin/admin.do
at org.mortbay.jetty.HttpURI.parse2(HttpURI.java:166)
at org.mortbay.jetty.HttpURI.parse(HttpURI.java:109)
at org.mortbay.jetty.HttpURI.<init>(HttpURI.java:91)
at org.mortbay.jetty.Response.sendRedirect(Response.java:406)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at org.mortbay.servlet.GzipFilter$GZIPResponseWrapper.sendRedirect(GzipFilter.java:331)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at com.opensymphony.module.sitemesh.filter.PageResponseWrapper.sendRedirect(PageResponseWrapper.java:181)
at org.apache.taglibs.standard.tag.common.core.RedirectSupport.doEndTag(RedirectSupport.java:148)
at org.apache.jsp.admin.index_jsp._jspx_meth_c_redirect_0(index_jsp.java:80)
at org.apache.jsp.admin.index_jsp._jspService(index_jsp.java:55)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)

or

com.atlassian.streams.api.common.uri.Uri$UriException: java.lang.IllegalArgumentException: java.net.URISyntaxException: Expected scheme name at index 0: ://:443/activity?local=true&use-accept-lang=true&maxResults=7
        at com.atlassian.streams.api.common.uri.Uri.parse(Uri.java:110)
        at com.atlassian.streams.internal.atom.abdera.AbderaAtomFeedParser.readFeed(AbderaAtomFeedParser.java:60)
        at com.atlassian.streams.internal.AppLinksActivityProvider$FeedResponseHandler.readStream(AppLinksActivityProvider.java:570)
        at com.atlassian.streams.internal.AppLinksActivityProvider$FeedResponseHandler.handle(AppLinksActivityProvider.java:551)
        at com.atlassian.streams.internal.AppLinksActivityProvider$FeedResponseHandler.handle(AppLinksActivityProvider.java:531)
        at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:87)
        at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166)
        at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:336)
        at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161)
        at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:84)
        at com.atlassian.streams.internal.AppLinksActivityProvider.fetch(AppLinksActivityProvider.java:425)
        at com.atlassian.streams.internal.AppLinksActivityProvider.access$200(AppLinksActivityProvider.java:96)
        at com.atlassian.streams.internal.AppLinksActivityProvider$1.call(AppLinksActivityProvider.java:179)
        at com.atlassian.streams.internal.AppLinksActivityProvider$1.call(AppLinksActivityProvider.java:171)
        at com.atlassian.streams.internal.FeedBuilder$ToFeedCallable$1.call(FeedBuilder.java:112)
        at com.atlassian.streams.internal.FeedBuilder$ToFeedCallable$1.call(FeedBuilder.java:107)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at com.atlassian.util.concurrent.LimitedExecutor$Runner.run(LimitedExecutor.java:93)
        at com.atlassian.sal.core.executor.ThreadLocalDelegateRunnable.run(ThreadLocalDelegateRunnable.java:38)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:724)
Caused by: java.lang.IllegalArgumentException: java.net.URISyntaxException: Expected scheme name at index 0: ://:443/activity?local=true&use-accept-lang=true&maxResults=7
        at com.atlassian.streams.api.common.uri.DefaultUriParser.parse(DefaultUriParser.java:44)
        at com.atlassian.streams.api.common.uri.Uri.parse(Uri.java:102)
        ... 23 more
Caused by: java.net.URISyntaxException: Expected scheme name at index 0: ://:443/activity?local=true&use-accept-lang=true&maxResults=7
        at java.net.URI$Parser.fail(URI.java:2829)
        at java.net.URI$Parser.parse(URI.java:3027)
        at java.net.URI.<init>(URI.java:595)
        at com.atlassian.streams.api.common.uri.DefaultUriParser.parse(DefaultUriParser.java:40)
        ... 24 more

To replicate add the following to config.xml:

<proxy-info proxy-host="" proxy-scheme=""/>

We should constrain the scheme such that proxy scheme is one of [http,https]. We should validate the proxy host does not consist only of whitespace and is not 0 characters long.

The admin UI (Adminsitration -> Global Settings -> Server) allows you to enter only spaces (but doesn't allow the empty strings above) to there needs to be validation there as well.

The fix for this should be constrained to the UI and only allowing users to save proxy-hosts and proxy-schemes which form a valid URL.

We need not do any extra checking on startup, other than failing to start and logging a helpful error message, which is currently the case, I believe ?

is related to

FE-3044 Having a blank proxy port tag in config.xml prevents Fisheye from starting up

Closed

FE-4794 Upgrading the Application Link to FishEye causes config.xml corruption

Closed

relates to

FE-3044 Having a blank proxy port tag in config.xml prevents Fisheye from starting up

Closed

mentioned in: Page Loading...

Assignee:: Conor (Inactive)

Reporter:: Andrew Myers [Atlassian]

Votes:: 2 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 27/Oct/2010 2:31 AM

Updated:: 29/Jul/2014 2:18 PM

Resolved:: 08/Apr/2014 8:46 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

People

Dates