Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-5528

Trying to approve OAuth token when logged in via the admin password causes an error

    XMLWordPrintable

Details

    • Bug
    • Resolution: Timed out
    • Low
    • N/A
    • 3.1.0, 3.7.0
    • None

    Description

      Summary

      If a user tries to approve an OAuth token from another application (like JIRA), while they're logged in using only the admin password (not logged in as an actual user) in FishEye/Crucible, they'll see a screen to confirm the access as user '$admin$', and allowing that leads to an exception.

      Steps to Reproduce

      1. As an admin user, attempt to approve an OAuth token from another application.

      Actual Results

      The token is able to be authorised.

      Expected Results

      The below exception is thrown:

           [java] 2015-02-05 15:35:00,573 ERROR - Exception "user" (java.lang.NullPointerException) while processing "/foo/plugins/servlet/oauth/authorize" (Referer:"http://lpater-dev.atlassian.pl:6060/foo/plugins/servlet/oauth/authorize")
     [java] java.lang.NullPointerException: user
     [java] 	at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:204)
     [java] 	at com.atlassian.oauth.serviceprovider.ServiceProviderToken.authorize(ServiceProviderToken.java:165)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.authorize.PostAuthorization.process(PostAuthorization.java:63)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.authorize.AuthorizeServlet.process(AuthorizeServlet.java:112)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.authorize.AuthorizeServlet.doPostInTransaction(AuthorizeServlet.java:79)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.TransactionalServlet$2.serve(TransactionalServlet.java:55)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.TransactionalServlet$3.doInTransaction(TransactionalServlet.java:69)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.TransactionalServlet$3.doInTransaction(TransactionalServlet.java:64)
     [java] 	at com.atlassian.sal.core.transaction.HostContextTransactionTemplate$1.doInTransaction(HostContextTransactionTemplate.java:25)
     [java] 	at com.atlassian.sal.spring.component.SpringHostContextAccessor$1.doInTransaction(SpringHostContextAccessor.java:88)
     [java] 	at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
     [java] 	at com.atlassian.sal.spring.component.SpringHostContextAccessor.doInTransaction(SpringHostContextAccessor.java:82)
     [java] 	at com.atlassian.fisheye.plugin.FisheyeHostContextAccessor.doInTransaction(FisheyeHostContextAccessor.java:46)
     [java] 	at sun.reflect.GeneratedMethodAccessor132.invoke(Unknown Source)
     [java] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     [java] 	at java.lang.reflect.Method.invoke(Method.java:606)
     [java] 	at com.atlassian.plugin.osgi.hostcomponents.impl.DefaultComponentRegistrar$ContextClassLoaderSettingInvocationHandler.invoke(DefaultComponentRegistrar.java:129)
     [java] 	at com.sun.proxy.$Proxy144.doInTransaction(Unknown Source)
     [java] 	at sun.reflect.GeneratedMethodAccessor132.invoke(Unknown Source)
     [java] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     [java] 	at java.lang.reflect.Method.invoke(Method.java:606)
     [java] 	at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:154)
     [java] 	at com.sun.proxy.$Proxy144.doInTransaction(Unknown Source)
     [java] 	at com.atlassian.sal.core.transaction.HostContextTransactionTemplate.execute(HostContextTransactionTemplate.java:21)
     [java] 	at sun.reflect.GeneratedMethodAccessor141.invoke(Unknown Source)
     [java] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     [java] 	at java.lang.reflect.Method.invoke(Method.java:606)
     [java] 	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     [java] 	at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:58)
     [java] 	at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:62)
     [java] 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     [java] 	at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     [java] 	at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     [java] 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     [java] 	at org.springframework.osgi.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:56)
     [java] 	at org.springframework.osgi.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:39)
     [java] 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     [java] 	at org.springframework.osgi.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:59)
     [java] 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     [java] 	at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     [java] 	at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     [java] 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     [java] 	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     [java] 	at com.sun.proxy.$Proxy585.execute(Unknown Source)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.TransactionalServlet.serve(TransactionalServlet.java:63)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.TransactionalServlet.doPost(TransactionalServlet.java:36)
     [java] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
     [java] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
     [java] 	at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:42)
     [java] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
     [java] 	at com.atlassian.fisheye.plugin.servlet.FisheyeServletModuleContainerServlet.service(FisheyeServletModuleContainerServlet.java:96)
     [java] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
     [java] 	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:669)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1526)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter.doFilter(PrettyUrlsSiteMeshFixupFilter.java:36)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsDispatcherFilter.doFilter(PrettyUrlsDispatcherFilter.java:60)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter.doFilter(PrettyUrlsSiteMeshFilter.java:92)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsMatcherFilter.doFilter(PrettyUrlsMatcherFilter.java:56)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
     [java] 	at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:54)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
     [java] 	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.atlassian.crucible.filters.CrucibleFilter.doFilter(CrucibleFilter.java:148)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.cenqua.fisheye.web.filters.TotalityFilter.doFilter(TotalityFilter.java:301)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:69)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
     [java] 	at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:256)
     [java] 	at com.cenqua.fisheye.web.filters.CustomIncludableGzipFilter.doFilter(CustomIncludableGzipFilter.java:27)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.cenqua.fisheye.web.filters.ProductInfoFilter.doFilter(ProductInfoFilter.java:44)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
     [java] 	at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61)
     [java] 	at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
     [java] 	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)
     [java] 	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.cenqua.fisheye.web.filters.UpfrontFilter.doFilter(UpfrontFilter.java:60)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at com.atlassian.fecru.profiling.ProfilingServletFilter.doFilter(ProfilingServletFilter.java:88)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
     [java] 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1502)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
     [java] 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
     [java] 	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
     [java] 	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
     [java] 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
     [java] 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
     [java] 	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
     [java] 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
     [java] 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
     [java] 	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
     [java] 	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
     [java] 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
     [java] 	at org.eclipse.jetty.server.Server.handle(Server.java:368)
     [java] 	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
     [java] 	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:953)
     [java] 	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1014)
     [java] 	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:861)
     [java] 	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
     [java] 	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
     [java] 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
     [java] 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
     [java] 	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
     [java] 	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
     [java] 	at java.lang.Thread.run(Thread.java:745)

      Notes

      This is due to FishEye's SAL implementation returning a fake user for the admin password session, that isn't an actual user in the system.

      Workaround

      Workaround is to log in as an actual user to confirm OAuth tokens, and not use the admin password account for that.

      Attachments

        Issue Links

          clones

          FUSE-2212 Loading...

          Activity

            People

              Unassigned Unassigned
              lpater Lukasz Pater
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: