Details
-
Bug
-
Resolution: Answered
-
Low
-
4.0.2, 4.0.4, 4.1.2
-
None
-
Severity 3 - Minor
-
2
-
Description
Summary
Application links fail with "username cannot be null or empty" when trying to enable 'user impersonation through 2-Legged OAuth'. This is a result of an empty Execute as user. We throw this stack trace because we try to check the group membership of an empty user, since it isn't filled in.
Environment
Jira 6.4.3, 7.0.10
Steps to Reproduce
- Create application link with 2LO Authentication between JIRA and FishEye
- Leave "The servers have the same set of users and usernames" unchecked.
- Allow user impersonation through 2-Legged OAuth from FishEye > Incoming Authentication > OAuth
Expected Results
This application link should be valid and the local instance will accept OAuth requests from the remote instance that do not have a user associated with them. Without an executing user these are essentially anonymous requests sent over a secure, trusted connection. These requests have no associated permissions and so cannot access information that is restricted by user permissions.
Actual Results
The below exception is thrown in the atlassian-fisheye.log file:
2016-05-11 09:13:46,265 ERROR [qtp2017797638-328 ] fisheye TotalityFilter-logExceptionDetails - Exception "username cannot be null or empty" (java.lang.IllegalArgumentException) while processing "/crucible/plugins/servlet/applinks/auth/conf/oauth/add-consumer-by-url/61b6191d-d412-3043-a96c-75b7bceaed1f" (Referer:"https://localhost:8446/crucible/plugins/servlet/applinks/auth/conf/oauth/add-consumer-by-url/61a6191d-d412-3043-a96c-75b7bceaed1f") java.lang.IllegalArgumentException: username cannot be null or empty at org.apache.commons.lang3.Validate.notEmpty(Validate.java:398) [commons-lang3-3.3.2.jar:3.3.2] at com.atlassian.crowd.directory.AbstractInternalDirectory.isUserDirectGroupMember(AbstractInternalDirectory.java:892) [crowd-persistence-2.8.5-m1.jar:?] at com.atlassian.crowd.directory.DbCachingRemoteDirectory.isUserDirectGroupMember(DbCachingRemoteDirectory.java:787) [crowd-core-2.8.5-m1.jar:?] at com.atlassian.crowd.manager.directory.RemoteDirectorySearcher.isUserDirectGroupMember(RemoteDirectorySearcher.java:54) [crowd-core-2.8.5-m1.jar:?] at com.atlassian.crowd.manager.directory.RemoteDirectorySearcher.isUserNestedGroupMember(RemoteDirectorySearcher.java:105) [crowd-core-2.8.5-m1.jar:?] at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.isUserNestedGroupMember(DirectoryManagerGeneric.java:862) [crowd-core-2.8.5-m1.jar:?] at sun.reflect.GeneratedMethodAccessor390.invoke(Unknown Source) [?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_66] at java.lang.reflect.Method.invoke(Method.java:497) [?:1.8.0_66] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) [spring-aop-4.0.9.RELEASE.jar:4.
Workaround
- Setting the option 'servers have the same set of users'.
- Fill in the "execute as" field on the JIRA side.