Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.1.5
Affects Version/s: 5.0.3, 5.0.6
Component/s: None
Labels:
- affects-server

Introduced in Version:
5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

This ticket relates to: ~~JRA-26579~~

This was resolve by not allowing 'Anyone' to have global permissions.

In this case, Anonymous users can access specific filters and cause stacktraces within the logs. The errors are harmless, but can use a bit of cleaning up.

Steps to repro:

Created a filter with JQL: assignee = currentUser()
- named this "test filter"
Share with Everyone
Granted project's "Browse" permission to Group (Anyone)
Logged out of JIRA
Accessed "test filter"
ERROR appears in log

2012-09-24 15:13:31,769 http-6060-2 ERROR anonymous 913x4113x1 1zxcwg 172.28.12.206 /secure/IssueNavigator.jspa [webwork.util.ValueStack] query="/filterOperationsBean/hasOperation" {[id="null" type="5" values=""]} {[id="filterOperationsBean" type="8" values=""]} {
[id="hasOperation" type="8" values=""]}
java.lang.reflect.InvocationTargetException
        at sun.reflect.GeneratedMethodAccessor240.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:70)
        at webwork.util.InjectionUtils.invoke(InjectionUtils.java:56)
        at webwork.util.ValueStack.findValue(ValueStack.java:414)
        at webwork.util.SimpleTest.test(SimpleTest.java:408)
        at webwork.util.ValueStack.test(ValueStack.java:157)
        at webwork.view.taglib.IfTag.doStartTag(IfTag.java:40)
        at org.apache.jsp.includes.navigator.filter_002doperations_jsp._jspx_meth_ww_005fif_005f0(filter_002doperations_jsp.java:109)
        at org.apache.jsp.includes.navigator.filter_002doperations_jsp._jspService(filter_002doperations_jsp.java:84)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:386)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
...
Caused by: java.lang.NullPointerException
        at com.atlassian.crowd.embedded.impl.IdentifierUtils.toLowerCase(IdentifierUtils.java:42)
        at com.atlassian.crowd.embedded.impl.IdentifierUtils.compareToInLowerCase(IdentifierUtils.java:56)
        at com.atlassian.crowd.embedded.impl.IdentifierUtils.equalsInLowerCase(IdentifierUtils.java:70)
        at com.atlassian.jira.web.action.filter.FilterOperationsBean.create(FilterOperationsBean.java:195)
        at com.atlassian.jira.web.action.issue.IssueNavigator.createFilterOperationsBean(IssueNavigator.java:1842)
        at com.atlassian.jira.web.action.issue.SearchDescriptionEnabledAction.getFilterOperationsBean(SearchDescriptionEnabledAction.java:207)
        ... 258 more

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: David Chan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Sep/2012 12:04 AM

Updated:: 28/Mar/2019 12:07 AM

Resolved:: 30/Oct/2012 4:57 PM