-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
6.0
-
6
-
Since time immemorial, the standard behaviour of Atlassian's user management subsystems has been to use null to represent an anonymous user context.
This has been codified in the SAL interface javadoc for the com.atlassian.sal.api.user.UserManager interface. For example, the textual contract for the #getRemoteUser() method states:
/** * Returns the profile of the currently logged in user or null if no user can be found. * <p/> * Getting the full {@link UserProfile} may have performance implications in some applications. Consider using {@link #getRemoteUserKey()} if you don't need the full object. * * @return the {@link UserProfile} of the logged in user or null * @see #getRemoteUserKey() * @since 2.10 */ @Nullable UserProfile getRemoteUser();
The SAL UserManager API and the underlying JIRA implementation of UserManager were changed in JIRA 6.0 to support renaming users. This change has broken the textual contract of the #getRemoteUser() method in JIRA, which no longer returns null for anonymous users.
This appears to simply be an oversight in the JIRA implementation:
@Override public UserProfile getRemoteUser() { return new JiraUserProfile(jiraAuthenticationContext.getUser()); }
This method should return null if the value returned from jiraAuthenticationContext.getUser() also returns null.
This subtle change in behaviour can end up with add-on developers getting a stack-trace like this:
java.lang.NullPointerException at com.atlassian.sal.jira.user.DefaultUserManager$JiraUserProfile.getUsername(DefaultUserManager.java:253) at com.atlassian.jira.examples.ExampleServlet.doGet(ExampleServlet.java:78) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:42) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:52) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) ...
This change may cause unexpected side effects in Atlassian-authored and third-party JIRA add-ons and should be corrected ASAP. This bug would only be detected through explicit testing, since this change is not mentioned in the Preparing for JIRA 6.0 guide or the Renamable Users in JIRA 6.0 guide.
- is cloned from
-
JRADEV-23625 Failed to load
[JRASERVER-34129] com.atlassian.sal.jira.user.DefaultUserManager#getRemoteUser() breaks interface contract for anonymous users
| Minimum Version | New: 6 |
| Workflow | Original: JAC Bug Workflow v2 [ 2841664 ] | New: JAC Bug Workflow v3 [ 2926947 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2573461 ] | New: JAC Bug Workflow v2 [ 2841664 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1540342 ] | New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2573461 ] |
| Labels | Original: ecosystem | New: affects-server ecosystem |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 [ 678072 ] | New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1540342 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v5 [ 645243 ] | New: JIRA Bug Workflow w Kanban v6 [ 678072 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v5 [ 548190 ] | New: JIRA Bug Workflow w Kanban v6 [ 645243 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Soaking [ 10041 ] | New: Resolved [ 5 ] |
| Assignee | New: Eric Dalgliesh [ edalgliesh ] | |
| Status | Original: Awaiting Soak [ 10040 ] | New: Soaking [ 10041 ] |