Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
6.4.1
-
6.04
-
3
-
Severity 3 - Minor
-
0
-
Description
Summary
DefaultGadgetSpecFactory::fetchObjectAndCache does not use current logged in user credentials or request cookie so it fails behind a proxy with basic auth
Environment
Basic Auth proxy
apache site enabled
# JIRA AJP Proxy Configuration: <VirtualHost *:80> ServerName jsimon.atlassian.local <Proxy *> Order deny,allow Allow from all </Proxy> CustomLog ${APACHE_LOG_DIR}/access.log combined LogLevel debug ProxyRequests Off ProxyPass /jira ajp://localhost:8010/jira ProxyPassReverse /jira ajp://localhost:8010/jira <Location /jira> AuthType Basic AuthName "Jira Basic Auth" AuthUserFile /etc/apache2/users/jira Require valid-user </Location> </VirtualHost>
JIRA servers.xml
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Connector port="8010" maxThreads="150" minSpareThreads="25" enableLookups="false" protocol="AJP/1.3" address="127.0.0.1" />
Steps to Reproduce
From JIRA
Click Add new gadgets button on a Dashboard
Manually
Enter http://localhost:8090/jira/rest/config/1.0/directoryitems/local.json on the browser
The list of gadgets will be smaller than expected.
Analysis:
The effect is that less gadgets are retrieved this way than without the proxy. This is partially solved by APDEX-198.
When LocalGadgetSpecFactory::getGadgetSpec fails to retrieve a gadget if falls back in DefaultLocalGadgetSpecFactory:
private GadgetSpec fetchObjectAndCache(Uri url, boolean ignoreCache) throws GadgetException { HttpRequest request = new HttpRequest(url).setIgnoreCache(ignoreCache); request.setCacheTtl((int) (refresh / 1000)); HttpResponse response = fetcher.fetch(request); ...
The only header in this request is X-shinding-dos: on, request results on a Gateway timeout (HTTP error 504). Apache error logs show:
[Fri May 15 17:51:47.063013 2015] [authz_core:debug] [pid 28554:tid 139774182508288] mod_authz_core.c(802): [client 10.0.2.2:56556] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
Attachments
Issue Links
- relates to
-
JRASERVER-43212 NullPointerException in JiraWebResourceIntegration#getBaseUrl
- Closed
-
APDEX-198 Loading...
- clones
-
JDEV-33044 Loading...
- mentioned in
-
Page Loading...