Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.6.5
-
None
-
7.06
-
3
-
Severity 3 - Minor
-
1
-
Description
Accessing for example "http://localhost:8090/jira/secure/SetupMode!default.jspa" during launch may result in stacktrace being printed:
2018-04-12 22:44:48,492 http-nio-8090-exec-24 WARN anonymous 1364x52x6 ply26m 0:0:0:0:0:0:0:1 /s/1808b08f2d82adbd27066e3662f83e7a-CDN/-6oyqrq/710000/1/1.0/_/download/resources/jira.webresources:global-static/notifications.css [c.a.j.web.util.CssSubstitutionWebResourceTransformer] Could not read LookAndFeelBean
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.commons.beanutils.PropertyUtils.getSimpleProperty(PropertyUtils.java:1185)
at org.apache.commons.beanutils.PropertyUtils.getNestedProperty(PropertyUtils.java:772)
at org.apache.commons.beanutils.PropertyUtils.getProperty(PropertyUtils.java:801)
at org.apache.commons.beanutils.PropertyUtils.describe(PropertyUtils.java:368)
at com.atlassian.jira.web.util.CssSubstitutionWebResourceTransformer$VariableMap.getLookAndFeelProperties(CssSubstitutionWebResourceTransformer.java:172)
at com.atlassian.jira.web.util.CssSubstitutionWebResourceTransformer$VariableMap.getVariableMap(CssSubstitutionWebResourceTransformer.java:104)
at com.atlassian.jira.web.less.LookAndFeelLessProvider.makeLookAndFeelLess(LookAndFeelLessProvider.java:44)
at com.atlassian.jira.less.impl.DynamicLookAndFeelUriResolver.open(DynamicLookAndFeelUriResolver.java:60)
at com.atlassian.lesscss.PluggableLoader.load(PluggableLoader.java:46)
Problem is concerned with Johnson which cannot differentiate between pages that need to be accessible during launch and these during setup (upgrades, etc).
Full list of other pages that may be vulnerable to prelaunch access:
<ignore> <path>/secure/SetupLicense!default.jspa</path> <path>/secure/SetupLicense.jspa</path> <path>/secure/SetupFinishing!setupFinished.jspa</path> <path>/secure/ConfirmNewInstallationWithOldLicense!default.jspa</path> <path>/secure/ConfirmNewInstallationWithOldLicense.jspa</path> <path>/secure/popups/UserPickerBrowser.jspa</path> <path>/secure/CleanData!default.jspa</path> <path>/secure/CleanData.jspa</path> <path>/secure/admin/fixes/*</path> <path>/secure/admin/jira/IndexProgress.jspa</path> <path>/secure/admin/StudioImportSelect!start.jspa</path> <path>/secure/admin/StudioImportSelect!showSelect.jspa</path> <path>/secure/admin/StudioImportSelect!select.jspa</path> <path>/secure/admin/StudioImportUpdate!showUrls.jspa</path> <path>/secure/admin/StudioImport!confirm.jspa</path> <path>/secure/admin/StudioImport!import.jspa</path> <path>/secure/admin/StudioImport!finished.jspa</path> <path>/importprogress</path> <path>/secure/admin/ProjectImportProgress.jspa</path> <path>/secure/VerifySmtpServerConnection!setup.jspa</path> <path>/rest/usermanagement/*</path> <path>/rest/api/*/reindex*</path>s <path>/rest/userprovisioning/*/upgrade</path> <path>/rest/plugins/1.0/com.pyxis.greenhopper.jira-key/license</path> <path>/rest/plugins/1.0/com.atlassian.servicedesk-key/license</path> <path>/rest/auth/1/session</path> </ignore>
The pages function normally after launch is completed
Attachments
Issue Links
- was split from
-
JRASERVER-62486 Users see 500 errors for every request in Jira after a restart due to bad URL requests during startup
- Closed