-
Type:
Bug
-
Resolution: Low Engagement
-
Priority:
Low
-
None
-
Affects Version/s: 7.6.5
-
Component/s: Installation
-
7.06
-
3
-
Severity 3 - Minor
-
1
Accessing for example "http://localhost:8090/jira/secure/SetupMode!default.jspa" during launch may result in stacktrace being printed:
2018-04-12 22:44:48,492 http-nio-8090-exec-24 WARN anonymous 1364x52x6 ply26m 0:0:0:0:0:0:0:1 /s/1808b08f2d82adbd27066e3662f83e7a-CDN/-6oyqrq/710000/1/1.0/_/download/resources/jira.webresources:global-static/notifications.css [c.a.j.web.util.CssSubstitutionWebResourceTransformer] Could not read LookAndFeelBean
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.commons.beanutils.PropertyUtils.getSimpleProperty(PropertyUtils.java:1185)
at org.apache.commons.beanutils.PropertyUtils.getNestedProperty(PropertyUtils.java:772)
at org.apache.commons.beanutils.PropertyUtils.getProperty(PropertyUtils.java:801)
at org.apache.commons.beanutils.PropertyUtils.describe(PropertyUtils.java:368)
at com.atlassian.jira.web.util.CssSubstitutionWebResourceTransformer$VariableMap.getLookAndFeelProperties(CssSubstitutionWebResourceTransformer.java:172)
at com.atlassian.jira.web.util.CssSubstitutionWebResourceTransformer$VariableMap.getVariableMap(CssSubstitutionWebResourceTransformer.java:104)
at com.atlassian.jira.web.less.LookAndFeelLessProvider.makeLookAndFeelLess(LookAndFeelLessProvider.java:44)
at com.atlassian.jira.less.impl.DynamicLookAndFeelUriResolver.open(DynamicLookAndFeelUriResolver.java:60)
at com.atlassian.lesscss.PluggableLoader.load(PluggableLoader.java:46)
Problem is concerned with Johnson which cannot differentiate between pages that need to be accessible during launch and these during setup (upgrades, etc).
Full list of other pages that may be vulnerable to prelaunch access:
<ignore> <path>/secure/SetupLicense!default.jspa</path> <path>/secure/SetupLicense.jspa</path> <path>/secure/SetupFinishing!setupFinished.jspa</path> <path>/secure/ConfirmNewInstallationWithOldLicense!default.jspa</path> <path>/secure/ConfirmNewInstallationWithOldLicense.jspa</path> <path>/secure/popups/UserPickerBrowser.jspa</path> <path>/secure/CleanData!default.jspa</path> <path>/secure/CleanData.jspa</path> <path>/secure/admin/fixes/*</path> <path>/secure/admin/jira/IndexProgress.jspa</path> <path>/secure/admin/StudioImportSelect!start.jspa</path> <path>/secure/admin/StudioImportSelect!showSelect.jspa</path> <path>/secure/admin/StudioImportSelect!select.jspa</path> <path>/secure/admin/StudioImportUpdate!showUrls.jspa</path> <path>/secure/admin/StudioImport!confirm.jspa</path> <path>/secure/admin/StudioImport!import.jspa</path> <path>/secure/admin/StudioImport!finished.jspa</path> <path>/importprogress</path> <path>/secure/admin/ProjectImportProgress.jspa</path> <path>/secure/VerifySmtpServerConnection!setup.jspa</path> <path>/rest/usermanagement/*</path> <path>/rest/api/*/reindex*</path>s <path>/rest/userprovisioning/*/upgrade</path> <path>/rest/plugins/1.0/com.pyxis.greenhopper.jira-key/license</path> <path>/rest/plugins/1.0/com.atlassian.servicedesk-key/license</path> <path>/rest/auth/1/session</path> </ignore>
The pages function normally after launch is completed
- was split from
-
-
- Closed
-