Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.11.0, 7.12.0, 7.13.0, 8.1.0, 8.2.0, 8.3.4
-
7.11
-
35
-
Severity 2 - Major
-
6
-
Description
Issue Summary
If a system administrator that has rights to uninstall an application, i.e.: Jira Software or Jira Service Desk, the uninstall loading doesn't finishes and returns an error "Unable to match and invalidate token for user (username)".
Environment
Jira Software 7.11.x, 7.12.x, 7.13.x, 8.0, 8.1 and 8.2.
Steps to Reproduce
- Access the application with any user with rights to uninstall either Jira Software or Jira SD
- Go to Administration > Applications > Versions & Licenses
- Click Uninstall on any of the applications (Jira Software or Jira Service Desk)
Expected Results
The chosen application is uninstalled as expected
Actual Results
The below exception is thrown in the atlassian-jira.log file (not all the time):
2019-06-13 16:14:30,489 http-nio-8080-exec-14 ERROR <MYUSER> 974x261889x1 1n37kug 172.23.244.93,172.23.136.20 /rest/plugins/1.0/uninstall [c.a.p.r.c.error.jersey.ThrowableExceptionMapper] Uncaught exception thrown by REST service: Unable to match and invalidate token for user <MYUSER> com.atlassian.upm.core.token.TokenException: Unable to match and invalidate token for user <MYUSER> at com.atlassian.upm.core.token.TokenManagerImpl.attemptToMatchAndInvalidateToken(TokenManagerImpl.java:94) at com.atlassian.upm.core.rest.resources.PluginUninstallResource.bulkUninstall(PluginUninstallResource.java:60) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) ... 12 filtered at com.atlassian.plugins.rest.module.RestDelegatingServletFilter$JerseyOsgiServletContainer.doFilter(RestDelegatingServletFilter.java:154) ... 1 filtered at com.atlassian.plugins.rest.module.RestDelegatingServletFilter.doFilter(RestDelegatingServletFilter.java:68) ... 32 filtered at com.atlassian.servicedesk.internal.web.ExternalCustomerLockoutFilter.doFilter(ExternalCustomerLockoutFilter.java:56) ... 13 filtered at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21) ... 49 filtered at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66) ... 1 filtered at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64) ... 10 filtered at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:238) ... 2 filtered at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100) ... 8 filtered at com.atlassian.plugins.rest.module.servlet.RestSeraphFilter.doFilter(RestSeraphFilter.java:37) ... 19 filtered at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30) ... 5 filtered at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.lambda$invokeFilterChain$0(CustomerContextSettingFilter.java:181) at com.atlassian.servicedesk.internal.api.util.context.ReentrantThreadLocalBasedCodeContext.rteInvoke(ReentrantThreadLocalBasedCodeContext.java:137) at com.atlassian.servicedesk.internal.api.util.context.ReentrantThreadLocalBasedCodeContext.runOutOfContext(ReentrantThreadLocalBasedCodeContext.java:90) at com.atlassian.servicedesk.internal.utils.context.CustomerContextServiceImpl.runOutOfCustomerContext(CustomerContextServiceImpl.java:47) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.outOfCustomerContext(CustomerContextSettingFilter.java:174) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilterImpl(CustomerContextSettingFilter.java:130) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilter(CustomerContextSettingFilter.java:121) ... 4 filtered at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32) ... 8 filtered at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21) ... 4 filtered at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36) ... 26 filtered at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25) ... 24 filtered at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.NullPointerException at com.atlassian.upm.core.token.TokenManagerImpl$2.get(TokenManagerImpl.java:82) at com.atlassian.upm.core.token.TokenManagerImpl$2.get(TokenManagerImpl.java:78) at com.atlassian.upm.impl.Locks.runWithLock(Locks.java:117) at com.atlassian.upm.impl.Locks.writeWithLock(Locks.java:69) at com.atlassian.upm.core.token.TokenManagerImpl.attemptToMatchAndInvalidateToken(TokenManagerImpl.java:77)
Notes
Upon investigation, it was found that this was caused due to: https://ecosystem.atlassian.net/browse/UPM-5974
It was changed the REST API in UPM, now it requires passing xsrf token as parameter.
Workaround
- Schedule downtime
- Backup Jira
- Stop Jira
- Navigate to JIRA_HOME/plugins/installed-plugins directory
- Delete/Remove out all jira-servicedesk*.jar or servicedesk* files, depending on what application you're looking to uninstall.
- Start JIRA