Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-77643

Jira crashes with 'Multiple fields representing property "link"' when using REST module

XMLWordPrintable

    • 9.15
    • 9
    • Severity 1 - Critical
    • 30
    • Hide

      Dear Customer,

      We are glad to inform you that the fix for Jira 9.15.0 and 9.15.1 incompatibility with ScriptRunner and Rich Filters has been released and it is available for download.

      It is recommended that if you are using any of the above versions, you proceed to the download, available here. In case you have questions on how to perform the upgrade, you can check our documentation here or contact us directly by replying to this ticket.

      We apologize for the inconvenience that this issue might have caused and our team will be ready to support you in case you have any questions.

      Thank you,

      Dita Vyslouzilova

      Jira DC Engineering Manager

      Show
      Dear Customer, We are glad to inform you that the fix for Jira 9.15.0 and 9.15.1 incompatibility with ScriptRunner and Rich Filters  has been released and it is available for download. It is  recommended  that if you are using any of the above versions, you proceed to the download, available here . In case you have questions on how to perform the upgrade, you can check our documentation here or contact us directly by replying to this ticket. We apologize for the inconvenience that this issue might have caused and our team will be ready to support you in case you have any questions. Thank you, Dita Vyslouzilova Jira DC Engineering Manager

      Issue Summary

      This is reproducible on Data Center: (yes)

      When an app provides a REST endpoint through the REST Module under some conditions, including but not limited to

      • Securing a REST endpoint with @AdminOnly and when the end point is accessed with a non-admin user

      Jira crashes.

      Symptoms include

      • Endpoints return HTTP 500

      This is caused by the code in {}com/atlassian/plugins/rest/atlassian-rest-v2-api/7.2.0/atlassian-rest-v2-api-7.2.0.jar!/com/atlassian/plugins/rest/api/model/Status.class{} which is a bug in Data Center Platform 6.5.3 which and is fixed in newer versions of Data Centre Platform 6.5.x.

      package com.atlassian.plugins.rest.api.model;
...
@XmlRootElement
public class Status {
    @XmlElement
    private final Plugin plugin;
    @XmlElement(
        name = "status-code"
    )
...

    @XmlElementWrapper(
        name = "resources-created"
    )
    @XmlElement(
        name = "link"    // <================ DUPLICATE !!!!!
    )
    private final Collection<Link> resourcesCreated;
    @XmlElementWrapper(
        name = "resources-updated"
    )
    @XmlElement(
        name = "link"    // <================ DUPLICATE !!!!!
    )
    private final Collection<Link> resourcesUpdated;
...

      Steps to Reproduce

      1. Create an app that provides REST endoints
      2. Secure an endpoint with @AdminOnly
      3. Access the endpoint with a username/password that doesn't have admin access 
        curl -u bob:1234 -H 'accept: application/json' "http://localhost:8080/rest/myapp/1/admin/foo"

      Expected Results

      The endpoint returns HTTP 403.

      Actual Results

      The below exception is thrown in the atlassian-jira.log file:

      13-Apr-2024 11:45:02.509 SEVERE [http-nio-8080-exec-3 url: /rest/myapp/1/admin/foo; user: bob] org.glassfish.jersey.server.ServerRuntime$Responder.process Error occurred when processing a response created from an already mapped exception.
13-Apr-2024 11:45:02.511 WARNING [http-nio-8080-exec-3 url: /rest/myapp/1/admin/foo; user: bob] org.glassfish.jersey.server.ServerRuntime$Responder.release Attempt to release request processing resources has failed for a request.
	org.glassfish.jersey.server.ContainerException: java.util.concurrent.ExecutionException: org.glassfish.jersey.server.internal.process.MappableException: com.fasterxml.jackson.databind.exc.InvalidDefinitionException:
	   Multiple fields representing property "link": com.atlassian.plugins.rest.api.model.Status#resourcesCreated vs com.atlassian.plugins.rest.api.model.Status#resourcesUpdated
		at org.glassfish.jersey.servlet.internal.ResponseWriter.getResponseContext(ResponseWriter.java:278)
		at org.glassfish.jersey.servlet.internal.ResponseWriter.writeResponseStatusAndHeaders(ResponseWriter.java:128)

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              mgirazovski Mladen Girazovski
              jrichards@atlassian.com James Richards
              Votes:
              21 Vote for this issue
              Watchers:
              40 Start watching this issue

                Created:
                Updated:
                Resolved: