JSONObject["html"] not found in catalina log

Issue #990 resolved

Fjodors Iļjins created an issue 2016-09-19

Hello

We detected various entries with following error after Jira Timesheet plugin upgrade to version 3.0.7 These entries are related with Timesheet.

In catalina out:

2016-09-19 15:52:45,652 http-bio-8443-exec-115 ERROR anonymous 952x89648x1 olmti3 <IP address> /rest/timesheet-gadget/1.0/timesheet.json [c.q.j.f.filter.processor.TimesheetJsonResponseContentFilter] JSONObject["html"] not found.
com.atlassian.jira.util.json.JSONException: JSONObject["html"] not found.

In access log

<IP address> 952x89648x1 - [19/Sep/2016:15:52:45 +0300] "GET /rest/timesheet-gadget/1.0/timesheet.json?baseUrl=https%3A%2F%2F<JiraServerName>&gadgetTitle=&startDate=&targetUser=&targetGroup=&collapseFieldGroups=false&excludeTargetGroup=&numOfWeeks=2&reportingDay=2&projectOrFilter=&projectid=&filterid=&projectRoleId=&weekends=true&showDetails=true&sumSubTasks=false&showEmptyRows=false&groupByField=&moreFields=&offset=-6&monthView=false&sum=&_=1474289568185 HTTP/1.1" 401 39 81 "<URL>" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" "olmti3"

It seems that somebody anonymous is trying to execute timesheet data and receives an error: "JSONObject["html"] not found". If I execute this URL without authorization I receive the same message in browser- "JSONObject["html"] not found.". Is it normal that these entries appear in catalina.out log? I am asking because I didn't see such error in catalina.out before timesheet plugin upgrade.

Thanks, Fyodor.

Comments (15)

Fjodors Iļjins reporter
- edited description
- 2016-09-19T14:00:45+00:00
Andriy Zhdanov
Hi Fyodor,

It looks normal, but I'm not sure why this message did not appear in log before update, or rather why it does appear now.

Looks like gadget is displayed on dashboard login page, however it should not. Then plugin refuses to produce html content for anonymous user, so gadget can not be rendered on dashboard.

Do you have anonymous access to JIRA enabled? This can be done by adding the Anyone group to the Browse Project permission in the permission scheme for a project.

If so, it seems similar problem is described here, so I'm adding fix for next update to avoid Timesheet gadgets being displayed for Unauthenticated Users on the System Dashboard.

Thank you.
- 2016-09-20T11:46:31+00:00
Andriy Zhdanov
- changed status to resolved
fix issue~~#990~~: hide gadgets from unauthenticated users

→ <<cset a2d05d19e1f6>>
- 2016-09-20T11:49:39+00:00
Fjodors Iļjins reporter
Hello Andriy

We added "Group (Anyone)" permission for some other permission options but not for "Browse project" (e.g. for "View Voters and Watchers", "Add Comments") I am going to disable this option and check results.

In any case we will wait new plugin version.

Thanks, Fyodor
- 2016-09-20T12:04:39+00:00
Fjodors Iļjins reporter
Hello

It seems problem still exists even I disabled permissions for Group (Anyone).

So we will wait new plugin version
- 2016-09-21T10:58:45+00:00
Andriy Zhdanov
Hi Fyodor,

Just to check, do timesheet gadgets actually appear in dashboard (login page) when you are not logged in to JIRA in your case?

Thank you.
- 2016-09-21T11:04:19+00:00
Fjodors Iļjins reporter
Hi Andriy

No, there are no timesheet gadget on login page, only fields for login and password. Also I don't see any requests to timesheet gadget in console- see attached screenshot

Also I checked system dashboard- there are no timesheet gadgets in it.

However I found some other dashboards shared to anyone. I changed sharing options, but problem still exist.

These entries appear in catalina log each 30 minutes.

regards, Fyodor
- 2016-09-21T12:14:08+00:00
Andriy Zhdanov
Well there must be some other places where gadget is shown, it may be in confluence also. It also looks strange it is periodic. May be if you can determine the originator by IP address in logs, you could find out something more.
- 2016-09-21T12:22:21+00:00
Andriy Zhdanov
Hi Fyodor,

Version 3.0.7.2 is released with the fix, so that gadgets should not be shown until user is authenticated.

Thank you.
- 2016-10-07T13:31:32+00:00
Fjodors Iļjins reporter
Hi

Plugin update didn't resolve the problem. However I found a problem cause- It happens when user session was ended but page with timesheet gadget still available. E.g. 1) timesheet gadget was placed in Dashboard 2) Open dashboard in browser tab 3) Open Jira in new browser tab and log out 4) return to the first tab- dashboard is still visible until you refresh page 5) click on "refresh" in timesheet gadget Result: JSONObject["html"] not found error was appeared in catalina.log

As for periodic, I assume it could be due to periodic "Refresh Interval:" in gadget settings
- 2016-10-28T06:41:59+00:00
Andriy Zhdanov
- changed status to open
Hi Fyodor,

Nice investigation! I will try to open bug in JIRA, because refresh is implemented not by add-on itself, but is provided by JIRA.

Thank you.
- 2016-10-28T07:26:09+00:00
Andriy Zhdanov
Hi Fyodor,

I've just created https://ecosystem.atlassian.net/servicedesk/customer/portal/14/DEVHELP-72

Thank you.
- 2016-11-03T18:45:24+00:00
Fjodors Iļjins reporter
Hello Andryi Thank you for update.

It seems I don't have permissions to view this request. But in any case we will wait updates for this problem.

Regards, Fyodor
- 2016-11-04T08:11:00+00:00
Andriy Zhdanov
Atlassian support has created bug in JIRA: https://jira.atlassian.com/browse/JRA-63065 but I can't see it either :)
- 2016-11-04T22:11:45+00:00
Andriy Zhdanov
- changed status to resolved
JRA-63065 should be visible now, let me resolve it as tracked elswhere
- 2016-11-07T16:23:04+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: resolved

Component: Time Sheet report and gadget

Version: 3.0

Votes: 1

Watchers: 1