- edited description
JSONObject["html"] not found in catalina log
Hello
We detected various entries with following error after Jira Timesheet plugin upgrade to version 3.0.7 These entries are related with Timesheet.
In catalina out:
2016-09-19 15:52:45,652 http-bio-8443-exec-115 ERROR anonymous 952x89648x1 olmti3 <IP address> /rest/timesheet-gadget/1.0/timesheet.json [c.q.j.f.filter.processor.TimesheetJsonResponseContentFilter] JSONObject["html"] not found.
com.atlassian.jira.util.json.JSONException: JSONObject["html"] not found.
In access log
<IP address> 952x89648x1 - [19/Sep/2016:15:52:45 +0300] "GET /rest/timesheet-gadget/1.0/timesheet.json?baseUrl=https%3A%2F%2F<JiraServerName>&gadgetTitle=&startDate=&targetUser=&targetGroup=&collapseFieldGroups=false&excludeTargetGroup=&numOfWeeks=2&reportingDay=2&projectOrFilter=&projectid=&filterid=&projectRoleId=&weekends=true&showDetails=true&sumSubTasks=false&showEmptyRows=false&groupByField=&moreFields=&offset=-6&monthView=false&sum=&_=1474289568185 HTTP/1.1" 401 39 81 "<URL>" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" "olmti3"
It seems that somebody anonymous is trying to execute timesheet data and receives an error: "JSONObject["html"] not found". If I execute this URL without authorization I receive the same message in browser- "JSONObject["html"] not found.". Is it normal that these entries appear in catalina.out log? I am asking because I didn't see such error in catalina.out before timesheet plugin upgrade.
Thanks, Fyodor.
Comments (15)
-
reporter -
Hi Fyodor,
It looks normal, but I'm not sure why this message did not appear in log before update, or rather why it does appear now.
Looks like gadget is displayed on dashboard login page, however it should not. Then plugin refuses to produce html content for anonymous user, so gadget can not be rendered on dashboard.
Do you have anonymous access to JIRA enabled? This can be done by adding the Anyone group to the Browse Project permission in the permission scheme for a project.
If so, it seems similar problem is described here, so I'm adding fix for next update to avoid Timesheet gadgets being displayed for Unauthenticated Users on the System Dashboard.
Thank you.
-
- changed status to resolved
fix issue
#990: hide gadgets from unauthenticated users→ <<cset a2d05d19e1f6>>
-
reporter Hello Andriy
We added "Group (Anyone)" permission for some other permission options but not for "Browse project" (e.g. for "View Voters and Watchers", "Add Comments") I am going to disable this option and check results.
In any case we will wait new plugin version.
Thanks, Fyodor
-
reporter Hello
It seems problem still exists even I disabled permissions for Group (Anyone).
So we will wait new plugin version
-
Hi Fyodor,
Just to check, do timesheet gadgets actually appear in dashboard (login page) when you are not logged in to JIRA in your case?
Thank you.
-
reporter Hi Andriy
No, there are no timesheet gadget on login page, only fields for login and password. Also I don't see any requests to timesheet gadget in console- see attached screenshot
Also I checked system dashboard- there are no timesheet gadgets in it.
However I found some other dashboards shared to anyone. I changed sharing options, but problem still exist.
These entries appear in catalina log each 30 minutes.
regards, Fyodor
-
Well there must be some other places where gadget is shown, it may be in confluence also. It also looks strange it is periodic. May be if you can determine the originator by IP address in logs, you could find out something more.
-
Hi Fyodor,
Version 3.0.7.2 is released with the fix, so that gadgets should not be shown until user is authenticated.
Thank you.
-
reporter Hi
Plugin update didn't resolve the problem. However I found a problem cause- It happens when user session was ended but page with timesheet gadget still available. E.g. 1) timesheet gadget was placed in Dashboard 2) Open dashboard in browser tab 3) Open Jira in new browser tab and log out 4) return to the first tab- dashboard is still visible until you refresh page 5) click on "refresh" in timesheet gadget Result: JSONObject["html"] not found error was appeared in catalina.log
As for periodic, I assume it could be due to periodic "Refresh Interval:" in gadget settings
-
- changed status to open
Hi Fyodor,
Nice investigation! I will try to open bug in JIRA, because refresh is implemented not by add-on itself, but is provided by JIRA.
Thank you.
-
Hi Fyodor,
I've just created https://ecosystem.atlassian.net/servicedesk/customer/portal/14/DEVHELP-72
Thank you.
-
reporter Hello Andryi Thank you for update.
It seems I don't have permissions to view this request. But in any case we will wait updates for this problem.
Regards, Fyodor
-
Atlassian support has created bug in JIRA: https://jira.atlassian.com/browse/JRA-63065 but I can't see it either :)
-
- changed status to resolved
JRA-63065 should be visible now, let me resolve it as tracked elswhere
- Log in to comment