Jira External Rest Web-Services, problem with invocation / response parse

Hi...

I m developing a gadget, it makes a call for an external REST webservices. The call sends an project ID, and returns a JSON format response.

Debugging in Chrome, the JSON response seems to be OK, but in the gadget s view, when i m referring the arg s key, all the values are 'Undefined'.

I try with a REST webservices from JIRA (/rest/gadget/1.0/currentUser for example) and the response and parse it s OK.

A excerpt from the gadget code is:

config:{

descriptor: function(args) {

var gadget = this;

return {

action: "/rest/gadget/1.0/project/validate",

fields: [

AJS.gadget.fields.projectsOrCategoriesPicker(gadget, "projectsOrCategories", args.options),

{

userpref: "columnasGadget",

label: "Columnas",

description: "Seleccione las columnas a mostrar",

type: "checkbox",

selected: gadget.getPref("columnasGadget"),

}

},

args: function()

{

return [

{key: "options",

ajaxOptions: "/rest/gadget/1.0/projectsAndProjectCategories"

} ];

}()

},

view:

{

template: function(args) {

var gadget = this;

alert("ID PROJECTO:" + args.jsonFile["areaId"]);

},

args: [{

key: "jsonFile",

ajaxOptions: function() {

return {

url: "http://MYRESTWEBSERVICE?CodigoID=" + projectsOrCategories.value,

type: "GET",

dataType: "json",

headers: {Authorization: "Basic " + btoa("XXXXX:XXXX")},

};

}

}]

}

6 answers

1 accepted

This widget could not be displayed.

Did you try using:

args.jsonFile.areaId

instead of "args.jsonFile["areaId"]"?

Jes, I try...but nothing happens

This widget could not be displayed.

Solved!:

When I try to acces to area.jsonFile["areaId"], it was wrong, beause the response returns an jsonFile array.

It must be such as area.jsonFile[0].["areaId"].

Thanks a lot!

Cool :) Btw, you should look into that 401 status code and make it return 200 just so that the gadget doesn't get confused :)

This widget could not be displayed.

Can you please copy/paste both the full request and full response (taken from your browser debugger - Network tab) in order for us to see what is wrong?

This widget could not be displayed.

This is the request

throw 1; < don't be evil' >

{"http://ngms.vectorsf.com:8280/ngms-web/detallesContrato?lCodigoGestionTareas=10000&cacheBuster=1378897775494":{"headers":{},

"oauthError":"consumer_key_unknown",

"body":"",

"oauthErrorText":"Service provider rejected request

====

Original request:

GET /ngms-web/detallesContrato?lCodigoGestionTareas=10000&cacheBuster=1378897775494

Host: ngms.vectorsf.com:8280

X-Shindig-AuthType:

oauth

Accept: application/json,

text/javascript,*/*;q=0.01

Authorization:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

====

====

Sent request 1:

POST /jira/plugins/servlet/oauth/request-token

Host: localhost:2990

X-Shindig-AuthType:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

opensocial_app_id=\"http%3A%2F%2Flocalhost%3A2990%2Fjira%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.jira.gadget.gadgetJiraGms%3Agadget-prueba%2Fgadgets%2Fgadget%2Fgadget.xml\",

opensocial_app_url=\"http%3A%2F%2Flocalhost%3A2990%2Fjira%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.jira.gadget.gadgetJiraGms%3Agadget-prueba%2Fgadgets%2Fgadget%2Fgadget.xml\",

oauth_version=\"1.0\",

oauth_timestamp=\"1378897775\",

oauth_consumer_key=\"jira%3A9729614\",

oauth_signature_method=\"RSA-SHA1\",

oauth_nonce=\"11610832821557\",

oauth_signature=\"O3gBR6AAfbBToJ9Yvzp8ukrfAhLR9EBRbnmHJuUSHBuJabzhJWg4b7dE%2Bgcp7GNkQhH4rJJdsMw4Pu45CuTmsz2afg3ZsAKQ%2BagGvRe4cChhZohZierdC41urxssYRr47meahPb%2BPFBzYE04JVuFPmiMLnQUk25FX3I24pMJ0jY%3D\"

Content-Type: application/x-www-form-urlencoded

Pragma: no-cache

X-shindig-dos: on

==== Received response 1:

HTTP/1.1 401

Content-Length: 34

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Date: Wed,

11 Sep 2013 11:09:35 GMT

Server: Apache-Coyote/1.1

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

oauth_problem=\"consumer_key_unknown\"

oauth_problem=consumer_key_unknown

====",

"st":"atlassian:Aits85pSHx4eVj74zUdtFlOh7Xky0cSqPkfq1+mP+y0Lh/XFk5y7ywhNfX9uFwxX3qOESce9nDW0yyuKwa6rj2UW14MS19v/5i5ybiINhTn8PHpIhBljrJonYK+h/NMVWjX/AsEuQl30UxE+qHG6GFgG1qF+2RdcQFxjWDcWq8vK9cqZ7ljgyrzpvekbb8KJo30GWSqjx4HMaTMWTI714VvfSVZEprXwsjNn2mZxU/c8HhEGr7/dVXqb38pUnZXveN0HvjMaWR1cydCePSj028HGF+iiYd/LtGXncjE0AJIIAeEz","rc":403}}

And this is the response:

throw 1; < don't be evil' >

{"http://ngms.vectorsf.com:8280/ngms-web/detallesContrato?lCodigoGestionTareas=10000&cacheBuster=1378896646598":

{"headers":

{"set-cookie":["JSESSIONID=E6DDCCB221CB6F2EE8405214054FD902; Path=/ngms-web/; HttpOnly"]},

"body":"[

{

\"id\":10680,

\"parentId\":5983,

\"type\":\"CONTRATO\",

\"nombre\":\"ISB-CIO-BI-REC_ASIG\",

\"codigo\":\"2EY.X2C.cX00\",

\"estadoId\":\"CERRADO\",

\"estadoNombre\":\"Cerrado\",

\"sectorId\":6,

\"sectorNombre\":\"Grupo Santander\",

\"areaId\":2,

\"areaNombre\":\"BI\",

\"departamentoId\":4,

\"departamentoNombre\":\"Consultoría y Soluciones\",

\"vendidoImporte\":{\"valor\":21644.60,

\"moneda\":{\"id\":\"EUR\",

\"tipoCambio\":1.0000,

\"activo\":true,

\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2,

\"currency\":\"EUR\"},

\"signum\":1},

\"vendidoConsolidacion\":{\"valor\":21644.60,

\"moneda\":{\"id\":\"EUR\",

\"tipoCambio\":1.0000,

\"activo\":true,

\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2,

\"currency\":\"EUR\"},

\"signum\":1},

\"vendidoHoras\":0.0,

\"imputadoImporte\":{\"valor\":0.00,

\"moneda\":{\"id\":\"EUR\",

\"tipoCambio\":1.0000,

\"activo\":true,

\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2,

\"currency\":\"EUR\"},

\"signum\":1},

\"imputadoHoras\":0.0,

\"avance\":100.0,

\"desviacion\":{\"valor\":541.11

\"moneda\":{\"id\":\"EUR\",

\"tipoCambio\":1.0000,

\"activo\":true,

\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2,

\"currency\":\"EUR\"},

\"signum\":1},

\"ingreso\":{\"valor\":2651.46,

\"moneda\":{\"id\":\"EUR\",

\"tipoCambio\":1.0000,

\"activo\":true,\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2,

\"currency\":\"EUR\"},

\"signum\":1},

\"coste\":{\"valor\":715.55,

\"moneda\":{\"id\":\"EUR\",

\"tipoCambio\":1.0000,

\"activo\":true,

\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2

\"currency\":\"EUR\"}

\"signum\":1}

\"margen\":73.01

\"modoProduccionNombre\":\"Precio cerrado\"

\"tipologiaNombre\":null

\"jefeProyectoNombre\":\"Ezpeleta Antia

Eva Maria\"

\"gerenteNombre\":\"Uñon Prieto

Jose Maria\"

\"fechaDesde\":null

\"fechaHasta\":null

\"categoriaTipologia\":null

\"producido\":{\"valor\":541.11

\"moneda\":{\"id\":\"EUR\"

\"tipoCambio\":1.0000,

\"activo\":true,

\"nombre\":\"euro\",

\"simbolo\":\"\u20ac\",

\"fractionDigits\":2,

\"currency\":\"EUR\"},

\"signum\":1},

\"nombrePartida\":null,

\"autoCodigoPartida\":null,

\"parentType\":\"PROYECTO\"}]",

"rc":200}}

Thanks for the log, but please remove your authentication information from your logs, to avoid your server being compromised by mallicious people/bots. Especially remove "Authorization: Basic ..." part and your host:port, user info, etc.

This widget could not be displayed.

It seems that problem is in your web page, that provides the REST service, because it returns the status code 401 with the valid json data instead of the status 200 + json data. If the gadget gets the status code of anything 4xx it assumes the error occured and ignores your json data. That's why you get undefined values.

This widget could not be displayed.

One more thing. Remove the part:

headers: {Authorization: "Basic " + btoa("XXXXX:XXXX")},

from your ajax request. It's not needed and it exposes your username/password to the user who can debug the javascript in his/her browser and can compromise your JIRA server later.

You can authenticate to your JIRA server using something like this:

var gadget = AJS.Gadget({
	baseUrl: "__ATLASSIAN_BASE_URL__",
	useOauth: "/rest/gadget/1.0/currentUser",
	config: { ... }
	view: { ... }
});

The line useOauth: "/rest/gadget/1.0/currentUser", will take care of the authentication.

More info can be found here.

But if you developed your own custom REST service, then it is probably easier to make it public, because providing a user/pass combination to a user, through the javascript is not in any way more secure than a simple anonymous/public REST service. Also, if you did develop your own standalone REST service (i.e. it wasn't a JIRA server) then your own service handler is returning status 401 (instead of 200 or 2xx), when it returns the valid Json reply data.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

150 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you