Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation.

Jirong Hu
Jirong Hu February 27, 2015

I've modified standard JIRA Plugin for UrbanCode and I got error below. It seems the error comes from this line of code:

    at can_deploy.run(can_deploy.groovy:121)

can_deploy.groovy:121: def returnedIssue = jiraSoapService.getIssue(sessionToken, issueKey)

and I found it's only happens to a service account we created for this purpose, using my own id is ok. This service account is already part of jira-administrator can login to JIRA, list all issue, etc. What could be wrong?

Thanks

Jirong



Found 1 issue keys

Feb 27, 2015 12:15:24 PM org.apache.axis.utils.JavaUtils isAttachmentSupported

WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.

failures=0 and msg=

Caught: com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation.

AxisFault

 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException

 faultSubcode:

 faultString: com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation.

 faultActor:

 faultNode:

 faultDetail:

          {}com.atlassian.jira.rpc.exception.RemotePermissionException:null

          {http://xml.apache.org/axis/}hostname:priappvmjira01.cppib.ca

 

com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation.

          at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:104)

          at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:90)

          at com.atlassian.jira.rpc.exception.RemotePermissionException_Helper.getDeserializer(Unknown Source)

          at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(BaseDeserializerFactory.java:154)

          at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerAs(BaseDeserializerFactory.java:84)

          at org.apache.axis.encoding.DeserializationContext.getDeserializer(DeserializationContext.java:464)

          at org.apache.axis.encoding.DeserializationContext.getDeserializerForType(DeserializationContext.java:547)

          at org.apache.axis.message.SOAPFaultDetailsBuilder.onStartChild(SOAPFaultDetailsBuilder.java:157)

          at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)

          at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:506)

          at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:182)

          at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:353)

          at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2717)

          at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:607)

          at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:116)

          at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:489)

          at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835)

          at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)

          at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)

          at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1210)

          at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:568)

          at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:302)

          at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)

          at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)

          at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)

          at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)

          at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)

          at org.apache.axis.client.Call.invokeEngine(Call.java:2784)

          at org.apache.axis.client.Call.invoke(Call.java:2767)

          at org.apache.axis.client.Call.invoke(Call.java:2443)

          at org.apache.axis.client.Call.invoke(Call.java:2366)

          at org.apache.axis.client.Call.invoke(Call.java:1812)

          at com.atlassian.jira.rpc.soap.jirasoapservice_v2.JirasoapserviceV2SoapBindingStub.getIssue(Unknown Source)

          at com.atlassian.jira.rpc.soap.jirasoapservice_v2.JiraSoapService$getIssue.call(Unknown Source)

          at can_deploy.run(can_deploy.groovy:121)

 

Only happens to this user: svc_ucd_jira_prod

Watch
Like Be the first to like this
464 views

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 27, 2015

The service account does not have the right permissions to do what your code is telling it to.

The administrator rights are irrelevant (unless it is an admin action) - "admin can do everything" is a bad security model and one that Atlassian does not do, so check the actual permissions that the user has.  Can you log into the UI and perform the task you're trying? 

View More Comments
Jirong Hu
Jirong Hu February 27, 2015

This line of code: def returnedIssue = jiraSoapService.getIssue(sessionToken, issueKey) is search the issue by the key, right? I can login with this user and using Quick Search to find and display the issue with no problem at all. How shall I check the actual permissions of this service account? We need this account be able to read and modify any issues in JIRA. Shall I add this account to jira-developers?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 27, 2015

If you can log in as the service user and look at the issue, then the permissions should be fine. That suggests that your remote call is not using the service user.

Like
Jirong Hu
Jirong Hu February 27, 2015

================================================================================ plugin: JIRA_Plugin_CPPIB, id: com.urbancode.air.plugin.JiraCPPIB, version: 4 plugin command: '/opt/devops/IBM/ibm-ucd/agent/opt/groovy-1.8.8/bin/groovy' '-cp' '/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/classes:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/axis-1.4.jar:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/axis-ant-1.4.jar:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/axis-jaxrpc-1.4.jar:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/axis-saaj-1.4.jar:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/axis-wsdl4j-1.5.1.jar:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/commons-logging.jar:/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/lib/commons-discovery-0.2.jar' '/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39/can_deploy.groovy' '/opt/devops/IBM/ibm-ucd/agent/var/temp/logs8686675816709252926/input.props' '/opt/devops/IBM/ibm-ucd/agent/var/temp/logs8686675816709252926/output.props' working directory: /opt/devops/IBM/ibm-ucd/agent/var/work/ValidateJIRATicket properties: PLUGIN_INPUT_PROPS=/opt/devops/IBM/ibm-ucd/agent/var/temp/logs8686675816709252926/input.props PLUGIN_OUTPUT_PROPS=/opt/devops/IBM/ibm-ucd/agent/var/temp/logs8686675816709252926/output.props environment=DEV failMode=FAIL_ON_ANY_FAILURE issueIds=WSO-966 password=**** passwordScript=Nu@d6Yi9Ynu1Jb serverIssueUrl= serverUrl=https://jira.cppib.ca:8443 serverVersion=5.2.7 username=svc_ucd_jira_prod validateDEVQA=true environment: AGENT_HOME=/opt/devops/IBM/ibm-ucd/agent AH_AUTH_TOKEN=**** AH_WEB_URL=https://devops.cppib.ca:8443 AUTH_TOKEN=**** DS_AUTH_TOKEN=**** DS_SYSTEM_ENCODING=UTF-8 JAVA_OPTS=-Dfile.encoding=UTF-8 -Dconsole.encoding=UTF-8 PLUGIN_HOME=/opt/devops/IBM/ibm-ucd/agent/var/plugins/com.urbancode.air.plugin.JiraCPPIB_4_ac426f75d516a7edfe50089f9909ab94761e855a44669aa88733befc30681d39 UD_DIALOGUE_ID=319f2b3c-89c6-4688-90ae-913ada3941f8 WE_ACTIVITY_ID=ee559a55-7874-4858-b291-1985a606341f ================================================================================ Validate DEV/QA:true Environment:DEV Server:https://jira.cppib.ca:8443 CustomFieldName:null Issue Keys: [WSO-966] Found 1 issue keys Feb 27, 2015 12:30:16 PM org.apache.axis.utils.JavaUtils isAttachmentSupported WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. failures=0 and msg= Caught: com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation. AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation. faultActor: faultNode: faultDetail: {}com.atlassian.jira.rpc.exception.RemotePermissionException:null {http://xml.apache.org/axis/}hostname:priappvmjira01.cppib.ca com.atlassian.jira.rpc.exception.RemotePermissionException: No permission to perform operation.

Like
Jirong Hu
Jirong Hu February 27, 2015

import com.urbancode.air.XTrustProvider; import com.urbancode.air.plugin.jira.addcomments.FailMode; import java.lang.reflect.Array; XTrustProvider.install(); final File resourceHome = new File(System.getenv()['PLUGIN_HOME'],"lib") final def buildLifeId = System.getenv()['AH_BUILD_LIFE_ID'] // Get Input Properties final def props = new Properties(); final def inputPropsFile = new File(args[0]); final def inputPropsStream = null; try { inputPropsStream = new FileInputStream(inputPropsFile); props.load(inputPropsStream); } catch (IOException e) { throw new RuntimeException(e); } // Set Output Properties final def outProps = new Properties(); final def outPropsStream = new FileOutputStream(args[1]); // Check if validation is not required for DEV and QA environment final def validateDEVQA = props['validateDEVQA']; final def env = props['environment']; println "Validate DEV/QA:$validateDEVQA"; println "Environment:$env"; env = env.toUpperCase(); if ( ((env =~ "DEV") || (env =~ "QA")) && (validateDEVQA == "false") ) { //if ( ( (env.contains("DEV")) || (env.contains("QA")) ) && (validateDEVQA == false) ) { println ("It's $env environment, and validation is not requested."); System.exit(0); } // Get all properties final def serverUrl = props['serverUrl'] final def serverVersion = props['serverVersion']; final def username = props['username'] final def password = props['passwordScript']?:props['password']; final def customFieldName = props['customFieldName'] //new attribute to store the customer field name final def Ids = props['issueIds']; def issueIds = Ids.split(',') as List; final def failMode = FailMode.valueOf(props['failMode']); final def customFieldNameEnv = "customfield_10011"; ////Environment: customFieldId=10011 for IT final def customFieldNameBMCSD = "customfield_10511"; //BMC Scheduled Date/Time: customFieldId=10511 final def customFieldNameBMCRefNo = "customfield_10112"; //BMC Ref NO: customFieldId=10112 println "Server:$serverUrl"; println "CustomFieldName:$customFieldName"; print "Issue Keys:\t"; println issueIds; println ""; // Load the appropriate Jira Soap Classes into classloader final def jiraSoapJar = new File(resourceHome, "jira-${serverVersion}.wsdl.jar") assert jiraSoapJar.isFile(); this.class.classLoader.rootLoader.addURL(jiraSoapJar.toURL()) def JiraSoapServiceServiceLocator = Class.forName('com.atlassian.jira.rpc.soap.jirasoapservice_v2.JiraSoapServiceServiceLocator'); def RemoteIssue = Class.forName('com.atlassian.jira.rpc.soap.beans.RemoteIssue') def RemoteComment = Class.forName('com.atlassian.jira.rpc.soap.beans.RemoteComment') def RemoteFieldValue = Class.forName('com.atlassian.jira.rpc.soap.beans.RemoteFieldValue') def RemotePermissionException = Class.forName('com.atlassian.jira.rpc.exception.RemotePermissionException') //added new line for remote custom field value def RemoteCustomFieldValue = Class.forName('com.atlassian.jira.rpc.soap.beans.RemoteCustomFieldValue') // get the changes of the build life from ahptool println "Found ${issueIds.size()} issue keys"; if (issueIds.isEmpty()) { println "No issue keys found in changelog, either there were no changes or GetChangeLogStep was not run."; return; } def failures = 0; def String msg = ""; // connect to Jira String fullAddress = serverUrl + "/rpc/soap/jirasoapservice-v2"; if (!fullAddress.startsWith("http")) { fullAddress = "http://"; + fullAddress; } def locator = JiraSoapServiceServiceLocator.newInstance(); locator.jirasoapserviceV2EndpointAddress = fullAddress; def jiraSoapService = locator.getJirasoapserviceV2(); def sessionToken = jiraSoapService.login(username, password); // Get the number to value mapping def issueTypesMap = new HashMap<String,String>(); def issueStatusesMap = new HashMap<String,String>(); //println ("\nHere is the list of Issue Types ID and Names:"); def issueTypes = jiraSoapService.getIssueTypes(sessionToken); for (def remoteIssueType : issueTypes) { String name = remoteIssueType.getName(); String id = remoteIssueType.getId(); //println("Id:" + id + " " + "Name:" + name); issueTypesMap.put(id, name); //String value = issueTypesMap.get(id).toString(); //println("Id:" + id + " " + "value:" + value); } //println("\nIssue Type Map:\n" + issueTypesMap); //println ("\nHere is the list of Status ID and Names:"); def statuses = jiraSoapService.getStatuses(sessionToken); for (def remoteStatus : statuses) { String name = remoteStatus.getName(); String id = remoteStatus.getId(); //println("Id:" + id + " " + "Name:" + name); issueStatusesMap.put(id, name); } //println("\nIssue Status Map:\n" + issueStatusesMap); try { //def statuses = jiraSoapService.getStatuses(sessionToken); for (def issueKey : issueIds) { try { def returnedIssue = jiraSoapService.getIssue(sessionToken, issueKey) if (!returnedIssue) { println("\tSkipping Issue "+issueKey+": Specified Issue not found."); failures++; if (failMode == FailMode.FAIL_FAST) { throw new Exception("Issue not found for $issueKey"); } } else { // Get System Field values String type = returnedIssue.getType(); String status = returnedIssue.getStatus(); println("\tIssue type:" + type); println("\tIssue status:" + status); // Verify println(issueTypesMap.get(type).toString()); if ("Deployment" != issueTypesMap.get(type).toString()) { failures++; msg = "Issue Type is not Deployment." } if ("Open" == issueStatusesMap.get(status).toString()) { failures++; msg = msg + "Issue Status is still Open." } def customFieldValues = returnedIssue.getCustomFieldValues(); //method to get all custom Field Values //for (RemoteCustomFieldValue remoteCustomFieldValue : customFieldValues) { // String[] values = remoteCustomFieldValue.getValues(); // for (String value : values) { // System.out.println("Value for CF with Id:" + remoteCustomFieldValue.getCustomfieldId() + " -" + value); // } //} // Get Environment field value def value_set_env=0; for (def remoteValue : customFieldValues) { if (remoteValue.getCustomfieldId() == customFieldNameEnv) { def values = remoteValue.getValues(); if (values.length != 0) { println ("Issue $issueKey custom field ($customFieldNameEnv):Environment has a value of: $values"); // Write to out properties try { outProps.setProperty("Environment", "$values"); outProps.store(outPropsStream,null); } catch (IOException e) { throw new RuntimeException(e); } value_set_env=1; // Compare environment in UrbanCode and JIRA //def value = values.toString(); //value = value.replace('[',''); //value = value.replace(']',''); //if (!(env.compareTo(value) == 0)) { /// failures++; // msg = msg + "Environment doesn't match."; //} break; } else { msg = msg + "[Environment field is empty]"; //throw new Exception("Issue $issueKey custom field '$customFieldName' has no value!"); } } } //if we get to this point then the custom field was not found if (value_set_env!=1) { failures++; msg = msg + "[Environment field is not found]"; }/// // Get BMC Scheduled Date/Time field value def value_set_sdt=0; for (def remoteValue : customFieldValues) { if (remoteValue.getCustomfieldId() == customFieldNameBMCSD) { def values = remoteValue.getValues(); if (values.length != 0) { println ("Issue $issueKey custom field ($customFieldNameBMCSD):Scheduled Date/Time has a value of: $values"); value_set_sdt=1; break; } else { msg = msg + "[BMC Scheduled Date/Time is empty]"; //throw new Exception("Issue $issueKey custom field '$customFieldName' has no value!"); } } } //if we get to this point then the custom field was not found if (value_set_sdt!=1) { failures++; msg = msg + "[BMC Scheduled Date/Time field is not found]"; }/// // Get BMC Ref No field value def value_set_brn=0; for (def remoteValue : customFieldValues) { if (remoteValue.getCustomfieldId() == customFieldNameBMCRefNo) { def values = remoteValue.getValues(); if (values.length != 0) { println ("Issue $issueKey custom field ($customFieldNameBMCRefNo):BMC Ref No has a value of: $values"); // Write to out properties try { outProps.setProperty("BMCNumber", "$values"); outProps.store(outPropsStream,null); } catch (IOException e) { throw new RuntimeException(e); } value_set_brn=1; break; } else { msg = msg + "[BMC Ref No is empty]"; //throw new Exception("Issue $issueKey custom field '$customFieldName' has no value!"); } } } //if we get to this point then the custom field was not found if (value_set_brn!=1) { failures++; msg = msg + "[BMC Ref No field is not found]"; } /// } } catch (Exception e) { throw e; } } } finally { jiraSoapService.logout(sessionToken) println ("failures=$failures and msg=$msg"); } if (failMode == FailMode.FAIL_ON_ANY_FAILURE && failures > 0) { println "Got one or more failure!"; throw new RuntimeException(msg); } if (failMode == FailMode.FAIL_ON_NO_UPDATES && failures == issueIds.size()) { println "All failed!"; throw new RuntimeException("All Failed!"); } System.exit(0)

Like
Jirong Hu
Jirong Hu February 27, 2015

The above is my code and the runtime output, it's using that account to login.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 2, 2015

I'm afraid I don't have the energy to debug a whole mass of disparate code like that. Check the login bits and add explicit logging to show what the code is actually doing - I still don't think it is logging in as the right user

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events