Posted on Leave a comment

Software project types are visible to all JIRA users

Jira Logo

By default, Software project types in JIRA are visible to all JIRA users. This might pose a potential security problem since all your JIRA users will be able to see and possibly access your company’s software projects. Having setup and customized JIRA for numerous customers and projects in the past this is one of the first issues you should definitely deal with from a security perspective. This post serves as quick note on how to disable access to all JIRA users for software projects types by default and configure access on project based settings instead.

Disable access to all JIRA users for software project types

Per default, the permission to browse Software project types in JIRA defaults to all users. to To overcome this potential security issue go ahead and have a look at the Browse Projects permission in your Default software Schema via the Permission Scheme settings, as shown below:

JIRA Default software scheme
JIRA Default software scheme

As you can see by default the Browse Projects permission includes Application access for Any logged in user. Since this setting supersedes the Project role related setting all of your JIRA users will be able to see your software projects by either browsing through the projects list (hence the permission named “Browse Projects”) or by simply using direct links.

Now since we want to set permissions on project level for our users we need to remove the Browse Projects permission setting for the Application access and only use the Project role instead. The screenshot below shows the correct setting for project based browse permissions for your JIRA projects:

JIRA Software Project Scheme - edited
JIRA Default software scheme – edited

You are now able to properly configure access to your JIRA software projects on a project based level and your JIRA users will only see those projects they are a member of.

Final hint: Make sure to check your Browse Projects permission for all of your remaining permission schemes. As always, enjoy JIRA 🙂

Posted on Leave a comment

Linking JIRA to GitHub to streamline agile workflow

Jira Logo

In order to automatically track and link the progress of your JIRA issues based on your developers’ commits in your Github repositories make sure to checkout the JIRA DVCS connector addon.

It only takes a few simple steps to link your JIRA projects to your GitHub repositories to streamline your agile workflow, as shown below. First, you’ll need to register a new application for your main GitHub account, in order to generate OAuth tokens required to link JIRA to GitHub:

Generate OAuth tokens in GitHub

Choose JIRA DVCS for the application name and your full base URL of your JIRA cloud-based setup for Homepage URL and Authorization callback URL:

Configuring DVCS connector URL in GitHub Once you’ve registered your new application you will get the OAuth tokens (client ID and client secret) required by the JIRA DVCS connector:

Configure DVCS connector using OAuth tokens in GitHub

Now that you have your OAuth tokens it’s time to setup the JIRA DVCS connector. Thus, open the Administration > Source Control > DVCS Accounts tab in JIRA and select Link BitBucket or GitHub account:

Link JIRA DVCS to GitHub using OAuth tokens

There you’ll need to enter the OAuth tokens generated in GitHub:

Link JIRA DVCS to GitHub using OAuth tokens

Feel free to select Auto Link New Repositories and Enable Smart Commits when needed. Once you’ve added the tokens you get a list of your authorized GitHub repositories (public and private, depending on the permissions chosen for the GitHub application) that are now available to JIRA:

Checking available GitHub repositories from within JIRA DVCS

 

Final Step

The last thing to do is to check that your developers have the proper rights for the View Development Tools permission:

Setting View Development Tools permission in GitHub

Now that everything is set up properly remind your developers to use the JIRA issue ID in the commit messages so that the JIRA DVCS connector is able to automatically assign commits to your issues.

Further reading is available here: Streamlining your development with JIRA.

Posted on Leave a comment

JIRA WAR Setup NoClassDefFoundError TransactionUtil Exception

Jira Logo

When receiving a NoClassDefFoundError TransactionUtil exception when setting up JIRA using WAR make sure that all required libraries are installed.

java.lang.NoClassDefFoundError: org/ofbiz/core/entity/TransactionUtil
	com.atlassian.jira.web.filters.steps.requestcleanup.RequestCleanupStep.finallyAfterDoFilter(RequestCleanupStep.java:63)
	com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:85)
	com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33)
	com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
	com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41)
	com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
	com.atlassian.jira.web.filters.PathMatchingEncodingFilter.doFilter(PathMatchingEncodingFilter.java:49)
	com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
	com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:74)
	com.atlassian.multitenant.servlet.MultiTenantServletFilter.doFilter(MultiTenantServletFilter.java:91)
	com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:78)
Posted on Leave a comment

Customizing Date Format in JIRA

Jira Logo

Sometimes you might want (or need) to change the default date-time format set in JIRA. Out of the box the format is set to d/MMM/yy, which translates to for instance 1/Jan/13.

Luckily, this setting can be easily edited through the administration interface under System » General Configuration » Advanced (scroll down the General Configuration page), as shown below:

JIRA -> General Configuration -> Advanced

In order to change the format for dates and date-times you need to look for four options:

JIRA Datetime Format Options

Whereas jira.date.picker.* takes care of settings the format used for date strings, jira.date.time.picker.* sets the desired date-time format. Furthermore, there are two options for each of these settings, one for the client side datepicker (*.javascript.format) and the other for the JAVA formatter (*.java.format).

Matching Formats

Be aware of the fact that changing the way dates and datetime strings are display on the client side must conform to the format used on the server side, i.e. the server must be able to interpret the dates posted. Thus, it is required that the JavaScript and JAVA formats specified in the configuration match.

In case your settings do not match you will get an error such as “Please enter the date in the format “d/MMM/yy” when trying to save dates using the date picker.

Possible combinations for these format specifications can be found on Atlassian’s Configuring date picker formats page.

Look and Feel

Optionally. you can edit the way dates and datetime are displayed to users through the Look and Feel section in the administration interface (System » User Interface » Look and Feel):

JIRA Look and Feel Date Time Formats