Hi,
This worked in our project:
When the plugin is installed in Jira 9 SupportedMethods annotation will be loaded from the Jira class loader.
Is everyone going to publish 1 version of their app for Jira 9.x, and 1 version of their app for Jira 8.13?
We’ve tried, to avoid the ClassNotFoundError about the @SupportedMethods problem in Jira 8.13, we’ve tried to transform our XWork actions into REST GET methods, but Jira doesn’t respect the #requireResource() or #requireContext() tags in REST responses and doesn’t include the JS files (note that the entire decoration is missing, no top bar, etc.). Has anyone found a solution for this?
Is it well-known that PageBuilderService doesn’t work in REST resources?
We’re reluctant to move all our code back to Servlets, just because of this @SupportedMethods problem.
Hi @aragot,
use @marcin.kosmala solution, I checked it and it works perfectly.
Create new maven project
Add dependency to your plugin
Cheers
Hi Adam
With this way, you still need to build 2 jars, right?
Because when using in Jira 8, if the scope is provided, the 2 classes won’t be found.
Thanks
Laurent
no, I’m building one jar for Jira 8 and Jira 9 
. IDE asked me where to get these dependencies and I pointed to my previously built Maven project (compiled and installed in maven before adding dependencies to the Jira plugin project).
Jira 8 and 9 source
Point to my jar
Cheers
Hi all
Is there a way to enable a “strict” javascript mode to see where are the failing places that do not respect the front-end contract ( with require() and refine()) ?
Thanks
Laurent
Hi,
We are checking compatibility with Jira-9.0.0-m0009. We can no longer call methods on our components (defined in atlassian-plugin.xml) within the velocity files. These classes are available in the velocity context (I have verified this) but I can’t invoke any method on them. Methods are public and also defined on the corresponding interface. I can invoke methods on data classes.
/secure/AjaxIssueAction!default.jspa [org.apache.velocity] Cannot retrieve method dateTimeToString from object of class com.deniz.jira.reminders.service.ReminderServiceImp due to security restrictions.
Hi @FilipNowak ,
Regarding the @SupportedMethods annotation, would it be possible to tag it as @Inherited too. It would provide more flexibility in the way Actions are designed in a plugin (and help dealing with Jira8 vs Jira9 API particularities). Currently, you’re forced to annotate the action class declared in the atlassian-plugin.xml manifest, no way to annotate a generic action class (that could come from an external jar for example).
If the classes extends some “restricted” classes, they are blocked. Try to see in the packages a file called velocity.properties. It includes a list of what is allowed or not.
For me: I had a class extending a com.atlassian class, it was rejected due to this security
Thanks @LaurentNonnenmacher,
The class doesn’t extend from any other class but implements a few interfaces “LifecycleAware, DisposableBean, JobRunner”. Jobrunner is in package “com.atlassian.scheduler” and is included in “introspector.restrict.packages” setting in velocity.properties file of Jira. This behavior should be new to Jira 9, the same class was accessible with .VM files for years.
Once more regarding the @SupportedMethods annotations. There seems to have been a couple of different approaches here and via other channels.
@TomaszPrus Did you ever get some input from the team on how to approach this from a build targeting both Jira 8 & 9?
@aragot @denis did you manage to get this working?
For everyone looking for an implementation of @SupportedMethods compatible from Jira 8.13 and Jira 9.0, we’ve detailed our implementation there:
@rw-dennis
We implemented the solution by FilipNowak – compiling our plugin for Jira 9.
The compiled plugin has been tested against Jira 8.0 and Jira 8.22 – all our tests passed.
We also plan to test the solution by marcin.kosmala because it seems to be safer from the Jira 8 compatibility point of view.
https://community.developer.atlassian.com/t/jira-9-0-eap-04-is-here/55207/22
The problem is still reproduced in eap4: clicking on buttons Delete and Default in Resolutions results in “HTTP Status 405 – Method Not Allowed” error page opening.
Hi,
Regarding XSRF protection, I have a doubt if it is possible to obtain the xsrfToken for a form in a gadget.
I have a html gadget…
…
<Content type=“html” view=“profile, canvas, default”
…
and a form in the view template…
…
view: {
template: function (args) {
…
str+=" <form action=‘ATLASSIAN_BASE_URL/secure/CalculateCost!previous.jspa’ method=‘POST’ class=‘aui’…
str+=" <input type=‘hidden’ id=‘cost-old’ name=‘cost-old’…
str+=" </form…";
…
I have tried what is described on the page Form token handling
str+=“<form action='ATLASSIAN_BASE_URL/secure/CalculateCost!previous.jspa?atl_token=<webwork:property value="/xsrfToken"/>’ method=‘POST’ class=‘aui’…
str+=” <input type=‘hidden’ id=‘cost-old’ name=‘cost-old’…
str+="</form…
and
str+=“<form action=‘ATLASSIAN_BASE_URL/secure/CalculateCost!previous.jspa’ method=‘POST’ class=‘aui’…
str+= " <webwork:component name=‘atl_token’ value=‘/xsrfToken’ template=‘hidden.jsp’/>”
str+=" <input type=‘hidden’ id=‘cost-old’ name=‘cost-old’…
str+="</form…
but none work.
How can I get xsrfToken in a gadget?
Thanks.
I came across a bug with the JQL query blank not updating after using the browser’s back button in some circumstances.
See JQL Search Blank fails to clear on browser.back with some history in Jira 9 for detailed steps to reproduce.
Hi,
I would like to know if there is documentation available on the use of the points “New checkpoints for resource phases” and “App header updates”.
Thanks.
Quick question, how do you actually go about installing Jira Service Management 5 into your EAP 9 installation?
Hi @dortiz !
We described the changes and the steps you need to take in the Preparing for Jira 9.0 document mentioned in the post.
Please let me know if you find the instructions unclear or they don’t work for you.
Kind regards,
Michał
thank you very much for your answer.
My question is not about the use, we have tested the new checkpoints in our velocity files and they work.
We have tested our apps on Jira 9 EAP04 without using the new checkpoints and they work fine. All of our scripts are launched with JQuery and AJS.
But as it says in the point “New checkpoints for resource phases”
New checkpoint promises are provided by Jira pages by default. However, if you create a new page, you’ll need to add them.
and in the point “App header updates”
All global variables (e.g. jQuery or AJS) and AMD modules (e.g. jira/flag) won’t be accessible on pages with deferred scripts.
So my question is that if we don’t include the new checkpoints in our pages, will the application scripts stop working in the final release of Jira 9?
Thanks,
David.