Hi @AndreasEbert
Thanks for asking this question, I meant beta/RC in this case which are also early access. You can find the latest under the same old link: https://www.atlassian.com/software/confluence/download-eap
Thanks
If you look at pre-9.0 versions, Expansion.AS_EXPANSION is just an alias for new Expansion, so just use that constructor.
You can also use ExpansionsParser.parse() if you want to parse multiple expanion properties into an Expansion[].
1 Like
Thanks for your reply!
Yes, after looking at some older Confluence source code (still waiting to get access to more recent source code), I resorted to using
final Function<String, Expansion> asExpansion = Expansion::new;
final Expansion spaceExpansion = asExpansion.apply("space");
instead, using the java.util.function.Function, which worked well. However, I think it would be more elegant to use the ExpansionParser, but I don’t understand which kind of parameters it expects, and I can’t find where that is documented. can you point me to the right place? Some example code would be useful.
Could you try upgrading to milestone m137 and try out again.
We unfortunately don’t have access to that version. It’s not published on the EAP page nor the maven repo.
I suppose you’ll be publishing a new EAP release (milestone or beta) next Monday?
I’m currently still blocked by the WebPanel problem (new interface from API package not being recognized by module descriptor), so compatibility work is currently on hold.
I also see this in the logs when installing our app in 9.0.0-beta3. And indeed, our app’s REST API still works fine also. So this is just about the log-message being misleading this time, I guess.
@Kusal, or am I doing something wrong with the dependencies? We use these REST-related maven-dependencies:
<confluence.version>9.0.0-beta3</confluence.version>
<platform.version>7.0.14</platform.version>
<dependencyManagement>
<dependency>
<groupId>com.atlassian.confluence</groupId>
<artifactId>confluence-plugins-platform-pom</artifactId>
<version>${confluence.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.atlassian.platform.dependencies</groupId>
<artifactId>platform-public-api</artifactId>
<version>${platform.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
...
</dependencyManagement>
...
<dependency>
<groupId>com.atlassian.plugins.rest</groupId>
<artifactId>atlassian-rest-v2-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.inject</groupId>
<artifactId>jakarta.inject-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jaxrs</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
<scope>test</scope>
</dependency>
(Skipping unrelated dependencies here in this post; hopefully nothing in there is causing this…)
1 Like
Was it possible for you to reproduce the issue of localNotificationService @kmacleod ?
Hi @kusal (or maybe @TomRijnbeek, since I saw you had some involvement writing the REST v2 release notes):
Following up on my previous post about how to migrate a REST ServiceExceptionMapper to REST v2, I saw that the original (REST v1) package containing that class was removed from the allowed APIs in today’s 9.0.0-beta3 release.
Is there any guidance on how to migrate this in order to continue to support Confluence read-only mode (as Atlassian suggests in its guide)? And if this isn’t in your wheelhouse, might it be possible to route this question to whoever is responsible?
A second issue is that, in the same guide, the section about REST resources says:
Any POST/PUT/DELETE REST requests will be effectively blocked by a request filter, with the option for allowing them to pass through via the
@ReadOnlyAccessAllowedannotation on the relevant REST resource’s method/class/package.
This no longer appears to be true with REST v2. In my limited tests, Confluence 9.0.0-beta3 happily dispatches REST requests to an app’s PUT/POST/etc endpoints, even when in read-only mode, with or without annotations.
Is this expected behavior, meaning that individual app vendors themselves should expect to have the burden of enforcing this on platform 7? Or is there an expected evolution on the Confluence side?
Thanks,
Scott
Hi @anastoumi ,
There’s a few issues with your pom.xml file, but the one I think causing your problem is this
<dependency>
<groupId>com.atlassian.mywork</groupId>
<artifactId>mywork-api</artifactId>
<version>3.0.0-m001</version>
<scope>compile</scope>
</dependency>
That’s a very, very old version of mywork-api. Confluence 9.0 bundles mywork 19.0.x (check the pom for the exact version, but it’s 19.0.69 in beta2). Secondly, it should be provided-scope, not compile-scope, since it’s provided by Confluence.
More generally, I strongly recommend you use the plugins-platform-pom to manage the versions of these components for you, by adding this:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.atlassian.confluence</groupId>
<artifactId>confluence-plugins-platform-pom</artifactId>
<version>${confluence.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
This will allow you to remove most, if not all, of the provided-scope dependency versions in your own POM, and will automatically keep them in sync with Confluence’s bundled versions, so for example, you’d just have this
<dependency>
<groupId>com.atlassian.mywork</groupId>
<artifactId>mywork-api</artifactId>
<scope>provided</scope>
</dependency>
Ah, thanks, this is what I wanted to know.
Yeah, this is the simplest method for what you want to achieve. While not perfect, it’s good to hear you’re unblocked for now.
The WebPanel interface never extended from WebFragment interface, not just because it’s gained other things that aren’t supported and/or don’t make sense for them, but because plugins can both implement WebPanel and there are default implementations. If we added even optional methods it could break backwards compatibility and/or take power back away from plugins and/or create more complexity than it solves.
Thanks for reporting the issue, now we’re more concious of it. Our knowledge of the failings and successes of Web Fragments as a whole will feed into developing Client-side Extensions.
I think there’s a larger issue of a WebPanel not knowing details about itself that we need to take more time to solve. The only workaround [currently] for getting a lot of details is reading the XML that’s missing from the API/SPI. Perhaps even the web-panel-renderers get smarter and the panels themselves stay the same. Hard to tell without more signal so…
If others run into this issue or related issues, I’m keen to hear it.
1 Like
com.fasterxml.jackson.datatype
jackson-datatype-jsr310
provided
it is not exported from conf. You need to bundle the version if required by the plugin
Hi @scott.dudley and every one, this is fruitful information. However, I’m having trouble making this allowlisting work on my plugin. I have two error thrown by velocity:
2024-07-09 17:46:46,218 WARN [http-nio-8090-exec-4 url: /plugins/servlet/upm; user: admin] [allowlist.impl.internal.PluginAllowlistConfigurator] getModuleMethodAllowlist Class com.atlassian.confluence.plugin.webresource.DefaultConfluenceWebResourceManager cannot be loaded - disabling Velocity Allowlist plugin module com.adaptavist.confluence.engine:velocity-allowlist-dynamictasklist2-engine
2024-07-09 17:00:54,464 WARN [http-nio-8090-exec-4 url: /plugins/servlet/upm; user: admin] [allowlist.impl.internal.PluginAllowlistConfigurator] getModuleMethodAllowlist Class com.atlassian.confluence.plugin.descriptor.web.model.ConfluenceWebLink cannot be loaded - disabling Velocity Allowlist plugin module com.adaptavist.confluence.engine:velocity-allowlist-dynamictasklist2-engine
I have added these methods to the allowlist as you can see here:
<velocity-allowlist key="velocity-allowlist-dynamictasklist2-engine">
<method>com.atlassian.confluence.plugin.webresource.DefaultConfluenceWebResourceManager#getSpaceCssPrefix(java.lang.String)</method>
<method>com.atlassian.confluence.plugin.descriptor.web.model.ConfluenceWebLink#getDisplayableUrl(javax.servlet.http.HttpServletRequest java.util.Map)</method>
</velocity-allowlist>
If I remove those methods from the list, I get the following errors instead.
2024-07-09 17:47:52,173 WARN [http-nio-8090-exec-6 url: /, /dashboard.action; user: admin] [velocity] log Invocation blocked as method is not allowlisted: com.atlassian.confluence.plugin.descriptor.web.model.ConfluenceWebLink#getDisplayableUrl(javax.servlet.http.HttpServletRequest java.util.Map)
-- url: / | userName: admin | referer: http://localhost:8090/plugins/servlet/upm | traceId: 1e441517afe81d38
2024-07-09 17:47:52,173 WARN [http-nio-8090-exec-6 url: /, /dashboard.action; user: admin] [velocity] log Invocation blocked as method is not allowlisted: com.atlassian.confluence.plugin.descriptor.web.model.ConfluenceWebLabel#getDisplayableLabel(javax.servlet.http.HttpServletRequest java.util.Map)
-- url: / | userName: admin | referer: http://localhost:8090/plugins/servlet/upm | traceId: 1e441517afe81d38
I’m kinda confused here as if we need to consumes some methods from the velocity template, we have to add it to the list. Once it has been done, we getting error says the class cannot be load.
Would appreciate any advice and idea!
1 Like
Hi @fgrund,
Did you find a solution for this? I’m experiencing a java.lang.ClassNotFoundException with com.atlassian.confluence.userstatus.FavouriteManager, even though it should be available on confluence9-beta3: FavouriteManager (Atlassian Confluence 9.0.0-beta3 API)
Hi @Leon
Plugins may only allowlist classes/method that originate from their plugin. In this case, we have overlooked adding those 2 methods to the system allowlist.
Thanks for reporting them - I’ll have them added prior to the next release
1 Like
Maybe it will help somebody.
My problem: I used too old version as provided. I’ve updated version, removed provided and problem was solved.
Does anybody know how to filter beans by ID via ImportOptions?
I try importOsgiService, but have this error:
How can I inject bean by ID defaultSelectionStorageFormatModifier?
I’ve read these docs and these docs for ldap filters, but still can’t understand.
I tried this approach
return importOsgiService(SelectionStorageFormatModifier.class, ImportOptions.defaultOptions().withFilter("(id=defaultSelectionStorageFormatModifier)"));, but it doesn’t work.
In Spring I would use Qualifier or something like that, but what should I use here?
Kind regards
If you remove provided, Maven defaults to compile (possibly unless overridden through dependencyManagement). You definitely want this as provided scope, and you’re likely to get weird exceptions in the future if it is compile (be sure to confirm with atlas-mvn dependency:tree).
2 Likes
Kusal provided the correct long-term answer earlier (namely, that you can only allowlist methods from your app’s own classes). If you don’t want to wait a week for the next EAP, or if you simply want to reduce your Velocity dependencies on core Confluence code, you can easily wrap these calls in one of your app’s own methods, and then just allowlist those methods.
Hi @ashraf
As discussed with @mohamedin in a separate thread, it was found that your app was initialising a thread to handle the work on PluginEnabledEvent:
@EventListener
public void handleEvent(PluginEnabledEvent pluginEnabledEvent)
{
if (pluginEnabledEvent.getPlugin().getKey().equals(“com.mxgraph.confluence.plugins.diagramly”))
{
new Thread(new Runnable()
{
@Override
public void run()
{
// Sleep for sometime until system is ready
configSpace.createConfigSpace();
}
}).start();
}
}
and since PermissionManager#withExemption uses ThreadLocalCacheAccessor, which needs to be initialised first using #init() method. You were seeing anonymous error because of uninitialised cache.
ThreadLocalCacheAccessor#init() should do the trick for you.
1 Like
Hi kmacleod,
I saw that objectNode is changed to com.fasterxml.jackson.databind.node.ObjectNode from org.codehaus.jackson.node.ObjectNode.So do we have handle this change to get compatibility in lower versions of confluence 8.x and 7.19
Thanks,
Aparna
We are currently working on fixing broken ReadOnlyAccessFilter. I will keep you posted once it is fixed.
Regards
Nikhil Jain
1 Like