Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

[Jira] Problem while trying to pre authenticate user

Mickael BRIDARD
Mickael BRIDARD September 9, 2013

Hello,

After having developed a plugin doing an OAuth2 authentication on Stash product, I wanted to adapt it to use it into Jira.

I have looked into the Javadoc and I think I have been able to find how to force the authentication as a user without entering the password but after executing login action the session is lost.

Here is my context:

I have a Filter which will start the OAuth2 protocol If the user access to /login.jsp page

<servlet-filter name="OAuth BeforeLogin Filter" key="jira-oauth-pre-filter"

                    class="bean:OAuthFilter"

                    location="before-login" weight="10">

        <url-pattern>/login.jsp</url-pattern>

        <dispatcher>REQUEST</dispatcher>

        <dispatcher>FORWARD</dispatcher>

    </servlet-filter>

In this filter, I start the protocol OAuth2, It means that I redirect the user to another server (the OAuth2 provider), then this server redirect the user on my callback URL:

http://localhost:2990/jira/plugins/servlet/callback?code=<oauth2_code>

At this moment, I am able to know the name of the user and I want to authenticate him in the application without entering the password.

Here is a part of my Callback.java file:

public class Callback extends HttpServlet

{



  private final PluginSettings pluginSettings;

  private final LoginUriProvider loginUriProvider;

  private final TemplateRenderer renderer;

  private final JiraAuthenticationContext authContext;

  private final GroupManager groupManager;

  private final UserUtil userUtil;





  public Callback(PluginSettingsFactory pluginSettingsFactory, LoginUriProvider loginUriProvider, TemplateRenderer renderer, JiraAuthenticationContext authContext, GroupManager groupManager, UserUtil userUtil)

{

  

  this.pluginSettings = pluginSettingsFactory.createGlobalSettings();  

  this.loginUriProvider = loginUriProvider;

  this.authContext = authContext;

  this.renderer = renderer;

  this.groupManager = groupManager;

  this.userUtil = userUtil;



}

 

@Override

public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException

{

	//This is the "end of OAuth protocol", this URL should be called with a code parameter

	if(request.getParameter("code") != null){

		//We have obtained an OAuth code from UPM

	     String code = request.getParameter("code");



		/* 

		I do some stuff related to OAUth protocol and then finally I known the user name to be logged in as 

		oAuthRetrievedUser is a User Jira object

		*/

		

	     authContext.setLoggedInUser(oAuthRetrievedUser);

		 response.sendRedirect("/jira");  

    }

}

Just before the line response.sendRedirect, If I execute : authContext.getLoggedInUser(), I have the correct user, but after the redirection, the session seems to not be kept and the user is not logged.

Do you see something I am doing wrong?

Thanks for your help

Answer
Watch
Like Be the first to like this
379 views

1 answer

0 votes
Mickael BRIDARD
Mickael BRIDARD September 10, 2013

After having looked to this plugin code:
https://bitbucket.org/pawelniewiadomski/openid-authentication-for-jira/src/0fd4138c2562d376e00ca0d0deb64430609ae12f/src/main/java/com/pawelniewiadomski/jira/openid/authentication/servlet/OpenIdServlet.java?at=master

I did managed to authenticate the user replacing:

authContext.setLoggedInUser(oAuthRetrievedUser);

by

//We authenticate the user
        		   final HttpSession httpSession = request.getSession();
                   httpSession.setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, oAuthRetrievedUser);
                   httpSession.setAttribute(DefaultAuthenticator.LOGGED_OUT_KEY, null);

Could you tell me If this is the correct way to do it ?

Thanks

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.