Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Plugin with doFIlter gived authentication false whereas I am authenticated

Mickael BRIDARD
Mickael BRIDARD May 20, 2013

Hello,

I have a small problem with my own stash plugin.

I have implemented a doFilter to manage user authentication.

Here is my atlassian-plugin.xml description:

<component-import key="userService" interface="com.atlassian.stash.user.UserService"/>
    <component-import key="userAdminService" interface="com.atlassian.stash.user.UserAdminService"/>
    <component-import key="securityService" interface="com.atlassian.stash.user.SecurityService"/>

    <component key="OAuthFilter" class="net.exemple.oauth.authentication.OAuthFilter"/>

    <servlet-filter name="OAuth Filter" key="stash-oauth-filter"
                    class="bean:OAuthFilter"
                    location="before-login" weight="10">
        <url-pattern>*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </servlet-filter>

My doFilter function looks like:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    	      throws IOException, ServletException {
    	HttpServletRequest req = (HttpServletRequest) request;
    	HttpServletResponse resp = (HttpServletResponse) response;

    	Boolean standard_authent = false;
		if (req.getParameter("standard-authent") != null) {
			standard_authent = true;
		}
		
		System.out.println("URI => " + req.getRequestURI() + " and Next => " +req.getParameter("next"));
		System.out.println("Is Authenticated ? " + authenticationContext.isAuthenticated() + " with username = " + authenticationContext.getCurrentUser());
		
		
		if(req.getRequestURI().equals("/stash/login")){
			if( !standard_authent ){
				//I do some stuff to authenticate enduser
				//with the preauthenticate method
			}
		}
	    chain.doFilter(req, resp);
	}

Let's say I type:

http//localohost:7990/stash/login?standard-authent=true

I will then get the standard login form and I enter admin credentials. I access to project the page.

Now If I refresh the projects page, I can see that in the logs:

[INFO] [talledLocalContainer] URI => /stash/projects and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/mvc/projects and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/rest/inbox/latest/pull-requests/count and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/plugins/servlet/dev-toolbar and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] 2013-05-21 11:39:47,186 DEBUG [http-bio-7990-exec-18] admin 699x2289x2 1iauojk 172.16.231.139 "GET /rest/inbox/latest/pull-requests/count HTTP/1.1" c.a.s.p.inbox.rest.InboxResource Retrieving pull request count for user Administrator
[INFO] [talledLocalContainer] URI => /stash/projects/PROJECT_1/avatar.png and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/mvc/projects/PROJECT_1/avatar.png and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/rest/api/latest/profile/recent/repos and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null

Each time I enter in my doFilter I am considered as unauthenticated whereas I can access all pages and I also can see my user loggedin name:

[INFO] [talledLocalContainer] 2013-05-21 11:39:47,186 DEBUG [http-bio-7990-exec-18] admin 699x2289x2 1iauojk 172.16.231.139 "GET /rest/inbox/latest/pull-requests/count HTTP/1.1" c.a.s.p.inbox.rest.InboxResource Retrieving pull request count for user Administrator

Am I missing something ?

Thanks for your help !

Answer
Watch
Like Be the first to like this
521 views

1 answer

1 accepted

2 votes
Answer accepted
jhinch (Atlassian)
jhinch (Atlassian)
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 21, 2013

servlet-filter modules allow you to intercept requests at different parts of the filter change. For the full list and a description of each see the servlet-filter module documentation. In your situation you are using the 'before-login' location which means it will be applied before any of Stash's authentication filters. As a result stash doesn't know that a user is logined in yet for that request.

You may want to investigate using the http-authentication-handler module instead. This has the benefit of allowing you to specify a 'weight' if you would prefer to take lower precedence than Stash's standard authentication.

Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.