Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Exception starting filter CrowdSecurityFilter

Roel Croonenberghs October 12, 2015

I try to authenticate my own application against the in JIRA embedded crowd.

I put the CrowdSecurityFilter filter in my web.xml but it fails to start my application with the following error.

SEVERE: Exception starting filter CrowdSecurityFilter
java.lang.InstantiationException: com.atlassian.crowd.integration.http.filter.CrowdSecurityFilter
    at java.lang.Class.newInstance0(
    at java.lang.Class.newInstance(
    at org.apache.catalina.core.DefaultInstanceManager.newInstance(
    at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
    at org.apache.catalina.core.ApplicationFilterConfig.<init>(
    at org.apache.catalina.core.StandardContext.filterStart(
    at org.apache.catalina.core.StandardContext.startInternal(
    at org.apache.catalina.util.LifecycleBase.start(
    at org.apache.catalina.core.ContainerBase$
    at org.apache.catalina.core.ContainerBase$
    at java.util.concurrent.FutureTask$Sync.innerRun(
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
    at java.util.concurrent.ThreadPoolExecutor$
12-okt-2015 13:29:37 org.apache.catalina.core.StandardContext startInternal
SEVERE: Error filterStart


This is what I have in my web.xml



Any ideas what I am doing wrong or missing?

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 12, 2015


I don't know the full answer from direct experience, but here's what I can tell about what's happening:

  1. You're getting an InstantiationException because the web.xml filter definitions assume that they can use a default constructor. The CrowdSecurityFilter does not have a default constructor so it cannot be used that way. It needs to be provided with a CrowdHttpAuthenticator as well as an AuthenticationUrlProvider (which it can obtain from ClientProperties).
  2. This documentation is probably your best best for learning the right way to do this: — For the most part, applications do not need to know whether it is really Crowd or JIRA as a Crowd Server (JaaCS) that they are talking to, as the client-side code is configured in essentially the same way.


Roel Croonenberghs October 12, 2015

I'm doing things descibe on If I remove the filter, then the calls I make to retrieve group information are successful. But I want it to be a SSO application. And therefore I need the username from the current session. And to what I have read on the internets, that is only possible with the CrowdSecurityFilter. I' ve done this on crowd 2.2.7 and then it works. But the classes are a little different because that is an old version. See

AUG Leaders

Atlassian Community Events