Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Spring Security & Crowd REST API

Felix Schendel
Felix Schendel December 10, 2015

Hi,

we'd like to do SSO authentication with spring security 3 using Crowds REST API. Unfortunately there is nothing in the docs about it, because in the present examples only the SOAP interface is used.

Maybe you got some pointers where to look? CrowdHttpAuthenticator class looks promising but it is not compatible with CrowdSSOAuthenticationProcessingFilter class.

Thanks,

Felix

Watch
Like Be the first to like this
484 views

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Kurt Martinsen
Kurt Martinsen December 21, 2015

Hi Felix,

I don't know if this will help you at all, but we have successfully reached a point in development with Crowd Rest API (CrowdHttpAuthenticator) + Spring Boot in which if I login to any of our SSO Atlassian apps or my custom app, they will all honour the SSO session. This is how we did it:

  1. All application are under the same domain
  2. Added the crowd-integration-client-rest dependency in pom.xml
  3. Added an appropriate crowd.properties file in the resources folder (classpath)
  4. Annotated a Spring context configuration class with @ImportResource pointing to the Atlassian in-jar context XML (see below)
  5. (Optional) You can get the current logged in user by autowiring CrowdHttpAuthenticator and calling crowdHttpAuthenticator.getUser(request).

Context Configuration

@Configuration
@ImportResource("classpath:applicationContext-CrowdRestClient.xml")
public class MyContextConfiguration {
}

After that the application should redirect to your crowd login page when there is no SSO session. 

NOTE: I haven't implemented any login/logout actions on the app itself. Nor does the crowd login page redirect back to the application. There is also a few minute delay after logging out of another app before the application will ask for a new login.

I'm sure you can get a lot of information from the applicationContext-CrowdRestClient.xml file included in crowd-integration-client-rest.x.x.x.jar.

Hope this helps.

Regards,

Kurt

View More Comments
Felix Schendel
Felix Schendel December 21, 2015

Hi Kurt,

thanks for answering! I'm sure we'd need to implement custom login/logout methods and frankly i was hoping that sth premade could be found for this (exotic?) usecase... Nevertheless thanks again for answering and let me investigate the application-context file in the .jar. Nice pointer!

Thanks,

Felix

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events