Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to use the PermissionManager in a Confluence Plugin Rest Module

xeemed
xeemed
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 6, 2018

I tried to use the (autowired) PermissionManager in a Confluence Rest Module as follows:


ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
if(!permissionManager.isConfluenceAdministrator(confluenceUser)) {
    throw....
}

 If the user is not logged-in the exception is thrown and everything is fine but if the user is logged-in and has admin permissions I get a NullPointerException in the isConfluenceAdministrator method. The user object seems to be fine (and not NULL). The code is within a POST Method. I send the request from a custom settings page (location: system.admin).

Answer
Watch
Like Be the first to like this
1266 views

2 answers

1 accepted

1 vote
Answer accepted
Hasnae
Hasnae
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 6, 2018

This is how I build rest resources in plugins, the following shows how to include the PermissionManager

package com.atlassian.confluence.community.rest;

import com.atlassian.annotations.security.XsrfProtectionExcluded;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;

import static java.util.Collections.singletonMap;

@Path("/sample")
public class SampleResource {

    private final PermissionManager permissionManager;

    public SampleResource(final @ComponentImport PermissionManager permissionManager) {
        this.permissionManager = permissionManager;
    }

    @GET
    @Produces("application/json")
    @XsrfProtectionExcluded
    public Response get() {
        final ConfluenceUser currentUser = AuthenticatedUserThreadLocal.get();
        if (!permissionManager.isConfluenceAdministrator(currentUser)) {
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        return Response.ok(singletonMap("username", currentUser.getName())).build();
    }
}

and has the following package imports on the pom file definition

<Import-Package>
    com.atlassian.annotations.security,
    com.atlassian.confluence.security,
    com.atlassian.confluence.user,
    com.atlassian.user,
    javax.ws.rs,
    javax.ws.rs.core,
    org.springframework.osgi.*;resolution:="optional",
    org.eclipse.gemini.blueprint.*;resolution:="optional"
</Import-Package>

Hope this helps

View More Comments
xeemed
xeemed
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 7, 2018

great! this works, thanks a lot. But i still need the following entry in the META-INF/spring/plugin-context.xml file:

<osgi:reference id="permissionManager" interface="com.atlassian.confluence.security.PermissionManager"/>

 Same for you?

Like
Hasnae
Hasnae
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 7, 2018

Ah right; indeed !

However I am using atlassian spring scanner, so my plugin-context.xml looks a bit different.

You can find the whole plugin setup here https://bitbucket.org/viqueen/confluence-community/

Like
Reply
0 votes
Steven F Behnke
Steven F Behnke
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 6, 2018

This would likely be better asked at community.developer.atlassian.com. 

I'm not sure why that method would throw an NPE because the javadoc doesn't state that it throws an NPE under desirable circumstances. 

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events