It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Integrating Atlassian Crowd with Spring Boot 2.1.7 via Spring Security - Issues

I have run into some bugs while configuring crowd, this is a topic that I have put off tackling several times because of the amount of people saying it doesn't work with the official atlassian article.

I took on the task, most of it was fine but I think I found a couple of bugs.

  1. CrowdSecurityFilter - seems to just outright deny passage even for paths which are permitted. I had to exclude this bean and it was fine, this is annoying because it means the XML provided by atlassian cannot be used as is and I have to pull it into the project and comment out that bean.
  2. CrowdAuthenticationProvider - When debugging the auth process, inside the following method the authenticationToken.getDetails() doesn't return null, so it throws a false, which in turn causes the authenticate call to return null.
public boolean supports(AbstractAuthenticationToken authenticationToken) {
return authenticationToken.getDetails() == null || authenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails;
}
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!this.supports(authentication.getClass())) {
return null;
} else if (!this.supports((AbstractAuthenticationToken)authentication)) {
return null;
} else {
Authentication authenticatedToken = null;
if (authentication instanceof UsernamePasswordAuthenticationToken) {
logger.debug("Processing a UsernamePasswordAuthenticationToken");
authenticatedToken = this.authenticateUsernamePassword((UsernamePasswordAuthenticationToken)authentication);
} else if (authentication instanceof CrowdSSOAuthenticationToken) {
logger.debug("Processing a CrowdSSOAuthenticationToken");
authenticatedToken = this.authenticateCrowdSSO((CrowdSSOAuthenticationToken)authentication);
}

return authenticatedToken;
}
}

 As a result the UI displays the following:

No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

I had to replace the implementation with authenticationToken.getDetails() != null but I am unsure of the intended direction here, going back before version 3 of this library it seems like it was a completely different implementation for this method.

I have written a blog about the topic to provide some more context and a bitbucket repo exists which replicates the issue.

https://fxqlabs.net/display/OSS/2019/08/20/Integrating+Atlassian+Crowd+with+Spring+Boot+via+Spring+Security

https://bitbucket.org/fxqlabs-oss/integrating-atlassian-crowd-with-spring-boot-via-spring/commits/1399518fe0f21f00fe2064991170585ac0bfe314

I would really like to get rid of these hacks to get the platform working because otherwise it's actually a very neat solution.

Thanks

0 answers

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

2019: All Wrap(ped) Up Like a Present

Hindsight might be 2020 but looking back, a lot of cool new features rolled out in 2019. From new collaboration and organizational powers to fresh templates and handy integrations, it’s been quite th...

215 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you