Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Integrating Atlassian Crowd with Spring Boot 2.1.7 via Spring Security - Issues

I have run into some bugs while configuring crowd, this is a topic that I have put off tackling several times because of the amount of people saying it doesn't work with the official atlassian article.

I took on the task, most of it was fine but I think I found a couple of bugs.

  1. CrowdSecurityFilter - seems to just outright deny passage even for paths which are permitted. I had to exclude this bean and it was fine, this is annoying because it means the XML provided by atlassian cannot be used as is and I have to pull it into the project and comment out that bean.
  2. CrowdAuthenticationProvider - When debugging the auth process, inside the following method the authenticationToken.getDetails() doesn't return null, so it throws a false, which in turn causes the authenticate call to return null.
public boolean supports(AbstractAuthenticationToken authenticationToken) {
return authenticationToken.getDetails() == null || authenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails;
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!this.supports(authentication.getClass())) {
return null;
} else if (!this.supports((AbstractAuthenticationToken)authentication)) {
return null;
} else {
Authentication authenticatedToken = null;
if (authentication instanceof UsernamePasswordAuthenticationToken) {
logger.debug("Processing a UsernamePasswordAuthenticationToken");
authenticatedToken = this.authenticateUsernamePassword((UsernamePasswordAuthenticationToken)authentication);
} else if (authentication instanceof CrowdSSOAuthenticationToken) {
logger.debug("Processing a CrowdSSOAuthenticationToken");
authenticatedToken = this.authenticateCrowdSSO((CrowdSSOAuthenticationToken)authentication);

return authenticatedToken;

 As a result the UI displays the following:

No AuthenticationProvider found for

I had to replace the implementation with authenticationToken.getDetails() != null but I am unsure of the intended direction here, going back before version 3 of this library it seems like it was a completely different implementation for this method.

I have written a blog about the topic to provide some more context and a bitbucket repo exists which replicates the issue.

I would really like to get rid of these hacks to get the platform working because otherwise it's actually a very neat solution.


3 answers

0 votes

Update: Atlassian Support has added this bug.

0 votes

Hi Jonathan,

Sorry to necro this thread but wowwwww.

Indeed, your solution solves this (to me very glaring) bug.

Have you contacted Atlassian about this? Do you know if there's a Jira issue tracking it? I downloaded Crowd v4.2.2 and it's still there. Just curious if this has been brought to their attention already before I do.

Thanks for doing the legwork on this, too. I was pulling my hair out for a day or so.


Hi Graham,

I didn’t raise anything directly at the time and given atlassian are going into maintenance mode for self hosted apps I’d be surprised if it ever gets fixed tbh. 

feel free to reach out to them however, it’s not ideal is it!



They're still developing and supporting Crowd (with their Data Center licencing tier) and we're still married to it because it runs on-prem, so I submitted a support request that should percolate into a bug in their Jira.

I'll update this thread for posterity with the bug key once it's created. Hopefully this helps someone else down the line.

Thanks for tracking it down. A bit of an annoyance to work around it with a subclass, but at least i have springsec working.


Hi Jonathan,

I have these problems too. In one case I see a no provider error, in the other case I see a DAO provider error (password).

Did you find a way to solve your problems? Your documentation link won´t work any more.


I tried your codes from Bitbucket but my error is still the same.

Do you have more information?


I asked the Community too:




Hi Uli, The code from the Bitbucket repo should work ok I seem to have lost that blog however :(

I have updated the repo with a Readme for use without the blog, I have also updated to Crowd 3.7 and tested, all is ok still. I also added the build file to actually create the crowd server in docker from scratch to make it more independent for quickly testing different versions.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events