Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

How can I use custom authentication while still getting crowd groups in Fisheye

Eli Kim Rising Star Dec 08, 2013

We have developed our own custom authenticator. The back-end is still Crowd but we wanted things different from username/password. We have it working correctly however by doing this we are unable to bring in CROWD groups. In the AuthToken I do not see anything relating a user to groups. Is there any way to get this relationship in? Fisheye only allows for one authentication method but the groups are linked to that authentication only? How would a custom authenticator manage groups?

6 answers

1 accepted

0 votes
Answer accepted
Eli Kim Rising Star Feb 18, 2014

We do not use crowd so no groups is not a deal breaker for us.

Could you please take a look at what we have?

It looks pretty straightforward.

Are we missing anything? Are we doing something different than what is needed?

public class CasFishEyeHttpAuthenticator extends AbstractFishEyeAuthenticator
private static class ExampleAuthToken
implements AuthToken

public String getUsername()
return name;

public String getEmail()
return (new StringBuilder()).append(name).append("@email").toString();

public String getDisplayName()
return (new StringBuilder()).append(name.substring(0, 1).toUpperCase()).append(name.substring(1)).toString();

private final String name;

public ExampleAuthToken(String name)
{ = name;

public CasFishEyeHttpAuthenticator()

public AuthToken checkRequest(HttpServletRequest request)
String username = null;
final HttpSession session = request.getSession();
final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);

if (assertion != null)
username = assertion.getPrincipal().getName();

System.out.println("Alin---get cas assertion:"+username);
if(username != null){
System.out.println("Alin--returning an object");
return new ExampleAuthToken(username);
System.out.println("Alin--returning null");
return null;


public boolean isRequestUserStillValid(String username, HttpServletRequest req)
return true;

public void init(Properties cfg)
throws Exception
System.out.println((new StringBuilder()).append("init(").append(cfg).append(")").toString());
// String property = cfg.getProperty("allow.from");
// remoteAddrs = property == null ? ((Set) (new HashSet())) : ((Set) (new HashSet(Arrays.asList(property.split(",")))));

public void close()

public AuthToken checkPassword(String username, String password)
System.out.println((new StringBuilder()).append("checkPassword(").append(username).append(", ").append(password).append(")").toString());
return new ExampleAuthToken(username);

public AuthToken recreateAuth(String username)
System.out.println((new StringBuilder()).append("recreateAuth(").append(username).append(")").toString());
return new ExampleAuthToken(username);

public boolean hasPermissionToAccess(AuthToken tok, String repname, String constraint)
System.out.println((new StringBuilder()).append("hasPermissionToAccess(").append(tok).append(", ").append(repname).append(", ").append(constraint).append(")").toString());
return true;


0 votes
Eli Kim Rising Star Feb 18, 2014

This is currently not possible. There is a ticket to make this possible

Hi, we are facing a related issue that you seem to have already solved. Could you please advise?

We wrote a custom authenticator, Fisheye is configured to use it, I can test it using the interface and the *.log file also displays the expected messages. The user exists and is also configured to use custom authentication.

The custom authenticator overwrites the checkRequest method and it returns, as needed, a non null token. But, although the custom authenticator is called and it returns a token, Fisheye still displays the login screen.

Please advise on what else prevents the user from being logged in.

Eli Kim Rising Star Feb 18, 2014

I extended the AbstractFishEyeAuthenticator, re-implemented checkRequest and hasPermissionToAccess. In addition recreateAuth and checkRequest, both needed to return my own implementation of AuthToken.

The shortcoming with custom authentication is if you use Fisheye with Crowd to manage the groups. Fisheye currently has no way to have a custom authentication and manage groups from within Crowd like JIRA and Confluence offers.

HUGE shortcoming for us... made the custom authenticator useless for us until Atlassian decides to either open it up in the plugin code so that we can do it ourselves or they do it so that groups and authentications aren't mixed together.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events