Good day Community!
How are you, health?
I am contacting you because of the problem of obtaining the xsrf token of a specific user. The Jira API has the ability to get an xsrf token for the current logged in user who calls a post function when making a transition.
String token = new JiraWebActionSupport().getXsrfToken();
In this way, you can get a token and, for example, form a link to the transition, like this:
https://myjira.com/secure/WorkflowUIDispatcher.jspa?id=1754649&action=81&atl_token=ABCD-E1FG-2HIJ-KLMN_6fa77287541d758ec0b972fc9fccdbe1e41275ed_lin
If the link is formatted as a button and sent through the post-function as a letter in Outlook, then you can organize a good useful workflow functionality.
My problem is that if I form a button/link and send it to myself in Outlook, then everything works as expected, but if we send a similar letter to a specific user, for example, we get it from a user-picker type field and get his email through a method call getEmailAddress(), with the same button/link and containing the token of the user who sent the email, the other user will receive an "XSRF Security Token Missing" error box. This is because the atl_token in the link is personal. It is taken from the request of the user calling the post function.
How can I get the xsrf token of the user to whom the transition link will be generated and sent? Goal: Generate a valid transition link with the atl_token parameter that will work correctly for a specific user.
I would be grateful for any help in solving this problem.
Solution found:
The button that is generated in the email contains the following link, in an understandable format
<a href=\"" + baseUrl + "/plugins/servlet/new_transition_servlet?issueId=" + issueId + "&actionId=" + actionId + "\">"
In the servlet itself, we already receive the passed parameters, get a valid current xsrf token of the user who makes the transition from email, form a valid link to the transition itself and call the redirect
public class NewTransitionServlet extends HttpServlet {
// other code
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
String issueId = request.getParameter("issueId");
String actionId = request.getParameter("actionId");
String token = new JiraWebActionSupport().getXsrfToken();
String redirectUrl = String.format(
"%s/secure/WorkflowUIDispatcher.jspa?id=%s&action=%s&atl_token=%s",
baseUrl, issueId, actionId, token
);
try {
response.sendRedirect(redirectUrl);
} catch (IOException e) {
// Exception Handling
}
}
We get the baseUrl parameter like this
String baseUrl = ComponentAccessor.getApplicationProperties().getString(APKeys.JIRA_BASEURL)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.