It depends on what level of validation you want/need to support. There are few options. As you mentioned you can validate the message at the local/commit level:
The first example, while a little hard-coded, basically checks the message format. While being a little naive, this can be surprisingly effective. Somewhat similar to the other responses you could also write a script to ping a known JIRA and check the existance of the JIRA issue and fail if it can't be found. The problem with this is that every commit will take a few seconds, which might get annoying.
Finally, just for completeness, you can also enforce the commit message on the Stash side:
I wouldn't actually recommend this. Sure, ideally the server would enforce this for you, but the realities of DVCS are that you can't really control content in the same way that you might for SVN. A push containing 100 news commits is going to be a nightmare to rewrite if one of those commits is missing a JIRA key. Depending on your workflow you might enforce that everyone has to create a Pull Request instead of pushing to master and that the branch has to contain a JIRA keys.
The first suggestion, enforcing at the local commit level, is what I would suggest to start with. The biggest hurdle with ths approach is distributing/managing the hooks across your organisation and users.
Regarding validation of issue state, this might be of interest too:
I hope some of that helps.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot