[Jira] Problem while trying to pre authenticate user


After having developed a plugin doing an OAuth2 authentication on Stash product, I wanted to adapt it to use it into Jira.

I have looked into the Javadoc and I think I have been able to find how to force the authentication as a user without entering the password but after executing login action the session is lost.

Here is my context:

I have a Filter which will start the OAuth2 protocol If the user access to /login.jsp page

<servlet-filter name="OAuth BeforeLogin Filter" key="jira-oauth-pre-filter"


                    location="before-login" weight="10">





In this filter, I start the protocol OAuth2, It means that I redirect the user to another server (the OAuth2 provider), then this server redirect the user on my callback URL:


At this moment, I am able to know the name of the user and I want to authenticate him in the application without entering the password.

Here is a part of my Callback.java file:

public class Callback extends HttpServlet


  private final PluginSettings pluginSettings;

  private final LoginUriProvider loginUriProvider;

  private final TemplateRenderer renderer;

  private final JiraAuthenticationContext authContext;

  private final GroupManager groupManager;

  private final UserUtil userUtil;

  public Callback(PluginSettingsFactory pluginSettingsFactory, LoginUriProvider loginUriProvider, TemplateRenderer renderer, JiraAuthenticationContext authContext, GroupManager groupManager, UserUtil userUtil)



  this.pluginSettings = pluginSettingsFactory.createGlobalSettings();  

  this.loginUriProvider = loginUriProvider;

  this.authContext = authContext;

  this.renderer = renderer;

  this.groupManager = groupManager;

  this.userUtil = userUtil;




public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException


	//This is the "end of OAuth protocol", this URL should be called with a code parameter

	if(request.getParameter("code") != null){

		//We have obtained an OAuth code from UPM

	     String code = request.getParameter("code");


		I do some stuff related to OAUth protocol and then finally I known the user name to be logged in as 

		oAuthRetrievedUser is a User Jira object







Just before the line response.sendRedirect, If I execute : authContext.getLoggedInUser(), I have the correct user, but after the redirection, the session seems to not be kept and the user is not logged.

Do you see something I am doing wrong?

Thanks for your help

1 answer

After having looked to this plugin code:

I did managed to authenticate the user replacing:



//We authenticate the user
        		   final HttpSession httpSession = request.getSession();
                   httpSession.setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, oAuthRetrievedUser);
                   httpSession.setAttribute(DefaultAuthenticator.LOGGED_OUT_KEY, null);

Could you tell me If this is the correct way to do it ?


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,283 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you