Hello,
After having developed a plugin doing an OAuth2 authentication on Stash product, I wanted to adapt it to use it into Jira.
I have looked into the Javadoc and I think I have been able to find how to force the authentication as a user without entering the password but after executing login action the session is lost.
Here is my context:
I have a Filter which will start the OAuth2 protocol If the user access to /login.jsp page
<servlet-filter name="OAuth BeforeLogin Filter" key="jira-oauth-pre-filter" class="bean:OAuthFilter" location="before-login" weight="10"> <url-pattern>/login.jsp</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </servlet-filter>
In this filter, I start the protocol OAuth2, It means that I redirect the user to another server (the OAuth2 provider), then this server redirect the user on my callback URL:
http://localhost:2990/jira/plugins/servlet/callback?code=<oauth2_code>
At this moment, I am able to know the name of the user and I want to authenticate him in the application without entering the password.
Here is a part of my Callback.java file:
public class Callback extends HttpServlet { private final PluginSettings pluginSettings; private final LoginUriProvider loginUriProvider; private final TemplateRenderer renderer; private final JiraAuthenticationContext authContext; private final GroupManager groupManager; private final UserUtil userUtil; public Callback(PluginSettingsFactory pluginSettingsFactory, LoginUriProvider loginUriProvider, TemplateRenderer renderer, JiraAuthenticationContext authContext, GroupManager groupManager, UserUtil userUtil) { this.pluginSettings = pluginSettingsFactory.createGlobalSettings(); this.loginUriProvider = loginUriProvider; this.authContext = authContext; this.renderer = renderer; this.groupManager = groupManager; this.userUtil = userUtil; } @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { //This is the "end of OAuth protocol", this URL should be called with a code parameter if(request.getParameter("code") != null){ //We have obtained an OAuth code from UPM String code = request.getParameter("code"); /* I do some stuff related to OAUth protocol and then finally I known the user name to be logged in as oAuthRetrievedUser is a User Jira object */ authContext.setLoggedInUser(oAuthRetrievedUser); response.sendRedirect("/jira"); } }
Just before the line response.sendRedirect, If I execute : authContext.getLoggedInUser(), I have the correct user, but after the redirection, the session seems to not be kept and the user is not logged.
Do you see something I am doing wrong?
Thanks for your help
After having looked to this plugin code:
https://bitbucket.org/pawelniewiadomski/openid-authentication-for-jira/src/0fd4138c2562d376e00ca0d0deb64430609ae12f/src/main/java/com/pawelniewiadomski/jira/openid/authentication/servlet/OpenIdServlet.java?at=master
I did managed to authenticate the user replacing:
authContext.setLoggedInUser(oAuthRetrievedUser);
by
//We authenticate the user final HttpSession httpSession = request.getSession(); httpSession.setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, oAuthRetrievedUser); httpSession.setAttribute(DefaultAuthenticator.LOGGED_OUT_KEY, null);
Could you tell me If this is the correct way to do it ?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.