Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Scriptrunner REST endpoint authentication

Максим Зезин
Максим Зезин July 5, 2017

Hello, I am trying to create REST endpoint to query JIRA REST API in the same instance of JIRA and I have some issues with authorization. While I can use basic authorization, I need to use current logged user context and get rid of hardcoded credentials in endpoint source code.

Here is my script based on some examples on adaptivist site:

import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate
import groovyx.net.http.HTTPBuilder
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.HttpRequest;
import org.apache.http.protocol.HttpContext;
import groovy.json.JsonSlurper;
import groovy.json.JsonBuilder;
import groovyx.net.http.Method
import groovyx.net.http.ContentType
import groovy.transform.BaseScript
import javax.ws.rs.core.MultivaluedMap
import javax.ws.rs.core.Response
@BaseScript CustomEndpointDelegate delegate 

listProjects( 
    httpMethod: "GET") { MultivaluedMap queryParams -> 
def JIRA_REST_URL = "https://jira-test"
def JIRA_API_URL = JIRA_REST_URL + "/rest/api/2/project"
def httpBuilder = new HTTPBuilder(JIRA_API_URL);
httpBuilder.client.addRequestInterceptor(new HttpRequestInterceptor() {
void process(HttpRequest httpRequest, HttpContext httpContext) {
httpRequest.addHeader('Authorization', 'Basic ' + 'user:pass'.bytes.encodeBase64().toString())
}
})
def rt = [:]
def projects = httpBuilder.request(Method.GET, ContentType.JSON) {
            uri.path = "/rest/api/2/project"
            response.failure = { resp, reader ->
                 log.warn("Failed to query JIRA API: " + reader.text)
             }
        }
 
    rt = [
        items: projects.collect { project ->
            [
                   value: project.id,
                   html : project.key,
                   label: project.key,
            ]
        }
    ]
 

return Response.ok(new JsonBuilder(rt).toString()).build();
}

P.S. I am trying to get project list and issue type list and then use convertToSingleSelect() functionality, may be it is possible to do internally, without REST API calls.

 

 

 

Answer
Watch
Like # people like this
7794 views

1 answer

1 accepted

2 votes
Answer accepted
Stephen Cheesley _Adaptavist_
Stephen Cheesley _Adaptavist_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 6, 2017

Hey Максим,

If I understand your request correctly, you would like a Custom REST Endpoint where only authenticated JIRA users can retrieve a list of project information.

I have written an example script that will achieve this using the ScriptRunner REST Endpoints. This example will give you a list of projects with their corresponding issue types.

import com.atlassian.jira.component.ComponentAccessor
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate
import groovy.json.JsonBuilder
import groovy.transform.BaseScript

import javax.servlet.http.HttpServletRequest
import javax.ws.rs.core.MultivaluedMap
import javax.ws.rs.core.Response

@BaseScript CustomEndpointDelegate delegate

getProjects(httpMethod: "GET", groups: ["jira-users"]) { MultivaluedMap queryParams, String body, HttpServletRequest request ->
    // Get the projects
    def pm = ComponentAccessor.getProjectManager()
    def projects = pm.getProjects()

    def rt = [
        items: projects.collect { project ->
            [
                value     : project.id,
                html      : project.key,
                label     : project.key,
                issueTypes: project.getIssueTypes().collect { issueType ->
                    [
                        id  : issueType.id,
                        name: issueType.name
                    ]
                }
            ]
        }
    ]

    return Response.ok(new JsonBuilder(rt).toString()).build()
}


Enforcing Users

The way that this enforces users is that I have set the groups parameter to "jira-users" (line 12). This means that ONLY authenticated JIRA users who are in the jira-users group can access this resource.

You could also achieve this by getting the user and checking it yourself. An example of this approach is in the SR documentation. I would recommend the approach that I have demonstrated as it is more maintainable.

Getting a list of projects

As you suggested in your post, you can get the projects and issue type data without the need to make a call to another rest endpoint. The example I have given you demonstrates how to do this using the ProjectManager utility.

View More Comments
Максим Зезин
Максим Зезин July 6, 2017

Hello, Stephen. Thank you for your answer. It was really like I had been trying to reinvent the wheel with my attempts to use JIRA REST. Your solution is exactly what I need.

 

P.S. I also have found solution for my auth problem : I've forwarded Cookie header from initial endpoint request to JIRA REST.

Like
Bartek Zukowski
Bartek Zukowski January 29, 2018

Hi Максим,

How did you forwarded the Cookie? I ran into the same problem as you - I want to use HTTPBuilder but as a currently logged in user but by default all requests are being sent as anonymous.

Regards,

Bartek

Like Bertrand Schmitt likes this
Hector
Hector
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 11, 2019

Hi @Stephen Cheesley _Adaptavist_

Thanks for the solution, but what if the new rest end-point is being called from behaviour or post-function within the same jira instance? how the authentication would be managed? As far as I could test, current user context authentication is not accessible and can not be cascaded to the rest end-point. Is my understanding the right one?

Thanks in advanced,

Like
Alberto Carrani
Alberto Carrani October 18, 2019

Hi @Stephen Cheesley _Adaptavist_ 
your suggestion worked like a charm for my rest point associated to a behaviour!
Thanks,
Alberto

Like Stephen Cheesley _Adaptavist_ likes this
Stephen Cheesley _Adaptavist_
Stephen Cheesley _Adaptavist_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 18, 2019

Great to hear @Alberto Carrani ! Happy Scripting :-)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events