Plugin with doFIlter gived authentication false whereas I am authenticated

Hello,

I have a small problem with my own stash plugin.

I have implemented a doFilter to manage user authentication.

Here is my atlassian-plugin.xml description:

<component-import key="userService" interface="com.atlassian.stash.user.UserService"/>
    <component-import key="userAdminService" interface="com.atlassian.stash.user.UserAdminService"/>
    <component-import key="securityService" interface="com.atlassian.stash.user.SecurityService"/>

    <component key="OAuthFilter" class="net.exemple.oauth.authentication.OAuthFilter"/>

    <servlet-filter name="OAuth Filter" key="stash-oauth-filter"
                    class="bean:OAuthFilter"
                    location="before-login" weight="10">
        <url-pattern>*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </servlet-filter>

My doFilter function looks like:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    	      throws IOException, ServletException {
    	HttpServletRequest req = (HttpServletRequest) request;
    	HttpServletResponse resp = (HttpServletResponse) response;

    	Boolean standard_authent = false;
		if (req.getParameter("standard-authent") != null) {
			standard_authent = true;
		}
		
		System.out.println("URI => " + req.getRequestURI() + " and Next => " +req.getParameter("next"));
		System.out.println("Is Authenticated ? " + authenticationContext.isAuthenticated() + " with username = " + authenticationContext.getCurrentUser());
		
		
		if(req.getRequestURI().equals("/stash/login")){
			if( !standard_authent ){
				//I do some stuff to authenticate enduser
				//with the preauthenticate method
			}
		}
	    chain.doFilter(req, resp);
	}

Let's say I type:

http//localohost:7990/stash/login?standard-authent=true

I will then get the standard login form and I enter admin credentials. I access to project the page.

Now If I refresh the projects page, I can see that in the logs:

[INFO] [talledLocalContainer] URI => /stash/projects and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/mvc/projects and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/rest/inbox/latest/pull-requests/count and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/plugins/servlet/dev-toolbar and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] 2013-05-21 11:39:47,186 DEBUG [http-bio-7990-exec-18] admin 699x2289x2 1iauojk 172.16.231.139 "GET /rest/inbox/latest/pull-requests/count HTTP/1.1" c.a.s.p.inbox.rest.InboxResource Retrieving pull request count for user Administrator
[INFO] [talledLocalContainer] URI => /stash/projects/PROJECT_1/avatar.png and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/mvc/projects/PROJECT_1/avatar.png and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/rest/api/latest/profile/recent/repos and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null

Each time I enter in my doFilter I am considered as unauthenticated whereas I can access all pages and I also can see my user loggedin name:

[INFO] [talledLocalContainer] 2013-05-21 11:39:47,186 DEBUG [http-bio-7990-exec-18] admin 699x2289x2 1iauojk 172.16.231.139 "GET /rest/inbox/latest/pull-requests/count HTTP/1.1" c.a.s.p.inbox.rest.InboxResource Retrieving pull request count for user Administrator

Am I missing something ?

Thanks for your help !

1 answer

1 accepted

Accepted Answer
2 votes
Jason Hinch Atlassian Team May 21, 2013

servlet-filter modules allow you to intercept requests at different parts of the filter change. For the full list and a description of each see the servlet-filter module documentation. In your situation you are using the 'before-login' location which means it will be applied before any of Stash's authentication filters. As a result stash doesn't know that a user is logined in yet for that request.

You may want to investigate using the http-authentication-handler module instead. This has the benefit of allowing you to specify a 'weight' if you would prefer to take lower precedence than Stash's standard authentication.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Featured Groups

Tuesday tips & tricks: What is the Atlassian Community?

It's officially Tuesday, which means it's officially time for another tip to help you better navigate this space we call the Atlassian Community. 😄 I got a great question from community member, Sa...

99 views 3 7
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you