Plugin with doFIlter gived authentication false whereas I am authenticated

Hello,

I have a small problem with my own stash plugin.

I have implemented a doFilter to manage user authentication.

Here is my atlassian-plugin.xml description:

<component-import key="userService" interface="com.atlassian.stash.user.UserService"/>
    <component-import key="userAdminService" interface="com.atlassian.stash.user.UserAdminService"/>
    <component-import key="securityService" interface="com.atlassian.stash.user.SecurityService"/>

    <component key="OAuthFilter" class="net.exemple.oauth.authentication.OAuthFilter"/>

    <servlet-filter name="OAuth Filter" key="stash-oauth-filter"
                    class="bean:OAuthFilter"
                    location="before-login" weight="10">
        <url-pattern>*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </servlet-filter>

My doFilter function looks like:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    	      throws IOException, ServletException {
    	HttpServletRequest req = (HttpServletRequest) request;
    	HttpServletResponse resp = (HttpServletResponse) response;

    	Boolean standard_authent = false;
		if (req.getParameter("standard-authent") != null) {
			standard_authent = true;
		}
		
		System.out.println("URI => " + req.getRequestURI() + " and Next => " +req.getParameter("next"));
		System.out.println("Is Authenticated ? " + authenticationContext.isAuthenticated() + " with username = " + authenticationContext.getCurrentUser());
		
		
		if(req.getRequestURI().equals("/stash/login")){
			if( !standard_authent ){
				//I do some stuff to authenticate enduser
				//with the preauthenticate method
			}
		}
	    chain.doFilter(req, resp);
	}

Let's say I type:

http//localohost:7990/stash/login?standard-authent=true

I will then get the standard login form and I enter admin credentials. I access to project the page.

Now If I refresh the projects page, I can see that in the logs:

[INFO] [talledLocalContainer] URI => /stash/projects and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/mvc/projects and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/rest/inbox/latest/pull-requests/count and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/plugins/servlet/dev-toolbar and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] 2013-05-21 11:39:47,186 DEBUG [http-bio-7990-exec-18] admin 699x2289x2 1iauojk 172.16.231.139 "GET /rest/inbox/latest/pull-requests/count HTTP/1.1" c.a.s.p.inbox.rest.InboxResource Retrieving pull request count for user Administrator
[INFO] [talledLocalContainer] URI => /stash/projects/PROJECT_1/avatar.png and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/mvc/projects/PROJECT_1/avatar.png and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null
[INFO] [talledLocalContainer] URI => /stash/rest/api/latest/profile/recent/repos and Next => null
[INFO] [talledLocalContainer] Is Authenticated ? false with username = null

Each time I enter in my doFilter I am considered as unauthenticated whereas I can access all pages and I also can see my user loggedin name:

[INFO] [talledLocalContainer] 2013-05-21 11:39:47,186 DEBUG [http-bio-7990-exec-18] admin 699x2289x2 1iauojk 172.16.231.139 "GET /rest/inbox/latest/pull-requests/count HTTP/1.1" c.a.s.p.inbox.rest.InboxResource Retrieving pull request count for user Administrator

Am I missing something ?

Thanks for your help !

1 answer

1 accepted

2 votes
Accepted answer
Jason Hinch Atlassian Team May 21, 2013

servlet-filter modules allow you to intercept requests at different parts of the filter change. For the full list and a description of each see the servlet-filter module documentation. In your situation you are using the 'before-login' location which means it will be applied before any of Stash's authentication filters. As a result stash doesn't know that a user is logined in yet for that request.

You may want to investigate using the http-authentication-handler module instead. This has the benefit of allowing you to specify a 'weight' if you would prefer to take lower precedence than Stash's standard authentication.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published 5 hours ago in Agile

How Scrum works? It starts with training and education

To answer “How scrum works,” most of the teams I've worked with first addressed the question: “where to start?”  That question applies to both implementation and improvements on the Scrum framew...

69 views 2 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you