Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrict Access to REST API

IshanL
IshanL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Hi,

Can any body tell me a good workaround to restrict access to JIRA Rest API? For example I need to block access to certain users etc.. I can restrict it by using Reverse Proxy for given IPs. but Can I do it programtically?

Watch
Like Be the first to like this
5121 views

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Answer accepted
Andy Brook [Plugin People]
Andy Brook [Plugin People]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Implement a plugin using a Servlet Fillter Module (docs), with a pattern matching the REST resource entirely, or parts thereof. Your access logic can be implemented before the rest of the processing chain, and if disallowed for some reason, you can return a 403 authz error.

View More Comments
IshanL
IshanL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Thanks for the answer, I dont think we can use servlet filter as rest API is not handled via servelets.

Like
Andy Brook [Plugin People]
Andy Brook [Plugin People]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

No, I disagree. How do you think the REST API is exposed, eventually? And, having just a Test Case for the above, and echoing out the filtered URL, accessing a test url http://sup-jira:8080/rest/api/2/issue/TEST-1 with a browser I see my filter respond with Filter: http://sup-jira:8080/rest/api/2/issue/TEST-1?null

Like
Andy Brook [Plugin People]
Andy Brook [Plugin People]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

np, please mark as correct answer

Like
IshanL
IshanL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Hi Andy,

It worked with JIRA rest API. I tested and confirmed. Sorry for the misunderstanding. Thanks again for the answer.

Like
Reply
3 votes
David Lemon
David Lemon April 28, 2013

hello,

well jira's REST api is a developers tool to access, data.
well its open for all and cannot be restriceted.

you can just take precautions for not letting other users to access data by grouping and assigning roles.

well would you like to share the complete concern?

View More Comments
IshanL
IshanL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Hi Sohil,

Actually my concern was to restrict all users from accessing rest api. because some third party clients may decrease performance of my jira instance. e.g if they are poorly written etc...

Like
Sameera Shaakun2
Sameera Shaakunthala [inactive]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Can you please put your comments as comments and not answers?

It will make things easy to read. :-)

Like
Andy Brook [Plugin People]
Andy Brook [Plugin People]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Yes but that wasn't the question.

Like
Reply
0 votes
Dmytro Polishchuk
Dmytro Polishchuk January 12, 2017

One more variant

@GET
@Path("/Hello")
@Produces({MediaType.APPLICATION_JSON})
public Response getSurvey(@Context SecurityContext sc){
    if(isAvaliable(sc)){
        return Response.ok(new HelloWorld()).build();
    }

    return Response.ok(new ErrorPage("Not allowed!")).build();
}
 
private boolean isAvaliable(SecurityContext sc){
    Principal userPrincipal = sc.getUserPrincipal();
    if(userPrincipal instanceof ApplicationUser){
        ApplicationUser user = (ApplicationUser) userPrincipal;
 
		//Your restrictions ... For example checking is a member of a specific group

        GroupManager groupManager = ComponentAccessor.getGroupManager();
        if(groupManager.isUserInGroup(user, "administrator")){ 
            return true;
        }
    }
    return false;
}
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events