I have a custom rest service plugin on my jira instance, and I also have table panel plugin.
The table panel calls the rest service, processes the JSON response and presents the data in the table panel. This works.
The trouble is that I want to pass the user context of the user logged into Jira (viewing the table table panel) over to the rest service that is called by it.
I know that on the table panel you get the user passed in as "remoteUser":-
public List getActions(Issue issue, User remoteUser) {
I can get the name of the user here, but I also need the password. At the moment I use something like this to connect to the service:-
String auth = new String(Base64.encode("username" + ":" + "password")) ClientResponse response = webResource.queryParam("Pkey", pkey) .header("Authorization", "Basic " + auth) .type("application/json") .accept("application/json") .get(ClientResponse.class);
How can I get the password to use in the connection for the user logged in, or is there some other way I can pass over the whole user context and use it to connect? I realise being able to get the password might be a security hole, so how can this be achieved?
Community moderators have prevented the ability to post new answers.
The trick is not to get the password, but get the user session ID. This nis then passed back again as a cookie that all REST services will automatically consume and authorise (assuming user session has not expired)
Map sessionMap = ActionContext.getSession(); String sessionId = ((String) sessionMap.get("ASESSIONID")).replaceAll("[0-9a-z]*-", ""); // HttpClient client = new HttpClient(); //Asssuming GET GetMethod method = new GetMethod(url); //pass session ID as cookie method.setRequestHeader("Cookie", "JSESSIONID=" + sessionId);
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.