Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Trusted token requests on JIRA-7

pkozlov
pkozlov November 17, 2015

Hi All.

We use our own JIRA plugin and we do some HTTP requests from it to JIRA REST API, other plugins REST API, and also to Confluence REST API, which is connected to JIRA with application links.

 

What I did - I just used RequestFactory from SAL - https://developer.atlassian.com/docs/atlassian-platform-common-components/shared-access-layer/sal-services

final Request<?> request = requestFactory.createRequest(MethodType.GET, fullUrl);
request.addTrustedTokenAuthentication(); // this takes username from ThreadLocal

Code is taked from example there.

 

It works fine with JIRA-6, but after I updated jira-api to 7.0.2 - it now dependes on sal-api-3.0.3. And there are no such methods in Request:

 - addTrustedTokenAuthentication()

 - addTrustedTokenAuthentication(String username)

 -  setRequestContentType(String contentType) // I usually put JSON there

 

There are no instructions either in documentation or javadoc why it was removed or what I should use instead.

Perhaps I missed one of changelogs - but can't find anything useful there

 - https://confluence.atlassian.com/jirasoftware/jira-software-7-0-x-release-notes-776997721.html

 - https://developer.atlassian.com/jiradev/latest-updates/preparing-for-jira-7-0/jira-7-0-api-changes

 

What should I use instead? The only thing is coming to my mind to use basic authentication - but that means I have to store passwords somewhere as plain text, which is not what I want.

 

Watch
Like Steffen Opel _Utoolity_ likes this
1031 views

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Andreas Ebert
Andreas Ebert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 18, 2015

SAL's com.atlassian.sal.api.net.RequestFactory is good for making arbitrary HTTP requests. But imho in case of application links it's better to:

  1. Use com.atlassian.applinks.api.ApplicationLinkService to get the ApplicationLink
  2. If necessary: Explicitly set the authenticated user via JiraAuthenticationContext.setLoggedInUser().

  3. Use the link to create the ApplicationLinkRequestFactory:

    ApplicationLinkRequestFactory requestFactory = appLink.createAuthenticatedRequestFactory();

  4. Use requestFactory to make the ApplicationLinkRequest.

Using the application link will also use the configured authentication method for that link. If it is configured to use the currently logged in user, than you can "overwrite" that user for your request by explicitly setting the authenticated user, see step 2.

 

Unfortunately, for arbitrary HTTP requests I also see no other way than using SAL and basic authentication.

 

 

View More Comments
pkozlov
pkozlov November 18, 2015

Thank you very much for the answer. Actually, I already found out this yesterday and rewrote my code - works fine. More than that, I found TrustedRequestFactory interface which appeared in SAL-3. Have to add sal-trusted-api to dependency. (not added by default). It can be good for other trusted HTTP requests which are not good (for some reason) for ApplicationLinkRequestFactory.

Like
kravemir
kravemir February 28, 2016

How did you manage to use trusted api? I can't inject TrustedRequestFactory

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events