Hi All.
We use our own JIRA plugin and we do some HTTP requests from it to JIRA REST API, other plugins REST API, and also to Confluence REST API, which is connected to JIRA with application links.
What I did - I just used RequestFactory from SAL - https://developer.atlassian.com/docs/atlassian-platform-common-components/shared-access-layer/sal-services
final Request<?> request = requestFactory.createRequest(MethodType.GET, fullUrl); request.addTrustedTokenAuthentication(); // this takes username from ThreadLocal
Code is taked from example there.
It works fine with JIRA-6, but after I updated jira-api to 7.0.2 - it now dependes on sal-api-3.0.3. And there are no such methods in Request:
- addTrustedTokenAuthentication()
- addTrustedTokenAuthentication(String username)
- setRequestContentType(String contentType) // I usually put JSON there
There are no instructions either in documentation or javadoc why it was removed or what I should use instead.
Perhaps I missed one of changelogs - but can't find anything useful there
- https://confluence.atlassian.com/jirasoftware/jira-software-7-0-x-release-notes-776997721.html
- https://developer.atlassian.com/jiradev/latest-updates/preparing-for-jira-7-0/jira-7-0-api-changes
What should I use instead? The only thing is coming to my mind to use basic authentication - but that means I have to store passwords somewhere as plain text, which is not what I want.
Community moderators have prevented the ability to post new answers.
SAL's com.atlassian.sal.api.net.RequestFactory
is good for making arbitrary HTTP requests. But imho in case of application links it's better to:
com.atlassian.applinks.api.ApplicationLinkService
to get the ApplicationLink
JiraAuthenticationContext.setLoggedInUser()
.Use the link to create the ApplicationLinkRequestFactory
:
ApplicationLinkRequestFactory requestFactory = appLink.createAuthenticatedRequestFactory();
Use requestFactory
to make the ApplicationLinkRequest
.
Using the application link will also use the configured authentication method for that link. If it is configured to use the currently logged in user, than you can "overwrite" that user for your request by explicitly setting the authenticated user, see step 2.
Unfortunately, for arbitrary HTTP requests I also see no other way than using SAL and basic authentication.
Thank you very much for the answer. Actually, I already found out this yesterday and rewrote my code - works fine. More than that, I found TrustedRequestFactory interface which appeared in SAL-3. Have to add sal-trusted-api to dependency. (not added by default). It can be good for other trusted HTTP requests which are not good (for some reason) for ApplicationLinkRequestFactory.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.