New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: JRA-15048
Type: Improvement Improvement
Status: Open Open
Priority: Minor Minor
Assignee: Unassigned
Reporter: Diego Alonso [Atlassian]
Votes: 1
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
JIRA

SSO credentials not used in IssueViewURLHandler

Created: 03/Jun/08 08:58 PM   Updated: 03/Jun/08 09:18 PM
Component/s: Refactoring, Security
Affects Version/s: 3.12.3
Fix Version/s: None

Time Tracking:
Not Specified

Participants: Anton Mazkovoi [Atlassian] and Diego Alonso [Atlassian]
Since last comment: 12 weeks, 1 day ago
Labels:


 Description  « Hide
A customer has created a SSO plugin and are facing some specific issues in this context. When they click on the printable link of an issue (i.e: http://jira/lodh/si/jira.issueviews:issue-html/ORGJIRA-13/ORGJIRA-13.html) they get an error page indicating "the user myuser... doesn't exist..."

They examined the Jira code and noticed that the following code is used in the class "com.atlassian.jira.plugin.issueview.IssueViewURLHandler" line 89:

com.atlassian.jira.plugin.issueview.IssueViewURLHandler
user = UserUtils.getUser(request.getRemoteUser());"

And the usage of request.getRemoteUser() instead of the Jira API explains why it doesn't work in that context.

They want to check if it is possible to use:

user = ComponentManager.getInstance().getJiraAuthenticationContext().getUser();

to get user instead of using a direct access to "request.getRemoteUser()" ?

They also noticed that this code (request.getRemoteUser()) is also use in the JSP "webapp.includes.snippets.viewlinkedissuestable.jsp "

In the other requests they don't encounter any problem.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Anton Mazkovoi [Atlassian] added a comment - 03/Jun/08 09:17 PM
This is interesting. The code that inistialises the user stored in JiraAuthenticationContext is the same as the one that decorates the request and makes sure that request.getRemoteUser() returns the right user name.

[ Permlink | « Hide ]
Anton Mazkovoi [Atlassian] added a comment - 03/Jun/08 09:18 PM
Are we absolutrely sure that in the places where request.getRemoteUser() is used, JiraAuthenticationContext is setup correctly?


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators