Support for embedded Crowd (Jira)

[eirikb]

Hi

I'm struggling to authenticate against Jira with embedded Crowd using this plugin.
Jira is throwing a NullPointerException on createSessionEntityWithMinimalUser, I tried calling this directly using curl, and I get the same error. I think the interface for Jira might be a bit different.

Then I did some tcpdumping of other applications which has this working (e.g., bitbucket), and turns out instead of the end point rest/usermanagement/1/session they use rest/usermanagement/1/authentication, and this did indeed work with curl. I'm not sure if it would be possible to simply replace the endpoint (+ querystring and body) and it would "just work", or even still work for Crowd standalone.

This is a gist of my curl:

curl -X POST \
"http://jiraserver/jira/rest/usermanagement/1/authentication?username=eirikb" \
-H "Authorization: Basic AppAuth" \
-H "Accept: application/json" \
-H "Content-Type: text/xml" \
-d '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><password><value>MyPassword</value></password>'

Noticed the nexus-crowd-plugin also use this endpoint: https://github.com/PatrickRoumanoff/nexus-crowd-plugin/blob/master/src/main/java/org/sonatype/nexus/plugins/crowd/client/rest/RestClient.java#L152

[martinspielmann]

i'll try to have a look at it asap. Thanks for reporting!

[martinspielmann]

Hi @eirikb, do you have the chance to test if the latest beta release solves your issue? Can be downloaded here: https://github.com/pingunaut/nexus3-crowd-plugin/releases/tag/nexus3-crowd-plugin-3.4.0.beta1

[eirikb]

Hi @pingunaut

That was real quick! But it didn't seem to work, I get this error in the output: *UNKNOWN com.pingunaut.nexus3.crowd.plugin.CrowdAuthenticatingRealm - doGetAuthenticationInfo for eirikb, not sure if that means I have done something wrong in the setup.

I did a quick tcpdump, and I notice the endpoint is now /jira/rest/usermanagement/1/authenticate, but I should be /jira/rest/usermanagement/1/authentication?username=eirikb.

You probably need some way to test the connection, although I don't know how, perhaps you can run Jira locally? I'm testing against company install, which I don't control or know how is set up.

[martinspielmann]

Hi @eirikb, I'm sorry, you are perfectly right. "authentication" is correct. :man_facepalming:

Fixed version here: https://github.com/pingunaut/nexus3-crowd-plugin/releases/download/nexus3-crowd-plugin-3.4.0.beta2/nexus3-crowd-plugin-3.4.0.beta2.jar

[eirikb]

Hi, now the endpoint is correct, but username is still sent in body, and not as querystring, and the body is JSON, I think it actually have to be XML, but not 100% sure.
I did some tests, and was only able to make it work with XML, as in my curl command above.

[martinspielmann]

Thanks again for your testing and feedback. As you might have guessed, i don't have a current test installation, but i'll try to ght one up and running asap. I hope to be able to help you more effective then

[eirikb]

Yeah I understand that, so this is a tedious way to test it. Perhaps it would be better if I could run it locally, or find a way for you to run Jira locally.
I can't find any official docker Jira image by Atlassian, but this might work: https://hub.docker.com/r/cptactionhank/atlassian-jira/ , you probably need to start evaluation to make it run.

Basically: docker run --rm -it -p 8080:8080 cptactionhank/atlassian-jira

[rogeroberg]

I am in need for this feature aswel!. I can help with testing if needed also

[martinspielmann]

alright @eirikb and @rogeroberg , there is a new release available: https://github.com/pingunaut/nexus3-crowd-plugin/releases/tag/nexus3-crowd-plugin-3.4.0.beta3

Tested with nexus oss 3.9.0-01 and jira 7.8.0. I'll also test it using plain crowd during the next days. Would be great if you could have a look at it.

[martinspielmann]

OK tested with standalone Crowd. Release jar is now prepared and can be downloaded here: https://github.com/pingunaut/nexus3-crowd-plugin/releases/tag/nexus3-crowd-plugin-3.4.0

[martinspielmann]

merged and released with https://github.com/pingunaut/nexus3-crowd-plugin/releases/tag/nexus3-crowd-plugin-3.4.1