Authentication context and current user in JCMA migration job

Hello, this is a question related to making authenticated calls from JCMA migration job to a linked Confluence instance.
Scenario: In a Jira Server app, there is a a class that implements CloudMigrationListenerV1 interface, to provide Jira Server to Cloud migration capabilities. This is also the starting point for app’s migration logic. From there, I tried unsuccessfully to fetch data from connected Confluence instance (via HTTP request created using ApplicationLinkRequestFactory. createRequest() method). The Confluence server is connected to Jira by Application Link, the link is working fine in other parts of the application and Jira settings says the link is connected.
It appears that when JCMA runs my custom migration logic, it is executed outside of calling user’s context. As a result, every call from the class that implements CloudMigrationListenerV1 interface to connected Confluence instance is not authenticated and it goes as anonymous, which results in HTTP 403 status. I expected a call made on behalf of the user that initiated JCMA-assisted migration.

Under debugger, I checked the return value of ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser() and com.atlassian.sal.api.user.UserManager.getRemoteUser() from a class that implements CloudMigrationListenerV1 and in both cases the returned value is null. I also get this in Jira log when JCMA runs the migration:

`[c.a.a.core.auth.ApplicationLinkRequestFactoryFactoryImpl] No current user context. Outgoing requests will be anonymous.

Once again, both authenticating and calling connected Confluence instance are working fine in other parts of application. I am not creating any new threads either.

Question: cloud you share any information how to call a connected app from a class that implements CloudMigrationListenerV1?

1 Like

Hi @darop,

Thanks for coming to Developer Community and thanks for your question. In summary, yes you are right. The migration runs in a thread that isn’t attached to the local user.

I did find reference to this before and the posted solution is the best answer

I hope this helps.

Regards,
James.

Hi @jrichards, thank you for the solution. I can confirm that this workaround is working.
Getting the right admin user on the other hand might not be trivial. Do you know if there is an API available to find “first user with admin privileges” in Jira Server? Or is it just about getting any active user that belongs to the site-admins group?

Hi @darop,

I don’t know of a specific API, but you can experiment with the first active user that belongs to the site-admins group as a start.

Regards,
James.