How To Prompt for Login after session timeouts when a WebItem is clicked?

I have a webitem with servlet on the system top navigation bar.

Even after the session timeouts(cleared the browser cache), the webitem still displays the Form.
I wanted to make the user to login by providing their username and password.

I tried the steps provided in this link but it didn’t go to the exception part. Also it prompts for Administrative Access not the Jira User access.

Even i have the IsUserLoggedInCondition in my webitem condition, i read that this will only show/hide the webitem.

Someone please help me to fix this.

In my servlet’s ```doGet`` method, I have this code:

    @Nullable ApplicationUser user =
        jiraAuthenticationContext.getLoggedInUser();
    if (user == null) {
        HttpUtils.sendRedirectToLogin(req, res, loginUriProvider);
        return;
    }

The loginUriProvider is injected into my servlet’s constructor as an instance of com.atlassian.sal.api.auth.LoginUriProvider.

Here is my HttpUtils class:

public final class HttpUtils {

    /** Prevents instantiation */
    private HttpUtils() {
        throw new UnsupportedOperationException("Attempt to instantiate utility class");
    }

    public static String relativeRequestUri(HttpServletRequest req) {
        String requestUri = req.getRequestURI();
        String contextPath = req.getContextPath();
        // If there is a context path, then we want to remove it from the start of the request URI
        // so that we are always redirecting to a relative location.
        return Strings.isNullOrEmpty(contextPath) 
             ? requestUri 
             : requestUri.substring(contextPath.length());
    }

    public static void sendRedirectToLogin(
        HttpServletRequest req, 
        HttpServletResponse resp,
        LoginUriProvider loginUriProvider) throws IOException {
            resp.sendRedirect(
                loginUriProvider.getLoginUri(URI.create(relativeRequestUri(req))).toString()
            );
    }
}
1 Like

@david.pinn Thanks a lot for your reply.
This worked as expected.
Also can you help me to do the same for webwork action class?

It’s been too long since I’ve worked with webwork. I notice, though, that there’s a Redirect action in Jira’s source: webwork.action.standard.Redirect.

In AtlassianPlugin.xml added the below view in the webwork

    <view name="securitybreach">/secure/views/securitybreach.jsp</view>

And in doExecute Method added the below code.

public String doExecute() throws Exception {
	if(authenticationContext.getLoggedInUser() == null)
        {
           return "securitybreach";
         }
 }

This prompts the Login Page.

Appreciate your help. Thanks

Just for reference: if your current URI contains a query string, make sure you pass it along when building the redirect URI. This is to make sure Jira redirects to the exact same page after successful login.

See example here: https://developer.atlassian.com/server/framework/atlassian-sdk/control-access-with-sal/

private void redirectToLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
    response.sendRedirect(loginUriProvider.getLoginUri(getUri(request)).toASCIIString());
}
private URI getUri(HttpServletRequest request){
    StringBuffer builder = request.getRequestURL();
    if (request.getQueryString() != null)
    {
        builder.append("?");
        builder.append(request.getQueryString());
    }
    return URI.create(builder.toString());
}
1 Like