Jira: Search through Audit log on plugin installation

Hi, I’m writing a Plugin for Jira which needs to query the Audit log when it is enabled/installed. For this, I’m listening for the PluginEnabledEvent that then calls the AuditingService.getRecords method. Unfortunately, I get the error message “You do not have Jira Administrator permission required to get auditing records.”

I’ve come so far to understand that getting the audit log is executed in the name of the user from JiraAuthenticationContext.getLoggedInUser(). Unfortunately, this method returns “null” when it is called from an event listener (which makes sense since it is called without a request context).

I know that I could callJiraAuthenticationContext.setLoggedInUser(ApplicationUser user), but I don’t want to hardcode a user in my code base that has admin permission. Is there a way to run this code as an admin without needing to specify a user (Kinda like the EscalatedSecurityContext in Bitbucket)? Or is there a way to access the audit log “anonymously”?

Tl;dr
I’m looking for a way to get the audit log without a logged-in user.

AuditingStore or AuditingManager should work without checking permissions I would imagine.

Hi, thanks for your reply, the AuditingManager was marked as deprecated. I tried it anyway but it threw the following exception “java.lang.RuntimeException: Client must be authenticated as a system administrator to access this resource.” It again only worked when I manually set an admin user with the
JiraAuthenticationContext.setLoggedInUser(ApplicationUser user) method.

Regarding the AuditingStore, I was not able to test that because I’m unable to import it. I’m probably missing the pom dependency for it but I couldn’t find it anywhere :confused:

I’ve now figured out a solution.

For the plugin initialization, we used this class.

It waits with the plugin initialization until all components are ready. Unfortunately, none of the awaited events/method calls have an authentication context except for the “LifecycleAware” interface. Accessing the JiraAuthenticationContext.getLoggedInUser() during the method invocation of “onStart()” will return a user (The user that installs the plugin). Now we only had to assign this user to a field and then use JiraAuthenticationContext.setLoggedInUser() with the given user as soon as the other events/invocations were done.

1 Like