Hello,
I finally solved my problem. I was inspired by GitHub - AngusWarren/remoteuserauth.
I derived the seraph authenticator from JiraSeraphAuthenticator and rewrote my code as :
public Principal getUser(HttpServletRequest request, HttpServletResponse response) {
Principal user = null;
if (request.getSession() != null
&& request.getSession().getAttribute(JiraSeraphAuthenticator.LOGGED_IN_KEY) != null) {
LOGGER.info("Session found; user already logged in");
user = (Principal) request.getSession().getAttribute(JiraSeraphAuthenticator.LOGGED_IN_KEY);
return user;
}
LOGGER.debug("Trying REMOTE_USER for SSO");
String remoteuser = request.getRemoteUser();
if (StringUtils.isEmpty(remoteuser)) {
LOGGER.debug("remote_user is null");
return null;
}
LOGGER.info("remoteuser = [" + remoteuser + "]");
if (StringUtils.indexOf(remoteuser, '@') > -1) {
String[] username = StringUtils.split(remoteuser, "@");
if (ArrayUtils.isNotEmpty(username)) {
LOGGER.debug("username = [" + username.length + "] username[0] = ["
+ (username.length > 1 && StringUtils.isNotEmpty(username[0]) ? username[0] : "")
+ "] username[1] = ["
+ (username.length > 2 && StringUtils.isNotEmpty(username[1]) ? username[1] : "") + "]");
if (StringUtils.isNotEmpty(username[0])) {
user = getUser(username[0]);
}
}
} else {
user = getUser(remoteuser);
}
if (user != null) {
LOGGER.info("Logging in with username : [" + user.getName() + "]");
request.getSession().setAttribute(JiraSeraphAuthenticator.LOGGED_IN_KEY, user);
request.getSession().setAttribute(JiraSeraphAuthenticator.LOGGED_OUT_KEY, null);
}
return user;
}
The method getUser(username) contains the necessary code to call the SOAP Web Service to interrogate the authorizations repository.
It works fine !!