Unable to get data from Confluence API using AtlassianHostRestClient in Connect App

This is the code,

String response1A = restClients.authenticatedAs(hostUser).getForObject("/wiki/rest/api/space/", String.class); // sorry actually the base Url is already present in hostUser so removed now.

The code above receives the Error as: 403 Forbidden

When trying with the code,

RestTemplate restTemplate = new RestTemplate();
restTemplate.getInterceptors().add(new BasicAuthorizationInterceptor("xyzrom@senecaglobal.com", “xyzrmo”));
try {
String response2 = restTemplate.getForObject(“https://xyzglobal.atlassian.net/wiki/rest/api/space/”, String.class);
System.out.println(response2);
} catch (Exception e) {
System.out.println(e);
}

This code works fine and receives data in response2 but not in response1A.

Please help!

Hi @ramjeevan.tadi,

Assuming you have ACT_AS_USER scope, how are you getting hostUser to be authenticated as when calling the REST API?

Cheers,
Ian

@iragudo Thank you for the response!

Yes in app descriptor file,
“scopes”: [“READ”, “WRITE”, “ACT_AS_USER”]

Add-On or Plugin is installed in Jira ( Spring Boot Connect App)

UserController Class:

   @RequestMapping(value = "/cidiControl", method = RequestMethod.GET)
public String cidiControl(@AuthenticationPrincipal AtlassianHostUser hostUser,
		@ModelAttribute("mychoice") SelectChoice mychoice, Model model) { 

 **result = CliSatSer.getCidiMethod(hostUser, projectChosen);** // passing hostUser to Service Class and then to @Async method where executes the RestApis in threads.

   model.addAttribute("CIDI_Data", result);
     return "cidiView";
  }

My Assumption:

If I check in hostUser object, there the base URL is www.xyx.atlassian.net , for Confluence the base URL may be www.xyx.atlassian.net/wiki

Is this the problem for receiving Forbidden 403 error when using restClients?

When using basic auth with restTemplate, its fine.

I haven’t personally experienced this error in relation to the base URL.

For the hostUser object, have you inspected the accountID if it corresponds to the user you want to impersonate (assuming it is xyzrom@senecaglobal.com based on your basic auth example)?

EDIT:
Also, have you tried restClients.authenticatedAsHostActor().getForObject()?

@iragudo Thank you for the quick response!

Yeah, I even tried with restClients.authenticatedAsHostActor().getForObject() but still 403 Forbidden error

Yes using basic Authentication is working!

and from hostUser object, the user is available and have access to both Jira and Confluence.

Please refer the attached hostUser object.

Just Assuming:

Is AtlassianHostRestClients only supports Jira?

from 403 Forbidden, we know that the user is Authorized but no access to the resources (Is there any configuration to whitelist this access?)

Based on the docs, it supports Confluence too.

To personally test it, I tried doing a basic app right now that uses postInstallPage module. Clicking the Getting started button, I called this method and was able to get the expected response

    @RequestMapping(value = "/data", method = GET, produces = "application/json")
    public AtlassianHostUser getData(@AuthenticationPrincipal AtlassianHostUser hostUser) {
    	String response1A = atlassianHostRestClients.authenticatedAs(hostUser).getForObject("/rest/api/space/", String.class); 
        return hostUser;
    }

Checking your screenshot, I noticed that the productType is Jira even if what you’re trying to do is a Confluence app. Your error might have something to do with the incorrect productType and possibly baseUrl.

Checking my AtlassianHostUser I got the following (notice the trailing /wiki in the baseUrl and productType which is different from yours)

Cheers,
Ian

1 Like

@iragudo Hi! Thank you for the response.

Yeah, I too tried installing the app in Confluence domain and then got the hostUser details as yours.

When the app is installed in Confluence and tried using Confluence domain credentials, I get the error below,

org.springframework.web.client.HttpServerErrorException: 500 Internal Server

                 @RequestMapping(value = "/cidiControl", method = RequestMethod.GET, produces = "application/json")
               public String cidiControl(@AuthenticationPrincipal AtlassianHostUser hostUser,             
                @ModelAttribute("mychoice") SelectChoice mychoice, Model model)
		throws IOException, JSONException, ParseException, InterruptedException, ExecutionException {
	isProjectSelected(mychoice);
	Map<String, CIDIData> result = new HashMap<String, CIDIData>();

		 String response1A = restClients.authenticatedAs(hostUser).getForObject("/rest/api/space", String.class);
     return null;

Its no even working with confluence details :frowning:

Any mistakes in my code?

I cannot see any glaring issue on the code snippet you provided. In order to have the same base code and progress the investigation, kindly share a repository of the app wherein you can hit the current error. It need not be the app with all the functionalities, just enough to run it and replicate the issue.

Hi @iragudo

Yeah, just created a sample and uploaded to gitHub,

Please guide me if the code has errors.

Presently, the code returns the error massage as “500 Internal Server Error”

Thanks, @ramjeevan.tadi, the repo made it much easier to debug. I changed two things to make the code work:

  1. Remove PROJECT_ADMIN scope in your descriptor file. It is not a valid Confluence scope. Based on testing this caused the status 500 you mentioned.
  2. Once #1 is fixed, I am experiencing some thymeleaf related exceptions in your cidiControl mapping. To progress, I changed @Controller to @RestController in UserController.

These two changes worked for me. I didn’t do any PRs but these changes are pretty straight forward to do.

Cheers,
Ian

1 Like

Wooo! It worked for Confluence thing!

@iragudo Thank you so much!

Followed the steps 1 and 2 in the source code and got the response data.

However, the requirement is like, the app will be installed in Jira domain and using Jira credentials, will call Confluence cloud REST APIs.

Still says : 403 Forbidden when tried the req. above

Is it a Cross Domain Resource Sharing issue?
As you said, may be the issue is with productType, OAuthID and baseUrl are different for call Confluence APIs.

Any workaround installing apps both in Jira and Confluence, making calls or any settings in Confluence need to be check?