Publishing BeforeUserAuthenticate event during the authentication process
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Environment
Jira Data Center 8.20 and later
Solution
When implementing custom authentication for Jira DC, make sure that BeforeUserAuthenticate event is published before every login attempt.
Example:
1
eventPublisher.publish(new BeforeUserAuthenticate(username));This ensures that all the operations required before a login attempt are performed.
⚠️ The event should be published before each User Directory is searched for the user with the given username.
Please note, that the event requires a username of the user which attempts to log in, so the username has to be known at the moment of publishing.
The event should be published once for every authentication attempt. It should be published only for authentication requests. For example, when implementing custom authenticator or filter, do not publish this event from a place that is called for every request.
Was this helpful?