Search code examples
javascriptajaxjiraconfluenceconfluence-rest-api

Confluence REST API request while not being admin ends in 401 error


I am developing confluence blueprint where a user can choose between jira projects and use them for specific jira issues report.

Both instances are connected correctly with each other and I get results but only if I am logged as an admin. With normal user I am getting this:

<status>
   <status-code>401</status-code>
   <message>This resource requires WebSudo.</message>
</status>

Unfortunately I have to get the information from the jira server as AJAX post request with JavaScript and here is my code:

function pickDate(e, state) {
    AJS.$('#spLebenStart').datePicker({
        overrideBrowserDefault: true
    });
    
    getJiraUrl();
}

function getJiraUrl(){
    var appUrl = AJS.contextPath() + "/rest/applinks/1.0/applicationlink/type/jira";
    
    $.ajax({
        type: 'GET',
        url: appUrl,
        data: {
            key: "value"
        }, 
        dataType: "xml",
        success: function (xml){
            jiraID = $(xml).find("id").text();
        },
        complete: function(){
            getJiraProjects(jiraID);
        },
        error: function() {
            alert("ERROR @ getJiraUrl");
        }
    });
}

function getJiraProjects(applicationId){
    var restUrl = AJS.contextPath() + "/rest/applinks/1.0/entities/"+applicationId+"?os_authType=any";
    
    $.ajax({
        type: 'GET',
        url: restUrl,
        data: {
            key: "value"
        },
        dataType: "xml",
        success: function (xml){
            jiraProjectKeys = [];
            $(xml).find("entity").each(function(){
                jiraProjectKeys.push({id: $(this).attr("key"), text: $(this).attr("name")});
            });
        },
        crossDomain: true,
        xhrFields: {
            withCredentials: true
        },
        error: function() {
            alert("ERROR @ getJiraProjects");
        },
        complete: function(){
            AJS.$('#spSelect').auiSelect2({
                placeholder: 'Projekt auswählen...',
                data:jiraProjectKeys,
                multiple: false
            });
        }
    });
}

I have tried to use login information with basic authentication in AJAX but it didn't help. Of course I can hardcode the id in the code but what if it get changed? Its not the best solution imo. How can I manage the websudo problem?


Solution

  • I'm new here (as a contributor) so pardon my newbie bloopers.

    Looks like accessing /rest/applinks/1.0/applicationlink/type/jira indeed requires admin permissions. But there's an undocumented (AFAIK) workaround and this is how I do it.

    There's an Atlassian plugin called Confluence JIRA Plugin. It's bundled with Confluence (hence it should be available in your installation). It provides you with a few cool features allowing JIRA integration (e.g. JIRA and JIRA Chart macros). To provide the integration it also adds a few useful endpoints to your Confluence REST API (which don't require admin access):

    1. /rest/jiraanywhere/1.0/servers or /rest/jira-integration/1.0/servers to list the linked JIRA servers (inlcuding applink id)
    2. /jira-integration/1.0/servers/{INSERT APPLINK ID HERE}/projects to list JIRA projects available to the logged-in user

    Now, per your requirements, I'd hit 1. to get the applink id and then 2. to get the list of the projects. Hope it works with your product versions.

    BONUS - JIRA Proxy

    Another nice endpoint is /plugins/servlet/applinks/proxy. It allows forwarding simple REST requests to the linked JIRA instances. For example /plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fsearch will call JIRA's issue search REST endpoint and list issues available to the user (as in JIRA search). By "simple request" I mean that only GET and POST HTTP methods are supported in the current version (with POST limited to application/xml and multipart/form-data content types). The servlet supports both query-string and HTTP-header parameters. Check out the source of the servlet in plugin's source to get more info as I haven't found any online documentation for it.

    Using this servlet you can get the projects list as well by requesting /plugins/servlet/applinks/proxy?appId={INSERT APPLINK ID HERE}&path=%2Frest%2Fapi%2F2%2Fproject

    Servlets's path in the repo is confluence-jira-plugin/src/main/java/com/atlassian/confluence/plugins/jira/AppLinksProxyRequestServlet.java, but most of the important stuff is in its base class confluence-jira-plugin/src/main/java/com/atlassian/confluence/plugins/jira/AbstractProxyServlet.java