JIRA REST API User Impersonation

JIRA is one of the best, if not the best, task management systems on the market. Besides JIRA’s powerful out-of-the-box features, the whole product has rich add-on (plugin) mechanism that can help you customize many JIRA aspects.

JIRA exposes REST API as well that allows building rich ecosystems that support automation of many tasks, creating Issues for example. Sometimes in the systems that act on behalf of many users there is a need to impersonate the user. In other words, third party system will authenticate and access JIRA REST API through service user account, but each Issue that will be created shall have an arbitrary reporter that matches some other JIRA user.

The impersonation can be achieved by writing JIRA plugin for that. There are already ready-to-use plugins for that purpose on the Atlassian Market. The purpose of this article is to demonstrate the power of the JIRA plugin mechanism and how easy we can build the aforementioned impersonation functionality.

Atlassian has an excellent documentation and “Hello World” tutorial that demonstrates how to install Atlassian SDK and build a simple plugin:

Create Hello World Plugin Project

In this article I will assume that you’ve already downloaded the Atlassian SDK.

So let’s begin.

The first step is creating the plugin project by executing the following command:

 

 

I’ve answered the wizard’s questions as:

 

 

The wizard creates the plugin project in the directory named after your artifact id: impersonation.

Navigate to the impersonation folder and open the Maven’s pom.xml. Change the organization’s name and URL. Add a meaningful description. For example:

 

 

Execute the module creation command in the plugin root folder:

 

 

Choose the option 20 (Servlet Filter).

The wizard asks some questions. I’ve entered the following values:

 

 

The wizard will modify the file atlassian-plugin.xml file in the folder src/main/resources. Open that file and change the url-pattern in the servlet filter in order to match the REST API endpoint:

 

 

The plugin is almost done :-).

Open the class ImpersonationServletFilter and implement the filter as:

ImpersonationServletFileter.java

 

 

In the plugin’s root folder run the following command that will build the plugin and start the development of JIRA instance with the plugin installed:

 


Once the JIRA server is up and running, navigate your browser to the following URL:

http://localhost:2990/jira

Login with the following credentials: Username=’admin’, Password=’admin’

This is your first login, so choose the Language and the optional Avatar. After that, press the button Create new Project. Choose the Project management type. Enter the name of the project: Test. Select the cog (top right settings icon) and select User Management after that.

Create 2 new users by pressing the button Create User. I’ve picked the following usernames: alice and bob.

Ok, let’s test the functionality!

In an arbitrary folder of your choice create the following JSON payload file that contains the Issue.

issue.json

 

 

In the same folder execute the following command first:

 

 

The first issue is created.

After that execute the following commands that insert the HTTP header iw-impersonate that contains the name of the user to be impersonated:

 

 

Note in the JIRA dashboard that the issue reporter is no more admin, but rather Alice and Bob.

The plugin enforces that the authenticated user must be JIRA Administrator. Otherwise, the impersonation is skipped.

You can adjust the plugin code in order to meet your needs regarding the permission logic, but in essence that will be a trivial task. The main goal has been achieved, third-party systems can integrate with JIRA and act on behalf of existing JIRA users.