This documentation relates to an earlier version of FishEye.
View

Unknown macro: {spacejump}

or visit the current documentation home.

To implement an arbitrary form of authentication and authorisation for FishEye you need to provide a class which extends com.cenqua.fisheye.user.plugin.AbstractFishEyeAuthenticator. You can find more information about custom FishEye authorisation in the online javadocs and the library jar.

For FishEye to use the authenticator, it must be compiled, placed in a jar archive and then put in the $FISHEYE_INST/lib directory. If other third-party libraries are required by your authenticator, they must also be in the $FISHEYE_INST/lib directory.

Global Configuration

After implementing a custom authenticator, the next step is to configure FishEye to use it.

Click the 'Setup Custom authentication' link on the FishEye 'Admin' -> 'Security' page.

You will be presented with a form containing the following fields to be set:

Classname

The fully qualified class name of your AbstractFishEyeAuthenticator, e.g. com.cenqua.fisheye.user.plugin.ExampleFishEyeAuthenticator.

Cache TTL (positive)

How long FishEye should cache permission checks. Example values are: 0 secs, 5 mins.

Auto-add

FishEye can automatically create a user it has not previously encountered if the user can successfully authenticate against your authenticator.

Properties

Any properties your authenticator requires. These will be passed to its init() method. This field should comply with the java.util.Properties format. Example:

 
# comments
name1=value1
name2=value2

Per-Repository Constraint Configuration

You may also require a per-repository constraint to restrict access to specific repositories using your custom authenticator. If a custom authenticator is set, then the Permissions Summary table will display the constraint per repository and a link to enable you to edit it.

When using FishEye's built-in groups in conjunction with a custom authenticator, a user will have access to a repository if:

  1. the user is in an allowed group for the repository
  2. or the hasPermissionToAccess method of the custom authenticator returns true.

The 'Authentication Test' page allows you to enter a user's credentials and to test the user's authentication. It will also test which repositories the user is authorised to access.

3 Comments

  1. Anonymous

    Mar 26, 2010

    The javadocs mention example classes which derive from this class. i.e. ExampleFishEyeHttpAuthenticator. Where is the source for these files.

    1. Edwin Dawson [Atlassian Technical Writer]

      Jul 03, 2012

      Hi there, you can find information on these classes on this page: http://www.cenqua.com/crucible/doc/latest/admin/security/customauth.html, and you can download a zip file of the source code.

      More information for development is available in the FishEye and Crucible Development Hub.

      I hope this helps, please let me know if you have any other questions.


      Edwin Dawson
      Technical Writing Team Leader
      edawson@atlassian.com
      ATLASSIAN - http://www.atlassian.com

  2. Anonymous

    Oct 10, 2011

    The latest documentation mentions the following:

    A constraint could be used (for example) to specify a group that a user must belong to in order to access a repository.

    We used to use com.cenqua.fisheye.AppConfig to get a list of groups (AppConfig.getsConfig().getUserManager().getGroupsForUser(user)) but this appears to have been deprecated in this version of Fisheye.

    What is the correct way to now get a list of groups for a user?



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Blog and update our documentation.

 Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.