Store password and token in session object

src/main/java/org/opendevstack/provision/authentication/crowd/CrowdAuthenticationAdapter.java

@@ -61,7 +61,7 @@ public String getUserName() {
 
   /** @see IODSAuthnzAdapter#getToken() */
   public String getToken() {
-    return userPassword.getPassword();
+    return userPassword.getToken();
   }
 
   /** @see IODSAuthnzAdapter#getUserEmail() () */

src/main/java/org/opendevstack/provision/authentication/crowd/CrowdSecurityConfiguration.java

@@ -14,6 +14,8 @@
 
 package org.opendevstack.provision.authentication.crowd;
 
+import com.atlassian.crowd.embedded.api.PasswordCredential;
+import com.atlassian.crowd.exception.*;
 import com.atlassian.crowd.integration.http.CrowdHttpAuthenticator;
 import com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl;
 import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper;
@@ -25,20 +27,24 @@
 import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
 import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsService;
 import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl;
+import com.atlassian.crowd.model.authentication.UserAuthenticationContext;
+import com.atlassian.crowd.model.authentication.ValidationFactor;
 import com.atlassian.crowd.service.client.ClientProperties;
 import com.atlassian.crowd.service.client.ClientPropertiesImpl;
 import com.atlassian.crowd.service.client.CrowdClient;
 import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
+import java.util.List;
 import java.util.Properties;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSessionListener;
 import org.jetbrains.annotations.NotNull;
 import org.opendevstack.provision.authentication.ProvAppHttpSessionListener;
+import org.opendevstack.provision.authentication.SessionAwarePasswordHolder;
 import org.opendevstack.provision.authentication.filter.SSOAuthProcessingFilter;
 import org.opendevstack.provision.authentication.filter.SSOAuthProcessingFilterBasicAuthHandler;
 import org.opendevstack.provision.authentication.filter.SSOAuthProcessingFilterBasicAuthStrategy;
@@ -99,6 +105,8 @@ public class CrowdSecurityConfiguration extends WebSecurityConfigurerAdapter {
   @Autowired(required = false)
   private BasicAuthenticationEntryPoint basicAuthEntryPoint;
 
+  @Autowired private SessionAwarePasswordHolder userPassword;
+
   @Override
   protected void configure(HttpSecurity http) throws Exception {
 
@@ -351,6 +359,42 @@ public RemoteCrowdAuthenticationProvider crowdAuthenticationProvider() throws IO
     return new RemoteCrowdAuthenticationProvider(
         crowdClient(), httpAuthenticator(), crowdUserDetailsService()) {
 
+      /**
+       * Added suppport for store password to connect with Atlassian.
+       *
+       * @param username username of the remote user.
+       * @param password password of the remote user.
+       * @param validationFactors validation factors from the remote user.
+       * @return
+       * @throws InactiveAccountException
+       * @throws ExpiredCredentialException
+       * @throws ApplicationPermissionException
+       * @throws InvalidAuthenticationException
+       * @throws OperationFailedException
+       * @throws ApplicationAccessDeniedException
+       */
+      @Override
+      protected String authenticate(
+          String username, String password, List<ValidationFactor> validationFactors)
+          throws InactiveAccountException, ExpiredCredentialException,
+              ApplicationPermissionException, InvalidAuthenticationException,
+              OperationFailedException, ApplicationAccessDeniedException {
+        UserAuthenticationContext userAuthenticationContext =
+            new UserAuthenticationContext(
+                username,
+                PasswordCredential.unencrypted(password),
+                validationFactors.toArray(new ValidationFactor[validationFactors.size()]),
+                null);
+        String token = authenticationManager.authenticateSSOUser(userAuthenticationContext);
+
+        // Store credentials info in
+        userPassword.setToken(token);
+        userPassword.setUsername(userAuthenticationContext.getName());
+        userPassword.setPassword(userAuthenticationContext.getCredential().getCredential());
+
+        return token;
+      }
+
       /**
        * Added support for Basic Authentication using WebAuthenticationDetails
        *

src/main/java/org/opendevstack/provision/controller/DefaultController.java

@@ -255,10 +255,7 @@ private boolean isAuthenticated() {
         return authentication.isAuthenticated();
       }
 
-      manager.setUserName(authentication.getName());
-      manager.setUserPassword(authentication.getCredentials().toString());
-
-      return (authentication.isAuthenticated() && manager.getUserPassword() != null);
+      return (authentication.isAuthenticated() && manager.getToken() != null);
     }
 
     return false;

src/test/java/org/opendevstack/provision/controller/DefaultControllerTest.java

@@ -85,7 +85,7 @@ public void homeWithoutAuth() throws Exception {
   @Test
   @WithMockUser(username = "test")
   public void homeWithAuth() throws Exception {
-    Mockito.when(crowdAuthenticationAdapter.getUserPassword()).thenReturn("logged_in");
+    Mockito.when(crowdAuthenticationAdapter.getToken()).thenReturn("logged_in");
     defaultController.setCustomAuthenticationManager(crowdAuthenticationAdapter);
     mockMvc
         .perform(get("/home"))
@@ -96,7 +96,7 @@ public void homeWithAuth() throws Exception {
   @Test
   @WithMockUser(username = "test")
   public void provisionWithAuth() throws Exception {
-    Mockito.when(crowdAuthenticationAdapter.getUserPassword()).thenReturn("logged_in");
+    Mockito.when(crowdAuthenticationAdapter.getToken()).thenReturn("logged_in");
     Mockito.when(jobExecutionAdapter.getQuickstarterJobs()).thenReturn(new ArrayList<>());
     defaultController.setJobExecutionAdapter(jobExecutionAdapter);
     defaultController.setCustomAuthenticationManager(crowdAuthenticationAdapter);
@@ -136,7 +136,7 @@ public void history() throws Exception {
   @Test
   @WithMockUser(username = "test")
   public void historyWithAuth() throws Exception {
-    Mockito.when(crowdAuthenticationAdapter.getUserPassword()).thenReturn("logged_in");
+    Mockito.when(crowdAuthenticationAdapter.getToken()).thenReturn("logged_in");
     Mockito.when(storageAdapter.listProjectHistory()).thenReturn(new HashMap<>());
     defaultController.setStorageAdapter(storageAdapter);
     defaultController.setCustomAuthenticationManager(crowdAuthenticationAdapter);
@@ -151,7 +151,7 @@ public void logoutPage() throws Exception {
   @Test
   @WithMockUser(username = "test")
   public void aboutWithAuth() throws Exception {
-    Mockito.when(crowdAuthenticationAdapter.getUserPassword()).thenReturn("logged_in");
+    Mockito.when(crowdAuthenticationAdapter.getToken()).thenReturn("logged_in");
     Mockito.when(storageAdapter.listAboutChangesData()).thenReturn(new AboutChangesData());
     defaultController.setStorageAdapter(storageAdapter);
     defaultController.setCustomAuthenticationManager(crowdAuthenticationAdapter);