Jira implemented seraph as a filter com.atlassian.jira.security.JiraSecurityFilter. The doFilter() method call parent method.
The Seraph filter will use the security config services to get the roles required base on the request.
There are 3 services were implemented in Jira:
- JiraPathService: If the requested servlet path start with /secure/admin/, it will require the admin role.
- WebworkService: Get roles-required config of webwork in the actions.xml file
- JiraSeraphSecurityService: Get roles-required config of webwork action in all plugin’s atlassian-plugin.xml file
The JiraPathService is easy to understand, our concern now is WebworkService and JiraSeraphSecurityService.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings