Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to get logged In user in a confluence custom plugin

Anil Mishra
Anil Mishra
Contributor
October 13, 2025

I am writing a custom plugin in confluence data center.

I want to read each request and capture the event , I have add a servlet filter. I wanted to add logic based- if request is been made from authenticated user or user accessed confluence without login.

I have this code to pull logged in user but it works on when servlet listener gets invoked after login, after login is done if i refresh the page, listener gets invoked but user comes as null. please advice how can i get the user from session post login.

ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
Answer
Watch
Like # people like this
80 views

1 answer

1 vote
Jayesh Raghuvanshi
Jayesh Raghuvanshi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 14, 2025

@Anil Mishra  I am confused if you are developing plugin in DC or cloud, because you mentioned Java servelet features which are available in DC not cloud

Below is my suggesstion as per the Confluence DC

Your listener sees a null user after refresh because the filter is running before Confluence/Seraph finishes authentication on that request; move your servlet filter to a post-authentication position and/or use the SAL UserManager to resolve the user from the HttpServletRequest, which safely returns null for anonymous users and a profile for authenticated ones. In Confluence 9+ (Platform 7), also add the appropriate security annotation on the filter to ensure it’s invoked for the audience you intend (licensed users by default, or anonymous if explicitly allowed)

AuthenticatedUserThreadLocal.get() returns the current ConfluenceUser only after the authentication phase for that request; on requests where your filter executes earlier in the chain, it will legitimately be null, which is what you are seeing after a refresh that doesn’t traverse the login endpoint itself. In other words, a page refresh invokes your filter on a new request before the user context has been populated if your filter is positioned before authentication filters, resulting in null.

Configure the servlet filter’s location so it runs after authentication, for example at the “before-decoration” or “before-dispatch” positions, which are downstream of login filters in Atlassian’s filter chain model.

 

Below is my suggestion for Confluence Cloud

On Confluence Cloud, Java servlet filters and server-side thread-local APIs are not available; use Forge or Connect app capabilities and Confluence Cloud APIs to determine the current user and subscribe to product events instead. 

Confluence Cloud apps use Forge or Connect rather than P2 modules, so server/DC-only modules like servlet-filter are not applicable in Cloud. Cloud apps extend the product via hosted UI modules, REST/JS APIs, and event/webhook subscriptions instead of intercepting every HTTP request

Use the Confluence Cloud REST API “Get current user” endpoint to retrieve the authenticated user associated with the request, typically via GET /wiki/rest/api/user/current with appropriate scopes.

Reference articles for your help
https://developer.atlassian.com/server/confluence/servlet-filter-module/
https://developer.atlassian.com/developer-guide/cloud-development-options/
https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-users/

 


Thanks
Jayesh R

View More Comments
Anil Mishra
Anil Mishra
Contributor
October 14, 2025

Hi @Jayesh Raghuvanshi , thanks for the detailed explanation both both DC and cloud version.

I'm creating this plugin for Confluence  Data Center.

My use case is 

  • If user access base url , he will be redirected to other web link without being asked to log in.
  • We have a bypass query param if that is been passed with base url then my plugin's filter follows the filter chain, it will let user do login.
  • If user is in session don't redirect him

 

I had my servlet filter location as before-dispatch but its not able to listen login evetnt.

When I access Confluence's base url with before-dispatch, my filter gets executed after login only.

Could you please advice how can I execute my filter before login(servlet filter location before-login does that but's doesn't store the user details  )

 

Regards,

Anil

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
ENTERPRISE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security