Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

jira server api anonymous access

Hello 

in Our jira server, some rest api ( add below ) can be reached anonymous. we want to reach with only authentication. how can we solve the issue ?

 

the anonymous reaching api;

https://itsupport.vodafone.com.tr/rest/menu/latest/admin

https://itsupport.vodafone.com.tr/rest/api/2/projectCategory?maxResults=1000

https://itsupport.vodafone.com.tr/rest/api/2/resolution

 

1 answer

1 accepted

4 votes
Answer accepted

Hi Hüseyin

i do not think that there is a out of the box solution to enforce authentication for the mentioned endpoints

The only REST resources that allow such kind of access are those that are meant for anonymous access.  These have to be explicitly marked with @AnonymousAllowed or they will automatically reject any anonymous request. In addition i think that some endpoints need to be accessible before any authentication might take place (not sure if that is the case for the ones you listed, but i could think of some scenarios= 

 

One option you could think of would be to block them explicitly on the load balancer (if in use) at least for access from the internet.

 

Looking at the first rest call, the information returned is related to the configured app links, which could also be extracted from the WebUI

Screenshot 2021-04-02 at 07.50.43.png

Cheers

Kurt

Hi Kurt 

For first api call is as you said. But other api calls can be reached with authentication at WebGUI. so we need to reach with authentication.

thanks   

Hi @Hüseyin Çam , sorry. How you resolved please ? Thanks a loto for the info. We have the same problem. Have you blocked directly on the load balancer ?

Like Hüseyin Çam likes this

Hi @Hüseyin Çam please consider that also /rest/api/2/dashboard?maxResults=100 is open

Like Hüseyin Çam likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.11.1
TAGS
Community showcase
Published in Jira Service Management

Security Advisory for Jira Service Management

On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link.  We've seen a number of questions already asking for...

75 views 0 1
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you