I'm interested in securing paths in our Jira & Confluence installations so that there are no anonymously available URLs that will load.
This means all unauthenticated requests will redirect to the login page.
I don't know if any special considerations will need to be given for TrustedApps.
I poked around Jira and seems there's an actions.xml file where I can specify role-required in several areas. There also seems to be a way to do it via Seraph, and use seraph-paths.xml to define it.
Hey there, I found your question while looking for similar myself.
I believe this may be what we are looking for.
https://jira.atlassian.com/browse/JRASERVER-65521
Good find! I'll have to give it a try. I'll need to double-check all the path patterns it protects.
Still looking for similar option with Confluence.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Do you mean if someone just types a url to an issue or report it will open without being logged on? Unless you've set permissions to 'anyone' that won't happen.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I mean I wish to guard pages which are open to anonymous users. For example, look at all the Jiras in the wild. I know it's not exposing internal information, but it's still data I don't want exposed to anonymous users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.