Hi,
We have developed a custom Confluence plugin that includes a servlet with a specific URL. However, we have noticed that users, even those without authentication, can directly access this page via a Direct link. As this pages are in administrative sections, I want to secure it so that only authenticated users (preferably Confluence admins or registered users) can access it. The ideal behavior would be to redirect users to the login page if they attempt to access the URL without authentication. So, Why has the behavior changed for these developed plugins, allowing any user to access the pages without logging in or authenticating? Is there any way we can enhance security for these pages similar to others? Please guide me on this matter as it's an urgent and critical issue. Additionally, let me know if any further information is required for this issue.
Regards,
Ajit kumar
