Details

      Description

      As of Confluence 5.2.3, since the quicknav search is using the rest API for quicknav searches, unauthenticated users are unable to search. Quicknav search worked as expected as of 5.1.4, but in our upgrade to 5.2.3 it broke this for unauthorized users. In 5.2.3, requests to rest/quicknav/1/search?query=QUERY receive a '401 Unauthorized' response, with the body '

      {"message":"Client must be authenticated to access this resource.","status-code":401}

      '. The full search page does work for anonymous users, but not the quicknav autocomplete functionality.

      No settings or anything were changed on our end between 5.1.4 (quicknav search working) and the upgrade to 5.2.3 (quicknav serch broken).

      As a workaround, I locally patched the Confluence-Quicknav bundled plugin, using the Confluence Rest plugin as a reference. In the QuickNavResource.java file (com.atlassian.confluence.plugins.quicknav.resources package) I imported com.atlassian.plugins.rest.common.security.AnonymousAllowed and added @AnonymousAllowed. After rebuilding, anonymous users were able to search. However, I am unaware of whether there are any ramifications of this.

      EDIT:
      I'll note we're using the EAR/WAR release, and auth is done using the Confluence HTTP Authenticator (https://marketplace.atlassian.com/plugins/shibauth.confluence.authentication.shibboleth).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rmassaioli Robert Massaioli (Atlassian)
              Reporter:
              cf6a072c3d41 William Schneider
              Votes:
              7 Vote for this issue
              Watchers:
              15 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: