Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.2.3, 5.3.4
Description
As of Confluence 5.2.3, since the quicknav search is using the rest API for quicknav searches, unauthenticated users are unable to search. Quicknav search worked as expected as of 5.1.4, but in our upgrade to 5.2.3 it broke this for unauthorized users. In 5.2.3, requests to rest/quicknav/1/search?query=QUERY receive a '401 Unauthorized' response, with the body '
{"message":"Client must be authenticated to access this resource.","status-code":401}'. The full search page does work for anonymous users, but not the quicknav autocomplete functionality.
No settings or anything were changed on our end between 5.1.4 (quicknav search working) and the upgrade to 5.2.3 (quicknav serch broken).
As a workaround, I locally patched the Confluence-Quicknav bundled plugin, using the Confluence Rest plugin as a reference. In the QuickNavResource.java file (com.atlassian.confluence.plugins.quicknav.resources package) I imported com.atlassian.plugins.rest.common.security.AnonymousAllowed and added @AnonymousAllowed. After rebuilding, anonymous users were able to search. However, I am unaware of whether there are any ramifications of this.
EDIT:
I'll note we're using the EAR/WAR release, and auth is done using the Confluence HTTP Authenticator (https://marketplace.atlassian.com/plugins/shibauth.confluence.authentication.shibboleth).
Attachments
Issue Links
- is duplicated by
-
CONFSERVER-30837 Quick navigation does not drop down from quick search for anonymous users
- Closed
- relates to
-
CONFSERVER-34856 If documentation Theme is not installed / disabled, some features are lost
- Closed