Issue Summary

This is reproducible on Data Center: yes

Steps to Reproduce

1. Create a fresh Confluence instance
2. Create a page, and obtain the Tiny Link for it
3. Set Up Public Access
   1. Go to Administration > General Configuration > Global permissions.
   2. Choose Edit Permissions.
   3. In the Anonymous Access section, select the Can use checkbox. You can also choose whether to allow anonymous users to see user profiles.
   4. Choose Save All.
4. Logout of Confluence and test the Tiny Link to see if it can be accessed anonymously.

Expected Results

Accessing the Tiny Link will open the anonymously accessible page without requiring a login.

Actual Results

A login page is displayed and the following, potentially related WARN, is logged in the atlassian-confluence.log file:

2024-09-10 15:58:10,694 WARN [http-nio-8090-exec-14 url: /pages/tinyurl.action] [webapp.security.enforcer.AnnotatedAccessEnforcer] shouldEnforce Access check is failed. Skipping Struts action com.atlassian.confluence.pages.actions.TinyUrlAction on method execute -- url: /pages/tinyurl.action | userName: anonymous | traceId: da26317c97f2c878 

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available