Issue Summary

When Stylesheet is setup in Global or Space, the Anonymous user don't get the CSS modifications to render. There is an error in atlassian-confluence.log.

This is reproducible on Data Center: yes

Steps to Reproduce

1. Enable Anonymous access in both Global Permissions and the Space Permissions
2. Add a CSS code to either Stylesheet from a Space or in Global. I used a specific customer code, but also the example in Confluence CSS site-wide style sheet
3. Open a Private/Incognito session and go to a page with the proper Anonymous access and the Stylesheet in place.

Expected Results

The page should render with the settings in the Stylesheet feature.

Actual Results

The Stylesheet does not render. I tried multiple CSS codes and doing it in Global and in the space.

The below exception is thrown in the atlassian-confluence.log file:

2024-09-26 13:44:39,846 WARN [http-nio-8090-exec-4] [webapp.security.enforcer.AnnotatedAccessEnforcer] shouldEnforce Access check is failed. Skipping Struts action com.atlassian.confluence.core.actions.CustomStylesheetAction on method execute
 -- url: /confluence/s/-asvg3g/9104/fpsc10/9/_/styles/custom.css | userName: anonymous | referer: https://linux-81867.prod.atl-cd.net/confluence/display/TEST | traceId: 12d676df76a995bc

I researched in our internal records, but I could not find much information about the com.atlassian.confluence.impl.webapp.security.enforcer.AnnotatedAccessEnforcer class. ** 

Workaround

Currently there is no known workaround for this behaviour. A workaround will be added here when available

Note: It does not happen in 8.5.x