Uploaded image for project: 'Jira Software Server and Data Center'
  1. Jira Software Server and Data Center
  2. JSWSERVER-20459

Pre-configured anonymous access to user picker breaks upon upgrading to Jira 8.4+

    XMLWordPrintable

Details

    Description

      Issue Summary

      According to Atlassian documentation (How to control anonymous user access in a public Jira instance), customers can intentionally configure global permissions and project projects to explicitly allow anonymous access to the user picker (via Browse Users/Browse Projects permissions).

      As of upgrade to Jira 8.4+ this anonymous access functionality breaks.

      Steps to Reproduce

      1. Start with Jira Server 7.13.0
      2. Assign the following permissions
        • Browse Users Global Permission: Group: "Anyone on the web"
        • Browse Projects Project Permission: Group: "Anyone on the web"
      3. Confirm an anonymous user can access user picker (e.g. using REST API)
      4. Upgrade Jira Server to 8.4+

      Expected Results

      Anonymous access to user picker (either via API or create issue screen) functions as before, with Jira 7.13 (and earlier)

      Actual Results

      Anonymous access to user picker is blocked, and the error below appears (within HAR file):

      "message":"Client must be authenticated to access this resource.","status-code":401

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              abeltz Alexander (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: