Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Low
Fix Version/s: None
Affects Version/s: 7.13.3, 8.2.4
Component/s: REST API
Labels:
- anonymous-user
- upgrade

Introduced in Version:
7.13
Support reference count:
1
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

According to Atlassian documentation (How to control anonymous user access in a public Jira instance), customers can intentionally configure global permissions and project projects to explicitly allow anonymous access to the user picker (via Browse Users/Browse Projects permissions).

As of upgrade to Jira 8.4+ this anonymous access functionality breaks.

Steps to Reproduce

Start with Jira Server 7.13.0
Assign the following permissions
- Browse Users Global Permission: Group: "Anyone on the web"
- Browse Projects Project Permission: Group: "Anyone on the web"
Confirm an anonymous user can access user picker (e.g. using REST API)
Upgrade Jira Server to 8.4+

Expected Results

Anonymous access to user picker (either via API or create issue screen) functions as before, with Jira 7.13 (and earlier)

Actual Results

Anonymous access to user picker is blocked, and the error below appears (within HAR file):

"message":"Client must be authenticated to access this resource.","status-code":401

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

Attachments

Issue Links

duplicates

JRASERVER-69787 Cannot select reporter when creating an issue while not signed in.

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Alexander (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 26/Feb/2020 5:33 PM

Updated:: 27/Feb/2020 9:30 AM

Resolved:: 27/Feb/2020 8:56 AM