We added the compatibility to the newest Jira version. Please be aware that this free app will be retired on 15th November 2022. Existing customers can continue using the latest installed version of the app after this date but there will ne no future releases.As this app was unsupported for a long time the effort for keeping it running was voluntary and no revenues were generated.
This app has been archived
You may still get support information and download previous versions of this app. Learn more.
Last modified 2022-08-02 • 2158 downloads • By codecentric AG
Support
To check known issues (or if you want to file one), view this app's issue tracker.
To learn more about the app, you should:
- Read the documentation.
Description
Protect filters which are shared with all users
Accessing such filters (Example: https://your-jira-domain.com/secure/ManageFilters.jspa) redirects to the login form. Saved filters, filter owner incl. mail adress will be protected.
Protect dashboards which are shared with all users
Accessing your Jira dashboards (Example: https://your-jira-domain.com
/secure/ConfigurePortalPages!default.jspa) redirects to the login form. Popular dashboard won't be shown to any anonymous user anymore.
Redirecting all requests to the login form
Next to popular filters and dashboards also the quicksearch and other content requests from your Jira instance will be redirected to the login form.
More details
Dashboards and filters can be shared with anyone. This also includes users which are not logged in (the "famous" anonymous users). This issue is opend and discussed here: https://jira.atlassian.com/browse/JRA-23255
While Jira displays a warning message that such sharing may not have the intended consequences it is so far impossible for an admin to prevent the sharing or access without patching the Jira source code.
A second problem is the quick search which can also be executed by an anonymous user and depending on the settings in the projects may or may not show some issues.
The "Prevent Anonymous Access" add-on prevent these redirecting any requests to the login form.
There is also a configurable whitelist to allow specific requests without login, for example to integrate with other tools.
Version history
3.1.0Jira Server 8.0.0 - 9.1.02022-04-08Compatibility Upgrade to newest Jira Version Version 3.1.0 • Released 2022-04-08 • No Vendor Support • Free • Commercial - no charge3.0.0Jira Server 6.4 - 8.20.112019-03-11Compatibility with Jira 8.0.0 Version 3.0.0 • Released 2019-03-11 • No Vendor Support • Free • Commercial - no chargeNo release notes.2.4Jira Server 6.4 - 7.13.182018-03-15Compatibility with Jira 7.8.0 Version 2.4 • Released 2018-03-15 • No Vendor Support • Free • Commercial - no chargeNo release notes.2.3Jira Server 6.4 - 7.7.42018-01-18Compatibility with Jira 7.7.0 Version 2.3 • Released 2018-01-18 • No Vendor Support • Free • Commercial - no chargeNo release notes.2.2Jira Server 6.4 - 7.6.72017-12-22Compatibility with Jira 7.6.2 Version 2.2 • Released 2017-12-22 • No Vendor Support • Free • Commercial - no chargeNo release notes.2.1Jira Server 6.4 - 7.5.42016-07-04Require system administrator permissions for the UI Version 2.1 • Released 2016-07-04 • No Vendor Support • Free • Commercial - no chargeNo release notes.2.0Jira Server 6.4 - 7.1.102016-06-06Add whitelist maintained by admin to allow greater flexibility and SSO support Version 2.0 • Released 2016-06-06 • No Vendor Support • Free • Commercial - no chargeSo far the add-on contained a fixed set of whitelist entries. There are cases related to login (Single-Sign-On aka SSO) where this behavior prevented the use of this add-on.
With this 2.0 release two menu entries were added to the add-on section of the admin menu to:
- Add, view and remove whitelist entries (a regexp for an URL)
- View rejected requests. It is also possible to add the URL verbatim as a whitelist entry with a click
A word of caution is in order here: While it may be convenient to whitelist all rejected URLs you should only allow the URLs which are required for login, captcha and password reset. The attack surface should be as minimal as possible.
1.7Jira Server 6.4 - 7.0.112016-01-05Fix problem when ScriptRunner for Jira is installed ScriptRunner for Jira tries to access some REST resource at the login screen and does not fail gracefully when the request is declined. Result is a complete hang of the login form. This is fixed with a white list of the rest resource.
1.6Jira Server 6.4 - 7.0.112016-01-04Re-add support for Jira 6.4 Version 1.6 • Released 2016-01-04 • No Vendor Support • Free • Commercial - no chargeNo release notes.1.5Jira Server 7.0.0 - 7.0.112015-12-30Support password reset and application links Version 1.5 • Released 2015-12-30 • No Vendor Support • Free • Commercial - no chargeVersion 1.5 supports password reset links sent via email and allows to create application links between different atlassian applications.
1.4Jira Server 7.0.0 - 7.0.112015-12-02Support for Jira 7 Version 1.4 • Released 2015-12-02 • No Vendor Support • Free • Commercial - no chargeSupport for Jira 7. This also includes removal of the whitelisting of SOAP (aka RPC) URLs since SOAP-API has been discontinued.
1.3Jira Server 6.3 - 6.4.142015-07-27Allow to access the forgotten password screen Version 1.3 • Released 2015-07-27 • No Vendor Support • Free • Commercial - no chargeThe URL "/secure/ForgotLoginDetails.jspa" can now also be accessed without being logged in.
1.2Jira Server 6.3 - 6.4.142015-05-20Fix behavior when an issue URL is used Version 1.2 • Released 2015-05-20 • No Vendor Support • Free • Commercial - no chargeVersion 1.1 had a bug which caused a 500 when an anonymous user visited an issue URL and provides the correct password. This is now fixed.
1.1Jira Server 6.3 - 6.4.142015-04-21Allows XML-RPC/SOAP URLs Version 1.1 • Released 2015-04-21 • No Vendor Support • Free • Commercial - no charge- Accessing XML-RPC/SOAP URL is now ok if "Accept remote API calls" is enable in Jira.
- Fixed an exception when no URL could be extracted.
- Add a log message on trace level for all requests.
1.0Jira Server 6.3 - 6.4.142015-03-16First public version Version 1.0 • Released 2015-03-16 • No Vendor Support • Free • Commercial - no chargeNo release notes.