51
Customers have installed this add-on in at least 51 active instances.
    by codecentric AGfor JIRA Server 6.4 - 7.2.5 and more versions
    Versions available for JIRA Server 6.3 - 6.3.15
    Unsupported
    This add-on isn't formally supported, but you can ask a question via Atlassian Answers.

    Ask a question

    Unsupported
    This add-on isn't formally supported, but you can ask a question via Atlassian Answers.

    Ask a question

    Get it nowFree add-on

    Secure your JIRA server by only serving logged in users

    Secure your JIRA server by only serving logged in users

    Protect filters which are shared with all users

    Protect dashboards which are shared with all users

    Redirecting all requests to the login form

    Accessing such filters (Example: https://your-jira-domain.com/secure/ManageFilters.jspa) redirects to the login form. Saved filters, filter owner incl. mail adress will be protected.

    Accessing your JIRA dashboards (Example: https://your-jira-domain.com

    /secure/ConfigurePortalPages!default.jspa) redirects to the login form. Popular dashboard won't be shown to any anonymous user anymore.

    Next to popular filters and dashboards also the quicksearch and other content requests from your JIRA instance will be redirected to the login form.

    More details

    Dashboards and filters can be shared with anyone. This also includes users which are not logged in (the "famous" anonymous users). This issue is opend and discussed here: https://jira.atlassian.com/browse/JRA-23255

    While JIRA displays a warning message that such sharing may not have the intended consequences it is so far impossible for an admin to prevent the sharing or access without patching the JIRA source code.

    A second problem is the quick search which can also be executed by an anonymous user and depending on the settings in the projects may or may not show some issues.

    The "Prevent Anonymous Access" add-on prevent these redirecting any requests not contained in a white list to the login form.

    User reviews

    (10)
    Sign in to write a review »
    by Brian Harvell on 2016-03-18
    Was really hoping this would work as the sharing model within Jira is really broken. If users share their filters with anyone it makes it so any anonymous user can gleam data from your system. Unfortunately this plugin breaks the integration with confluence (specifically if you are using Jira as the user directory you can't login after) but I'm sure there are other things that will break. The whitelist capability should be made configurable and also add the ability to whitelist IP addresses. This would make is much more functional and not break integrations.
    Was this review helpful?YesNo

    codecentric AG

    The whitelist has been made configurable with version 2.0. This should increase the chances that the add-on is useful in your case.

    About filtering based on the IP address: a nice idea which hasn't come to my mind.

    by Hernan Montes on 2016-02-04
    Version 1.3 totally destroys Jira, I was unable to login after plugin installation, this was done in a test server, when trying to login it would make all the background red and disables the login form, seems like a good idea but needs more work.
    Was this review helpful?YesNo

    codecentric AG

    You may want to try out a new version since 1.3 is quite old.

    by Graham Horsman on 2016-01-15
    1.7 causes problem with application linking between Confluence and JIRA (and presumably other apps). Following errors in confluence logs: ==== 016-01-14 16:42:21,039 ERROR [JIRAMetadataPlugin_aggregate:thread-3] [metadata.jira.helper.JiraMetadataErrorHelper] printError The response from one or more JIRA instances cannot be parsed. -- referer: https://confluence.ipttools.info/login.action?os_destination=%2Fpages%2Fviewpage.action%3FspaceKey%3DIPT%26title%3DIPT%2BHome&permissionViolation=true | url: /pages/viewpage.action | userName: jackie.keane | action: viewpage | page: 3801123 com.atlassian.confluence.plugins.metadata.jira.exception.JiraMetadataException: com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: invalid number or unquoted string near <!DOCTYPE html> <html lang="e at com.atlassian.confluence.plugins.metadata.jira.aggregate.JiraAggregateProvider.parse(JiraAggregateProvider.java:248) at com.atlassian.confluence.plugins.metadata.jira.aggregate.JiraAggregateProvider.getDataForSingleApplink(JiraAggregateProvider.java:108) at com.atlassian.confluence.plugins.metadata.jira.aggregate.JiraAggregateProvider.access$100(JiraAggregateProvider.java:41) at com.atlassian.confluence.plugins.metadata.jira.aggregate.JiraAggregateProvider$1.call(JiraAggregateProvider.java:92) at com.atlassian.confluence.plugins.metadata.jira.aggregate.JiraAggregateProvider$1.call(JiraAggregateProvider.java:77) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: invalid number or unquoted string near <!DOCTYPE html> <html lang="e at com.google.gson.Streams.parse(Streams.java:51) at com.google.gson.JsonParser.parse(JsonParser.java:83) at com.google.gson.JsonParser.parse(JsonParser.java:58) at com.google.gson.JsonParser.parse(JsonParser.java:44) at com.atlassian.confluence.plugins.metadata.jira.aggregate.JiraAggregateProvider.parse(JiraAggregateProvider.java:208) ... 8 more Caused by: com.google.gson.stream.MalformedJsonException: invalid number or unquoted string near <!DOCTYPE html> <html lang="e at com.google.gson.stream.JsonReader.syntaxError(JsonReader.java:1110) at com.google.gson.stream.JsonReader.decodeLiteral(JsonReader.java:1100) at com.google.gson.stream.JsonReader.peek(JsonReader.java:343) at com.google.gson.Streams.parse(Streams.java:38) ... 12 more ==== Great concept but we can't yet use this plugin
    Was this review helpful?YesNo

    codecentric AG

    You may want to give the new version 2.0 a try since it allows you to control the whitelist and therefore should be able tp support your use case.

    by Darren Campbell on 2015-12-04
    Installed this plugin 1.2 thinking it would do as it says "on the tin" as it was suggested as a workaround for the known issue with filters / dashboards being accessible to anonymous users. However the reality was that the plug-in blocks a lot more than that. It blocked the reset password screen but after I reported it, the vendor updated the plugin to 1.3 (very quickly I might add!) Problem solved?.... unfortunately not. The password reset screen is shown but the urls contained in the reset email aren't meaning you still can’t reset your password. I reported this back in July, however haven't had any further acknowledgement so have had to disable the plugin (quietly hoping for an update) but it has subsequently broken the Application Links between our other Jira instance!
    1 out of 1 found this review helpful
    Was this review helpful?YesNo

    codecentric AG

    Sorry that you had to wait longer. The new version (1.6) white lists also the application link requests

    and the password reset urls. Please try.

    by Ivan Belov on 2015-11-13
    nice!
    Was this review helpful?YesNo

    Pricing

    Support

    Prevent Anonymous Access isn't formally supported.

    Versions

    Version 2.1 JIRA Server 6.4 - 7.2.5 Released 2016-07-04

    Summary

    Require system administrator permissions for the UI

    Installation

    1. Log into your JIRA instance as an admin.
    2. Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
    3. Click Find new add-ons from the left-hand side of the page.
    4. Locate Prevent Anonymous Access via search. Results include add-on versions compatible with your JIRA instance.
    5. Click Install to download and install your add-on.
    6. You're all set! Click Close in the Installed and ready to go dialog.

    To find older Prevent Anonymous Access versions compatible with your instance, you can look through our version history page.

    Similar add-ons