79
Customers have installed this app in at least 79 active instances.
    by codecentric AGfor JIRA Server 6.4 - 7.4.2 and more versions
    Versions available for JIRA Server 6.3 - 6.3.15
    Get it nowFree app

    Secure your JIRA server by only serving logged in users

    Secure your JIRA server by only serving logged in users

    Protect filters which are shared with all users

    Protect dashboards which are shared with all users

    Redirecting all requests to the login form

    Accessing such filters (Example: https://your-jira-domain.com/secure/ManageFilters.jspa) redirects to the login form. Saved filters, filter owner incl. mail adress will be protected.

    Accessing your JIRA dashboards (Example: https://your-jira-domain.com

    /secure/ConfigurePortalPages!default.jspa) redirects to the login form. Popular dashboard won't be shown to any anonymous user anymore.

    Next to popular filters and dashboards also the quicksearch and other content requests from your JIRA instance will be redirected to the login form.

    More details

    Dashboards and filters can be shared with anyone. This also includes users which are not logged in (the "famous" anonymous users). This issue is opend and discussed here: https://jira.atlassian.com/browse/JRA-23255

    While JIRA displays a warning message that such sharing may not have the intended consequences it is so far impossible for an admin to prevent the sharing or access without patching the JIRA source code.

    A second problem is the quick search which can also be executed by an anonymous user and depending on the settings in the projects may or may not show some issues.

    The "Prevent Anonymous Access" add-on prevent these redirecting any requests to the login form.

    There is also a configurable whitelist to allow specific requests without login, for example to integrate with other tools.

    User reviews

    (14)
    Sign in to write a review
    by Cameron Birdwell on 2017-07-07
    This plugin complete screwed us up (7.3.1). - Crashed our gadgets - Forced integration with HipChat to be limited - Blocked JIRA from being a gadget feed for Confluence Hard to diagnose due to limited information in the logs and the fact that just disabling didn't fix anything. We had to completely uninstall and bounce the application to see everything get fixed Nice for what it did as JIRA should by default always redirect to the login page if a user is not logged in.
    Was this review helpful?YesNo
    by Miguel Angel Hernandez on 2017-02-14
    Great addon! It covers our security applications access policy.
    Was this review helpful?YesNo
    by Matt Doar [ServiceRocket] on 2017-02-08
    This worked nicely for me with JIRA 7.1.4, thank you. I like the ability to whitelist parts of JIRA, but it's also a good way to find any integrations that expect anonymous access to JIRA.
    Was this review helpful?YesNo
    by Alex Forster on 2017-01-25
    Works great after checking the "Rejected requests" page and adding appropriate whitelists. I was scared off by the low ratings, but the older reviews are out of date with the newest versions.
    Was this review helpful?YesNo
    by Brian Harvell on 2016-03-18
    Was really hoping this would work as the sharing model within Jira is really broken. If users share their filters with anyone it makes it so any anonymous user can gleam data from your system. Unfortunately this plugin breaks the integration with confluence (specifically if you are using Jira as the user directory you can't login after) but I'm sure there are other things that will break. The whitelist capability should be made configurable and also add the ability to whitelist IP addresses. This would make is much more functional and not break integrations.
    Was this review helpful?YesNo
    codecentric AG

    The whitelist has been made configurable with version 2.0. This should increase the chances that the add-on is useful in your case.

    About filtering based on the IP address: a nice idea which hasn't come to my mind.

    Pricing

    Basic support resources are available for this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Versions

    Version 2.1 JIRA Server 6.4 - 7.4.2 Released 2016-07-04

    Summary

    Require system administrator permissions for the UI

    Installation

    1. Log into your JIRA instance as an admin.
    2. Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
    3. Click Find new add-ons from the left-hand side of the page.
    4. Locate Prevent Anonymous Access via search. Results include app versions compatible with your JIRA instance.
    5. Click Install to download and install your app.
    6. You're all set! Click Close in the Installed and ready to go dialog.

    To find older Prevent Anonymous Access versions compatible with your instance, you can look through our version history page.

    Similar apps