JIRA Filters Returning Empty Set for Anonymous Users
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
The information in this page relates to customizations in Jira. Consequently, Atlassian Support cannot guarantee to provide any support for the steps described on this page as customizations are not covered under Atlassian Support Offerings. Please be aware that this material is provided for your information only and that you use it at your own risk.
また、ファイルの直接変更によって行われるカスタマイズは、アップグレード プロセスには含まれない点にご注意ください。このような変更は、アップグレード後のインスタンスで手動で再適用する必要があります。
This KB was written for older versions of JIRA hence the resolution may not work for newer versions.
Although this KB does not appear to be functional in current JIRA versions, there is an existing feature request to disable public access to the JIRA site in JRASERVER-65521 - Getting issue details... STATUS
From that page:
Workaround:
In JIRA 7.2.10 the possibility to disable public access for anonymous users was added, however it is still in labs state.In order to disable public access for anonymous users, administrator needs to add a darkfeature public.access.disabled.
Here are the steps required for adding a dark feature in Jira:
- Login as an administrator and go to [BASE-URL]/secure/SiteDarkFeatures!default.jspa
- In the Enable Dark Feature text field add public.access.disabled
症状
When a user who is not currently logged in into JIRA opens a link of a saved JIRA Filter (which they have received by email for example), the resulting page will simply state "No matching issues found". Instead of displaying this page, some users might expect the result would be for JIRA to automatically redirect anonymous users to a Login page. However this does not happen.
原因
The IssueNavigator URL is not protected by the seraph library login redirect facility, so the query will run with anonymous privileges.
ソリューション
Tune JIRA to force user login if requesting a filter URL while unauthenticated.
- Make a backup of your JIRA Application files or use a separate test instance.
- Edit <JIRA-INSTALL>/atlassian-jira/WEB-INF/classes/actions.xml, locate the action named issue.IssueNavigator and add the property
roles-required="user". The element should be like so:<action name="issue.IssueNavigator" alias="IssueNavigator" roles-required="user"> <view name="success">/secure/views/navigator/navigator.jsp</view> <view name="error">/secure/views/navigator/navigator.jsp</view> </action> - Test your instance for unwanted impact or side effects