Dark feature works,
but it secure

• [BASE-URL]/secure/Dashboard.jspa
• [BASE-URL]/browse/ {issue-key}
• [BASE-URL]/browse/?jql=
• [BASE-URL]/projects/ {project-key}
• [BASE-URL]/issues/

We need to have unsecured /secure/Dashboard.jspa since we have help information for the users on this page
Can we leave it as unsecured by some way ?

Per my understanding another way is
switch out com.atlassian.seraph.service.PathService to com.atlassian.jira.security.JiraPathService
in seraph-config.xml
add additional seraph-paths.xml
and play with it

Hi Andrey,

I found an old KB that I thought might help here in https://confluence.atlassian.com/jirakb/jira-filters-returning-empty-set-for-anonymous-users-182157860.html.  However trying to implement this in any recent Jira versions does not work.  I can't seem to find a clear way to restrict this specific page.   The search in Jira is designed to be more open, even for unauthenticated users to at least provide some access to specific issues/projects where they have set permissions to view.

That said I did come across a feature request asking to disable all public access to Jira server in https://jira.atlassian.com/browse/JRASERVER-65521

Although this is not yet a feature in Jira today, there is a work-around listed there to use a dark feature that could help here.  Note this affects more than just the issue search page.

Workaround:
In JIRA 7.2.10 the possibility to disable public access for anonymous users was added, however it is still in labs state.

In order to disable public access for anonymous users, administrator needs to add a darkfeature public.access.disabled.
Here are the steps required for adding a dark feature in Jira:

• Login as an administrator and go to [BASE-URL]/secure/SiteDarkFeatures!default.jspa
• In the Enable Dark Feature text field add public.access.disabled

I tested and confirms this still works in Jira 8.0.2.

I hope this helps.

Andy