I’m trying to implement a REST service for my Confluence app that should be accessible to anonymous users. I proceeded as described in the Atlassian tutorial.
I wrote a single REST GET endpoint and annotated it with
@AnonymousAllowed. As far as I understand the tutorial and any example code I’ve seen so far, this should do. When I run the refapp example from this tutorial, everything works as expected. When I try to access my own
@AnonymousAllowed endpoint anonymously, however, I get a 401 status code with the error message “Client must be authenticated to access this resource”. Anonymous access to the Confluence instance is enabled. I just can’t spot the difference between the refapp and my own implementation.
I created a small demo app which shows this exact behaviour. It can be found here. When you run this demo with atlas-package && atlas-run, you can try to access
http://localhost:1990/confluence/rest/oio-demo/1.0/configuration anonymously. You will get an Access Denied even though the corresponding REST method is annotated with
@AnonymousAllowed (see class
What am I doing wrong?