Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-14257

Artifactory should invalidate existing HTTP sessions when a realm plugin returns false

          Details

          • Type: Bug
          • Status: Open
          • Priority: High
          • Resolution: Unresolved
          • Affects Version/s: None
          • Fix Version/s: None
          • Component/s: Plugins
          • Labels:
            None

            Description

            Realm plugins have the ability to deny a login attempt. This works perfectly with the REST API, but doesn't work with UI logins. The reason is that a failed authentication in the realm plugin does not clear any HTTP session that may have been created prior to the execution of the plugin. This leaves a valid session, so the login does actually work even though the plugin rejected it.

              Attachments

                Activity

                  People

                  • Assignee:
                    uriahl Uriah Levy
                    Reporter:
                    uriahl Uriah Levy
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated: